Re: NSA knows who you've called.
alan writes: -+-- | | Probably because most Americans believe they are being spied on | anyways. (And have for a very long time.) | Au contraire', it is precisely what, for example, my spouse would say: I live a decent life and have nothing to hide. As this and all security-related lists are composed of people who are off-center when it comes to risk, it is us what be the outliers in the distribution and in no way are our various paranoias widely shared. Not trying to debate the hive mind, etc., --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
Perry E. Metzger wrote: [EMAIL PROTECTED] writes: While I agree with you, the public does not, so far as I can tell, find itself willing to risk insecurity for the benefit of preserving privacy, as this article in today's Boston Globe would tend to confirm. I'm sure. On the other hand, I think it is our place, as security professionals, to explain why the tradeoff is a false one. Respect for individual rights is not something we do in good times because it is a luxury we can afford when there is stability. It is something we need most in bad times, because it is what keeps us safe and maintains stability itself. Or to teach pollsters to ask the correct questions. Take this survey: http://www.washingtonpost.com/wp-srv/politics/polls/postpoll_nsa_051206.htm What it this question from the poll: It's been reported that the National Security Agency has been collecting the phone call records of tens of millions of Americans. It then analyzes calling patterns in an effort to identify possible terrorism suspects, without listening to or recording the conversations. Would you consider this an acceptable or unacceptable way for the federal government to investigate terrorism? Do you feel that way strongly or somewhat? Was instead: The NSA has been collecting the phone call records of tens of millions of Americans possibly in violation of the law. Would you consider it acceptable for the government to break the law to investigate terrorism? Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication https://www.linkedin.com/in/nickowen - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
Nick Owen writes: -+--- | ... | Or to teach pollsters to ask the correct questions. | ... All, Mr. Owen is dead-on. Speaking as someone who has had a formal education in statistics including the design of survey instruments, I will say that of all the ways in which it is possible for the dishonest to skew the results of quantitative analysis, survey design is hands down the most vulnerable. You want the numbers to come out your way? Sure, you can manipulate any data set of numbers to lean the direction you want them to lean, but if you control the survey instrument used to collect the raw data in the first place you 0wn the analysis in ways that re-analysis by others cannot erase. Case in point: Allowing those who care about Issue XYZ to self-select whether to take your survey guarantees overweighting the tails of your distribution and in ways that you may not be able to see (such as organized survey takers who talk to each other). Sort of like an Internet-mailing-list, no? --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
On Fri, 12 May 2006, [EMAIL PROTECTED] wrote: alan writes: -+-- | | Probably because most Americans believe they are being spied on | anyways. (And have for a very long time.) | Au contraire', it is precisely what, for example, my spouse would say: I live a decent life and have nothing to hide. I ask people who say they have nothing to hide for their credit card numbers. Everyone has something to hide. The point is that you do not have to have done *anything* to be worried. How do you know that your name is not a known alias of some evil nasty terrorist who buggers FBI agents in his spare time? As this and all security-related lists are composed of people who are off-center when it comes to risk, it is us what be the outliers in the distribution and in no way are our various paranoias widely shared. The question is should they be?. -- Waiter! This lambchop tastes like an old sock! - Sheri Lewis - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Consumers Losing Trust in Internet Banking
Summary: The deluge of reports of problems at on-line banks is having an effect. Customer attitudes are increasing negative, and customers mention concerns about security as worrying them. The adoption rate for internet banking has dropped to only 3.1% for the last quarter of 2005, about matching the rate at which people drop their accounts. Over all, 38% of Americans use Internet banking - compared to 75% of Europeans. (Europeans report a much higher level of confidence in on-line banking.) The full report is at http://www.marketwire.com/mw/release_html_b1?release_id=128505 Eventually, all those voting feet will have an effect. Perhaps we don't need to despair of the market forcing better security. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
On Fri, 12 May 2006, [EMAIL PROTECTED] wrote: Perry E. Metzger writes: -+ | | And a personal note to you all: | | Let me again remind people that if you do not inform your elected | representatives of your displeasure with this sort of thing, | eventually you will not be in a position to inform them of your | displeasure with this sort of thing. | Perry, While I agree with you, the public does not, so far as I can tell, find itself willing to risk insecurity for the benefit of preserving privacy, as this article in today's Boston Globe would tend to confirm. http://www.boston.com/news/nation/articles/2006/05/12/most_put_security_ahead_of_privacy/ Most put security ahead of privacy (By Bruce Mohl, Globe Staff) Mark Jellison, a Verizon customer in Quincy, isn't fazed that his phone company may have turned over his calling records and those of millions of others to the National Security Agency as part of an effort to thwart terrorism. snip Probably because most Americans believe they are being spied on anyways. (And have for a very long time.) I find it interesting that the question is always about fighting terrorism. I am willing to bet you would get different answers if the question was phrased as Should a president be allowed to carry out massive wiretaps to spy on his political enemies? I have seen NO proof that this spying was limited, or even directed towards, terrorists. (Unless Democrats, peace activists, eco-freaks, hackers, and the like are now considered Terrorists.) Since there is no oversight allowed, we must assume that this effort has more to do with rooting out and destroying threats to the President than it does to actual threats to the security of the country. -- Waiter! This lambchop tastes like an old sock! - Sheri Lewis - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
Alan, You and I are in agreement, but how do we get the seemingly (to us) plain truth across to others? I've been trying for a good while now, reaching a point where I'd almost wish for a crisis of some sort as persuasiveness is not working. We are probably well off-topic for this list. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
alan writes: -+-- | | I guess the big question is one of trust. I cannot see why people | trust the Bush administration. Any time they have been given power | they have abused it or used it to destroy their rivals. | I don't think this has anything to do with any particular administration. As Gilmore would say now (hi, John), don't give any government a power you would not want a despot to have. --dan = What's on my car https://www.protestwarrior.com/store/files/master/democrat_president.gif - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
See also Title 18 section 2703(c)(2): (2) A provider of electronic communication service or remote computing service shall disclose to a governmental entity the - (A) name; (B) address; (C) local and long distance telephone connection records, or records of session times and durations; (D) length of service (including start date) and types of service utilized; (E) telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and (F) means and source of payment for such service (including any credit card or bank account number), of a subscriber to or customer of such service when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena or any means available under paragraph (1). (at http://caselaw.lp.findlaw.com/casecode/uscodes/18/parts/i/chapters/121/sections/section_2703.html ) This paragraph specifically gives the requirements for disclosure of local and long distance telephone connection records, which were plainly not met. -Dan William Allen Simpson wrote: Perry E. Metzger wrote: http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm Legal analysis from Center for Democracy and Technology at: http://www.cdt.org/publications/policyposts/2006/8 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
PQCrypto: Schedule Available
Will large quantum computers be built? If so, what will they do to the cryptographic landscape? PQCrypto 2006, the International Workshop on Post-Quantum Cryptography, will look ahead to a possible future of quantum computers, and will begin preparing the cryptographic world for that future. Note: The schedule is available now, see webpage below - schedule More details: - Date: May 23 - May 26, 2006 (i.e., right before Eurocrypt!) - Place: Leuven, Belgium - Registration: 210 Euro - web-site: http://postquantum.cr.yp.to/ Best regards, Christopher Wolf - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Status of attacks on AES?
On 5/3/06, Joachim Strombergson [EMAIL PROTECTED] wrote: Just out of curiosity I tried to Google around for recent papers on attacks against AES/Rijndael. I found the usual suspects with XLS attacks and DJBs timing attack. But what is the current status of attacks, anything new and exciting? It worths to look at Nicolas T. Courtois' page: http://www.cryptosystem.net/aes/ Max - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Bamford on the NSA and the Greek mobile phone tapping scandal
As some of you may remember, there was a scandal in Greece back in February 2006 involving the interception of mobile phones belonging to high-level government officials, including the Prime Minister. The CALEA software on the Ericsson switches used by Vodafone was blamed; it had apparently been surrepticiously turned on and was copying traffic to an equal number of shadow phones. An thorny point in the investigation was the revelation that the shadow phones had also been used to make phone calls to Laurel, MD. An interview with James Bamford on the possible role of the NSA in the Mavili-gate was published in last Sunday's (5/8) To Vima, one of the major Athens newspapers. I contacted the journalist, Alexis Papahelas, asking for permission to forward the article to this list, and he was kind enough to send me the original raw transcript. Here it is, very slightly edited for obvious transcription mistakes. The published article (in Greek) can be found in: http://www.tovima.gr/print_article.php?e=Bf=14755m=A20aa=1 -- Mr. Bamford Good Evening from Athens, thank you very much for being with us tonight. JB: My pleasure -- Let me ask you first of all, there has been a lot of discussion here in Greece about this lawful interception software, explain to me what it is, and whether the US put pressure on worldwide companies to install that after 9/11 especially? JB: Well the software is basically used to attach to commercial communication facilities, like the ATT in the US, or whatever commercial company it is, and anything that goes over these communication facilities gets picked up, whether it is e-mail, or telephone calls and divert it to the US Government, whoever attached the equipment. -- Is it your understanding that most of the hardware companies around the world, that provide mobile telephone companies with equipment, had this installed at some point? JB: Well in the US there was a lot of requiring that US companies do it, but around the world I think there was pressure by the US for a lot of the friendly countries to the US, allied countries to do as much as they can in terms of domestic eavesdropping and this type of equipment is most useful for that. -- As you know, during the Olympics here in 2004, a lot of the US intelligence agencies were here, based here, they had a lot of equipment here, now do you imagine they were able back then to monitor conversations between mobile phones here in Greece? JB: Oh, the technology has been long in existence for them to be able to monitor mobile phone calls, the US monitors phone calls all over the world, and it has the equipment, so I would imagine that especially since there was a large US contingency at the Olympics in Athens, that they would have, the NSA would have had a presence there with an eavesdropping capability. -- Give us a sense of you know, what an NSA operation would entail here in Greece. JB: Well, what would have happened was, the US would fly over a team plus equipment. They would first scan out the best places to maybe put antennas to intercept microwave communications, communications that would carry mobile phone signals, for example. On the other hand they could have also worked out an agreement with Greek telecommunications companies, or the Greek Government to install NSA equipment on their facilities in order to monitor the communications, so it is hard to say but there is very little question that the NSA did a lot of monitoring during that period of time. -- What you are saying is very important to us, so to my understanding is that the NSA does strike, I suppose secret agreements, with phone companies around the world, is that what you are saying? JB: Oh sure, it tries as much as it can to get phone companies around the world to co-operate with the NSA in order to help its world-wide monitoring operations. -- And would it be acceptable for them also, to try to recruit some people from inside the companies, if they cannot strike such an agreement? JB: Yeah, NSA does that too it will try to make a deal, to get somebody to co-operate. In the old days the NSA would try to get a code-clerk at an Embassy to co-operate, but these days they try to get people, that have access to large databases, or telecommunications facilities. -- We have sent you e-mails, and you have an idea of what this Greek system of interception looked like. Does it tell you something, I mean how sophisticated is it, does it tell you it is a US intelligence agency, a British, somebody else? What is your assessment? JB: Well I think it is pretty much a standard communications system, in terms of mobile phone calls and so forth, they all pretty much operate the same way, it is just that it is a different frequency,
Re: NSA knows who you've called.
[EMAIL PROTECTED] wrote: You and I are in agreement, but how do we get the seemingly (to us) plain truth across to others? I've been trying for a good while now, reaching a point where I'd almost wish for a crisis of some sort as persuasiveness is not working. for other drift ... the stuff about call record analysis with regard to social networking has been topic in datamining conferences for at least a couple years ... both academia and industry. the cellphone companies appear to be especially interested in it, for various kinds of capacity planning and marketing purposes (I think some academia even have contracts with cell phone companies researching this area). several months ago my wife had extensive communication with an editor doing some background stuff on datamining. some of it showed up in an article somewhat spun for the current situation Info Mining Sharing are Controversial Co-Dependents, part 1: http://www.publicsectorinstitute.net/ELetters/EGovernment/v4n7/May13Articles.lsp#DataMining my wife's quotes liberally lace part 2: Data Mining Disrupts Enables http://www.publicsectorinstitute.net/ELetters/EGovernment/v4n7/May13Articles.lsp#DataMining2 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]