lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7CE01249A8A819D3B136FE04@Macintosh-2.local>
Date: Sat, 07 Nov 2009 19:52:36 -0600
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: How Prosecutors Wiretap Wall Street

--On November 7, 2009 4:06:42 PM -0600 mikelitoris@...hmail.com wrote:

>
>> But to gather intelligence about what terrorists are up to, even
> if a US citizen is involved, should not require a warrant.
>
> This is all well and good, until the definition of terrorist is
> changed and you become labeled a "terrorist" because your "reason"
> is suddenly counterproductive to someone else's "opinion".  You
> must apply the warrant requirement consistently.  Otherwise, when
> interpretation of the word "terrorist" changes, it affects the
> meaning of the law.

Sure.  I agree with that.  I think it's also important that law 
enforcement activities have much more stringent requirements than military 
intelligence has.  The former is directed toward citizens, the latter 
toward enemies the military has to deal with.

> And call me crazy, but I'm just not willing to
> assume that someone won't abuse the power of being able to surveil
> US citizens and do exactly what Nixon did, spy on their
> competition/detractors.  Surely you can admit that some people do
> things that they wouldn't normally do when big money and big power
> are involved.  After all, "Those who cannot learn from history are
> doomed to repeat it."  Don't be so naive to think it can't happen
> again.
>

Of course.  I've never said they didn't.  In fact I've stated that people 
in government have the same range of motives that people not in government 
have, including the seven deadly sins, if you will.  But I've also pointed 
out that they are not totally evil either, as some seem to think.  There 
are also good people in government just as there are in every other walk 
of life.

>> Intelligence works best in a world of secrecy.
>
> So does deception.  Significantly more so, in fact.
>
>> As I've pointed out now several times, it's analogous to people
> that get all hot and bothered by the fact that admins have access
> to the data on their computers.
>
> Yes, but that computer probably doesn't belong to me but instead to
> my employer.  If it belongs to me, you better have a policy that
> prevents me from using it at work, and/or a login disclaimer
> informing me of your right to monitor what I do if I connect to
> your network.  If not, you better damn well have a warrant if you
> want to take a look at my property.

Therein lies the rub.  Whose property are the bits on the wire?  Once 
you've clicked on send, be it email or im or twitter or whatever, does 
that transmission still belong to you?  I would submit that it does not, 
and that the privacy laws that protect you and your house and belongings 
can no longer be sensibly applied.

Even you send a "private" email, to whom does it belong while it's in the 
process of transmission?

> And as far as I know, there's
> no login disclaimer on the interwebs that allows the government to
> monitor what I do on that network, nor on the telephone, or my
> mobile phone contract.
>

Really?  To whom does your response to me belong?  What about the email 
you send to a friend?  A stranger?  And twitter posts?  Blog comments? 
Etc., etc.  Does it really make sense to extend your privacy rights to 
those things that you have sent into the public domain?  And how do you 
draw the line legally at what the government can look at without a warrant 
and what they must get a warrant for when they can't even know what's on 
the network without first connecting to it to look?  Should we forbid them 
to ever connect simply because something they could potentially see is 
"private"?  And is it really private?

And if they already have a warrant to monitor all communications of a 
known terrorist, what happens when those communications include a US 
person?  All they allowed to monitor since they already have a warrant, 
even though they don't have one for the US person?

>> From what I've read getting a warrant in 72 hours is almost
> impossible.
>
> Ahah!  Now we're on to something.  Here's an idea.  Make it easier
> to get that warrant when you need it.  Improve the process, so that
> when requested, a warrant can be turned around in hours, not days.
> Don't remove the requirement altogether.  That's simply inviting
> trouble.
>

I completely agree.  I also think the definitions need to be much clearer, 
so that intelligence people understand exactly where the fences are.  And 
I don't think a warrant should be required unless a US person is the 
*target* of the monitoring.

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
******************************************
WARNING: Check the headers before replying

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ