Re: IBM Uses Keystroke-monitoring in NJ Mob Case (was Re:

[John Young]

>From reading the docs at EPIC, it is not clear that the FBI actually
got data from the planted device. The USA application dated June 8 
asks for a supplemental order of extension of time in order to break 
in and remove the device. This need was caused by Scarfo's unexpected
removal of the equipment.

We have not been presented with the initial USA application and the
initial order, at least not that I've seen.

Interesting possibilities are:

1. The FBI is bluffing that it got incriminating data and is using the
applications and orders as window dressing or camouflage to
hide their failure. Or to hide that they got evidence some other
way.

2. The FBI captured some stuff but is faking the rest.

3. Scarfo discovered the device, or suspected it, and removed the 
equipment in order to sanitize it, or even planted his own device 
aimed at the feds. Say he rigged a program to endlessly type "fuck you,"
Or played Bin Laden's taunts. He's a fair comp whiz so all sorts of
good stuff may have happened.

4. If Scarfo got the device, by now defenses against it have been
deployed, maybe even generated a tidy black market for those who
want to snoop and/or snarl the feds by redirecting their own devices.

Re: Re: About 5yr. log retention

[John Young]

Jim Choate blindly wrote:

>What law?

The law was quoted just below the citation we provided: 
18 USC 2703(f).

The news report quotation exactly matches what the law
says about preservation. Not that you'll read it but here it is again:

Here's the source for news story report about data preservation 
requirement:


http://www.usdoj.gov/criminal/cybercrime/COEFAQs.htm

Preservation is not a new idea; it has been the law in 
the United States for nearly five years.  18 U.S.C. 2703(f) 
requires an electronic communications service provider to 
"take all necessary steps to preserve records and other 
evidence in its possession pending the issuance of a court 
order or other process" upon "the request of a governmental 
entity."  This applies in practice only to reasonably small 
amounts of specified data identified as relevant to a 
particular case where the service provider already has 
control over that data.  Similarly, as with traditional
subpoena powers, issuance of an order to an individual or 
corporation to produce specified data during the course of 
an investigation carries with it an obligation not to delete 
or destroy information falling within the scope of that 
order when that information is in the person’s possession or 
control. 

-

And here is the law cited by the DoJ FAQ:

>From the US Code via GPO Access:


http://www.access.gpo.gov/su_docs/aces/aaces002.html

18 USC 2703(f)

(f) Requirement To Preserve Evidence.--
   (1) In general.--A provider of wire or electronic 
communication services or a remote computing service, upon 
the request of a governmental entity, shall take all necessary 
steps to preserve records and other evidence in its possession 
pending the issuance of a court order or other process.
(2) Period of retention.--Records referred to in paragraph
(1) shall be retained for a period of 90 days, which shall be 
extended for an additional 90-day period upon a renewed request 
by the governmental entity.

-

Now, remember, "evidence" is what law-industry promoters
call what civilians call "information." Evidence is used to force 
subservience to the law-industry. Information is used to fight 
those narrow-mindfuckers. So, Jim, stop calling information 
evidence unless you're bragging about fucking your peabrain.

Carnivore Report

[John Young]

We offer an HTML version of the Carnivore technical 
review report released yesterday by DoJ (without appendices):

   http://cryptome.org/carnivore.rev.htm  (164KB text, 8 images)

The original PDF report is 9.4MB, 121 pages. 

One notable conclusion about Carnivore's shortcomings
and why its code should not be released to the public:

  Carnivore can be countered with simple, public-domain 
  encryption.

But it can snarf everything done by a targeted Web user, 
e-mail, FTP, HTTP, and you name it.

Re: Bob's Bank. Hi, I'm Bob. Just slip it in this pocket here.

[John Young]

Docket as of November 16, 2000 7:16 pm   Page 9

Proceedings include all events.
3:00cr539-ALL USA v. Flowers, et al

11/15/00 1   INDICTMENT by AUSA Jen E Ihlo, Melissa Schraibman.  Counts
 filed against Richard George Flowers (1) count(s) 1, 2-3,
 Dorothy Lenore Flowers (2) count(s) 1, 2-3, Jeffrey Allen
 Weakley (3) count(s) 1, 4-5, John David Anderson (4)
 count(s) 1, 6-7, Ronald William Stacey (5) count(s) 1, 8,
 Elecia Stacey (6) count(s) 1, 8, Dan Romaine Kirkham (7)
 count(s) 1, 9  CONSPIRACY TO DEFRAUD THE UNITED STATES,
 WILLFUL FAILURE TO FILE TAX RETURNS, ATTEMPT TO EVADE AND
 DEFEAT PAYMENT OF TAX (rupe) [Entry date 11/16/00]

11/15/00 --  PURSUANT to this courts Case Assignment Plan, this case to
 be assigned to  JUDGE GARR M. KING for all further
 proceedings. (rupe) [Entry date 11/16/00]

11/15/00 2   ARREST WARRANT ISSUED for Defendant Richard George Flowers
 DETENTION REQUESTED.  by Judge Dennis J. Hubel (rupe)
 [Entry date 11/16/00]

11/15/00 3   ARREST WARRANT ISSUED for Defendant Dorothy Lenore Flowers
 DETENTION REQUESTED.  by Judge Dennis J. Hubel (rupe)
 [Entry date 11/16/00]

11/15/00 4   ARREST WARRANT ISSUED for Defendant Jeffrey Allen Weakley
 DETENTION REQUESTED.  by Judge Dennis J. Hubel (rupe)
 [Entry date 11/16/00]

11/15/00 5   ARREST WARRANT ISSUED for Defendant John David Anderson
 DETENTION REQUESTED.  by Judge Dennis J. Hubel (rupe)
 [Entry date 11/16/00]

11/15/00 6   ARREST WARRANT ISSUED for Defendant Ronald William Stacey
 DETENTION REQUESTED.  by Judge Dennis J. Hubel (rupe)
 [Entry date 11/16/00]

11/15/00 7   ARREST WARRANT ISSUED for Defendant Elecia Stacey DETENTION
 REQUESTED.  by Judge Dennis J. Hubel (rupe)
 [Entry date 11/16/00]

11/15/00 8   ARREST WARRANT ISSUED for Defendant Dan Romaine Kirkham
 DETENTION REQUESTED.  by Judge Dennis J. Hubel (rupe)
 [Entry date 11/16/00]

-

First six arrested; Dan Romaine Kirkham, described by the NY Times 
as a lawyer and physician, is being sought. According to court records
several of the defendants had aliases, one "Joseph S Pack."

CJ v. 9th Circuit

[John Young]

CJ has lofted a mortar at the 9th Circuit Court of Appeals for
dismissing his appeal for the right to self-representation, and
has requested a rehearing which, if granted will take place
shortly:

  http://cryptome.org/cej-v-ca9.htm

This provides a legal analysis of the dismissal, new precedents
it sets, and a warning to attorneys practising in the 9th Circuit and
the State of Washington, along with the court docket.

Here's his message of transmittal:

  It is my hope that someone might find the time and energy 
  to distribute this to Internet legal forums and to attorneys 
  throughout the Ninth District, especially Seattle-Tacoma.

  Fuck These Morons (TM) have shit all over Constitutional 
  Law and I want to rub their faces in it. It will no doubt piss 
  Them (TM) off to the Max, but I want to stir things up before 
  the Appeals hearing, which should be in the next couple 
  of weeks, if granted.

  It's Crunch Time, and I want to shine as much light as 
  possible on what Fuck These Morons (TM) are doing.

--

Re: Schneier: Why Digital Signatures are not Signatures (was Re: CRYPTO-GRAM, November 15, 2000)

[John Young]

What is not clear in Schneier's several critiques of crypto 
weaknesses is what will be made of them to advance the
burgeoning interests of law enforcement and the compsec
industry in cybercrime control measures.

While it may not be Bruce's intent to provide support for
"the legitimate interests of law enforcement and industry"
to combat "cybercriminality," what does appear to be
evolving from the interests of the compsec industry is
a close working relationship with the prime consumers 
of their services and products -- especially with
the privitazation and melding of natsec and domsec.

No doubt this is a carryover from the traditional close
relationship between compsec and comsec researchers,
developers and producers with government.

Still, is there no alternative to giving government and
corporations first, if not exclusive, choice on the best 
products and services, or contrarity, criminalizing activities 
and programs which do not succumb to government 
and corporate lobbying/purchasing persuasion (covert
arm-twisting; sweetheart contracts; favorable standards, 
regulations, exceptions, etc.)?

Count on one hand those who have resisted the lure and 
pressure to serve the nation as they serve their own interests. 
Count them stigmatized, broke, "renegades," outlaws, pitiful 
once-weres who lost touch with reality. 

Count those who are realistic as manifold, patriots, speakers 
at the best conclaves, propounders of sound advice to the 
wayward, reminders of what they've learned on the way is
no longer true, award winners, celebrities with swelling bank
accounts -- so long as the archy line is toed.

Now, none of this applies to Bruce's evolving computer
security body of work, which is most impressive. It's just not
clear what will evolve as Counterpane takes more of his
time and effort. What is clear is that cryptoanarchy, or
or broader cyberanarchy, is not in his interests, any more 
than it is in government's, except as a bugaboo.

Cybercrime begins with criminalizing digital information, 
that is, to regulate who gets access to private secrets,
who runs the protection rackets: "don't trust your
computer" is the next step after "don't trust the Internet."
Confidence in both requires the assurance services of 
who? Ah yes, I see.

Re: CIA Website Update

[John Young]

Yes, the 16,000 declassified Chile/Allende overthrow docs 
are available:

   http://foia.state.gov

>From files of the State Dept, CIA, FBI, National Security
Council, NARA, DIA, NSA, et al. A bounty of patriotic 
gore and defense/intel pork thanks to Dr. Strangelove 
and Dickster.

And a new report on remaking the NRO to accelerate
sat-spying technology development and at the same time
lay on fat new layers of secrecy:

  http://www.nrocommission.com/toc.htm

The commission was co-chaired by Official Secrets Porter 
Goss and hero Bob Kerrey.

The report says openness is threatening US survival.

Which mirrors SecDef Cohen's warning that technology
is empowering citizens, business and allies to challenge
USG supremacy.

There has never been a better time for ever small claques
demanding deeper government secrecy.

Re: Predicting a succesful society

[John Young]

Jim Choate wrote:

>It get's off it's home planet permanently. [and more.]

Yes, thank you very much, indeed, absolutely.

A suave-tailored and barbered and elocuted gentleman
who runs UK's Internet Watch aroused the anti-censorship
crowd with the  query "should we allow an image of a penis 
up an infant's anus." 

"Absolutely not," the crowd vowed.

Debate on splitting the profane image from the urbane text 
ensued. Text should be unfettered but not pix, it was
agreed. The uncensorable textual image mouthed by the
Internet Watch barker hung in the air to arouse unanimity on 
what's not permissable in a succesful secret-vice society.

Onion kiddie-chat rooms, absolutely.

Re: ZKS, government regulation, and new "privacy" laws

[John Young]

Interesting take, Declan. Which highlights how most of
natsec-developed technology entering the market gets the
benefit of dual-use regulation. Janus the model.

Self-policing is a kissing cousin of self-censorship, both
pretend at keeping the fuzz out of private affairs by pretending
to be doing nothing worth official attention. And both need
regular contact with cops to assure that all is in order,
give or take a few handovers of those who go too far, whose
names just happened to pop up in this handy snitch
program.

Banks and telecomms been doing the snitch not nearly
as long as the church, rather the state snitching to the
church, depending on who's in charge of the day's
inquisition. (Interesting stuff in recent books on Vatican
and global intel services regular kiss-kissing.)

Austin promised a few months back, I believe here, that
he would keep us informed of his meetings with law
enforcement officials. I must have missed those reports
among the pr downpour. This is not to say that he
did not report to select customers on how those 
briefings are going. 

Question is which cpunks at ZKS will be handed over
to assure displeased oversighters.

And who there will smile among themselves at the gullible 
fools' failure to see what realists always claim is obvious 
behind the cloak of successful wedding of business and 
government and foolsgold faith that it can never ever
happen here, not so long as I'm around (the refrain at
PGP, and others of the trusted second party).

Young men and a few women die all the time for they know
not what strategy considered them expendable -- in the national
interest, lately, but traditionally to assure rule-makers they are
quite exceptional to the rules.

Re: NZ: Sweeping powers for spy agencies

[John Young]

This report is consistent with DoJ's advocacy of a US national,
as well as international, system for police agencies to collect
and share criminal justice information, and to do so while there 
is no law against using advanced technology for this purpose.
As noted here recently, see a presentation by DoJ on how 
to override with a PR campaign citizens' concerns with privacy 
violations of such systems:

   http://cryptome.org/doj-ji-pi.ppt

This continues the transfer and use of technology developed
for national security purposes to law enforcement agencies,
worldwide, with the initiative being taken by DoJ and FBI,
assisted and advised by DoD and the intel community (with
former members of the latter now employed by domestic
agencies or running companies selling natsec-derived
services to domestic customers).

What is fascinating about this evolution is the screaming
by domestic victims when they learn that means and methods 
are being applied to them that they wholeheartedly approve 
when aimed at foreigners, immigrants, criminals and other 
stigmatized targets such as radicals, anarchists, commies, 
neo-nazis, dissidents and whoever is different from you and 
me, well, no doubt you include me in your bullseye and me 
you when we get a whiff of the terrifying scent spread
by the malodor-spreading criminal justice mongerers.

Nothing about this whipsawing of terror and anti-terror
technology is new to this forum, but the news reports do
confirm the need to keep grinding out new outlaw means 
and methods to defy the inlaw ("justice", crime-fighting)
initiatives that just cant spend money fast enough to abrade 
and salve. The invention of new (advanced-tech) criminality 
is high on the agenda, right up there with the propagation 
of assurance that only governments can combat burgeoning 
national and economic security-threatening outlawry.

What is not said, or maybe only whispered to oversighters
hairy ears, is do not ask us to look into mirrors to see
true outlaws agrinning. Do not ask us to conduct our
affairs in non-outlaw secret settings.

Turncoats are a special feature of the official outlaw
cartel, when those who once faught official criminality are
recruited to ID, track, provoke, gather evidence, indict
and convict former associates. Read Michael Froomkin
on ICANN's board members who cant forgo power-
wielding:

   http://personal.law.miami.edu/~froomkin/boardsquat.htm

This is a tip of the iceberg of large numbers of means
and methods technicians being drawn into the global
justice system with sweetheart contracts and jobs and
places on advisory boards. To serve the national interest
and to get regular whisperings from those in the know it
all business.

Here's a recent article on the price paid by scholars to 
see CIA classified material:

   http://cryptome.org/cia-price.htm


  

Re: CIA in Oregon, Intelink

[John Young]

Mail to [EMAIL PROTECTED] bounced. Rather a 
bounce message was returned from bendnet.com,
and surely cloaks delivery of the message.

And the cc to [EMAIL PROTECTED] would not even leave this
mailer. So it seemed. But the window glass shivered.

Spookery is awesome.

Re: CIA in Oregon, Intelink

[John Young]

Anonymous writes that there is a CIA facility in Bend, 
Oregon, called CPIC/West, balancing one in Miami 
called CPIC/Miami. FAS offers a description of Miami
which references Bend:

  http://www.fas.org/irp/facility/cia_miami.htm

And to possibly flesh out the operations run out of
the Bend base, Anon points to a statement which alleges
black and criminal government doings in which 
Bend is mentioned:

  http://www.dcia.com/evergree.html

Nothing in these accounts about CIA's ISTAC.

Informative data-mining, A P, but to avoid nailing the
innocent, double check the Mueller names and
aliases, for the person listed on the NIC.gov records 
has a different middle initial from the Mueller you're 
dogging.

That name might be deception, no doubt, but it could
also be a stolen name and identity, even address,
from a real person who is unaware. If stolen, or
fictional, that might explain why the personal info 
was provided in the clear at NIC.

Still, there may be no reason to conceal anything
about the Bend faciltiy or Mr. Mueller's participation.

Perhaps an email to Mr. Mueller would be the way to find
out, so this will be cc'd to him (and Dan S at ISTAC) for a 
response.

Dear Mr. Mueller and Mr. S,

Would you please confirm that there is a CIA facility
in Bend, OR, and that the terms CPIC/West and
ISTAC are applicable to it? 

Also, could you clarify whether CIA's ISTAC is related 
to the ISTAC of the Bureau of Export Administration?

Thanks very much,

John Young
212-873-8700

---

It turns out mail to [EMAIL PROTECTED] refused to go from here, 
so Dan S is safely SCIF.

RE: CIA in Oregon, Intelink

[John Young]

Yes, the BXA ISTAC is familiar since I'm on its 
mailing list. The CIA ISTAC is a different dog.
And it was the Oregon rep which surprised, not
the Vienna, VA and DC addresses. Why Oregon?
Intel, Microsoft, In-Q-tel, or another bedmate helping
equip and run Intelink?

Intelink is reportedly restricted to those with
intelligence need to know, and is blocked
to outsiders. However, IC.GOV has been around
a while and I wondered if a wizard here might
know a way to finagle access.

Here are few specific URLs provided in the DoD
Intelligence Information System Instructions
2000:

Intelligence Community PKI activities:

   http://www.iccio.ic.gov/

DIA page: 

   http://www.dia.ic.gov/proj/dodiis/dodiis.html

JITF Intelink:

  http://web1.rome.ic.gov:82/vtf.cgi 

Here's the URL for the DoDIISI2000 doc:


http://www.dia.mil/Graphics/Intel_community/dodiis_2000/0204_DoDIISInstr_Fin
al.doc

(The URL may wrap.)

For the dark side of the Albright bearhug, the DIA FOIA site 
offers the "North Korea Country Handbook," May, 1997, 
prepared by the intel community, and published by the 
Marine Corps Intelligence Acitivity:

   http://www.dia.mil/Graphics/FOIA/nk/nkor.pdf  (429 pages, 5.6MB)

It could be useful to those intending to exchange URLs with
the Chief of NOFOIA DPKR.

CIA in Oregon, Intelink

[John Young]

Would anyone in the Oregon area know about
a CIA organization acronymed ISTAC?

Here's the NIC entry, which includes a CIA rep
in Bend, OR. Note that the other CIA rep used
only a last name initial.

  CIA (ISTAC-DOM)
  1820 Electric Avenue
  Vienna, VA 21076


  Domain Name: ISTAC.GOV
  Status: ACTIVE
  Domain Type: Federal

  Technical Contact, Administrative Contact:
 S, Dan  (DS3)
 703-281-8087
 [EMAIL PROTECTED]


  Domain servers in listed order:

  MARS.ISTAC.GOV   199.99.221.33
  NS1.SPRINTLINK.NET   204.117.214.10
  NS2.SPRINTLINK.NET   199.2.252.10, 199.2.252.1
  NS3.SPRINTLINK.NET   204.97.212.10

  Record last updated on 31-Oct-97.


   cia (W19990412003631)

  Federal Government: Yes
  Unlisted Organization: Yes
  Status: Pending

  Designated Agency Rep, Requester, Sr. Registration Official:
 Mueller, Deforest X.  (DXM2)
 (541) 385-6836
 [EMAIL PROTECTED]


  Record last updated on 13-Apr-99.

-

   Mueller, Deforest X. (DXM2)
  cia

  63350 majestic loop
  bend, OR 97701

  (541) 385-6836

  [EMAIL PROTECTED]

--

Second inquiry on accessing Intelink, or IC.GOV


While this is registered, it does not respond to
a browser inquiry. Here is its NIC data:

IC.GOV

 Central Intelligence Agency (IC-DOM)
  Global Network Enterprise
  Washington, DC 20505

  Domain Name: IC.GOV
  Status: ACTIVE
  Domain Type: Federal

  Technical Contact:
 Networks, Public  (PN2)
 (702) 874-7205
 [EMAIL PROTECTED]

  Administrative Contact:
 Farnham, David B.  (DBF)
 (703) 874-2871
 [EMAIL PROTECTED]

  Domain servers in listed order:

  NS.DIGEX.NET 164.109.1.3
  NS2.DIGEX.NET164.109.10.23

  Record last updated on -Apr-10.



 Networks, Public (PN2)
  Central Intelligence Agency

  ATS/EDSN, 1U1332 NHB
  Washington, DC 20505

  (702) 874-7205

  [EMAIL PROTECTED]

  E-mail Host: UCIA.GOV

  Record last updated on 27-Jan-99.



 Farnham, David B. (DBF)
  ATS/NSG, 2W03 NHB

  ATS/NSG, 2W03 NHB
  Washington, DC 20505

  (703) 874-2871

  [EMAIL PROTECTED]


  Record last updated on 27-Jan-99.



Source: http://www.nic.gov/REFERENCE/rfc2146-2.txt

   CROSS-AGENCY COLLABORATIONS

  Q.  An organization maintains a domain
name that represents a cross-agency
community, IC.GOV, which represents members
of the intelligence community.  As a
cross-agency collaborative effort, does the
domain have to be re-registered? 

  A.  The policy states that "Cross-agency
collaborative organizations (e.g., "Federal
Networking Council", "Information
Infrastructure Task Force") are eligible for
registration under .GOV upon presentation of
the chartering document and are the only
non-listed (in either FIPS 95-1 or the US
Government Manual)  organizations eligible
for registration under .GOV."  "IC.GOV" 
however, is grand-fathered since it is an
existing domain.  Nevertheless, it would be
appropriate to provide a copy of the
chartering document to the FNC for the
record.  This would ease future changes to
the IC.GOV domain if necessary. 

---

Re: export reg timewarp? (Re: RC4 source as a literate program)

[John Young]

Adam Back wrote:

>The US export regulations no longer prevent export of crypto.  PGP
>exported binary copies of PGP from US websites, as now do many other
>companies.  Crypto source is exported also from numerous web sites.
>
>I don't follow why all the discussion talking as if ITAR and EARs were
>still in effect in unmodified form.

Good point, except that PGP.com and Freeware still have export
restrictions on downloads, as do most other US crypto export
sites. This is probably due to the fact that nobody understands
the export regs and better safe than lose out on fat government
contracts, and corollary contracts with other corporations who
dare not offend the authorities.

Even some private sites which rushed to offer crypto on the Internet
have withdrawn their offerings. And, according to Matt Blaze's
tabulation of such offerings, they have nearly petered out.

Don't forget that there is till a review required by BXA for strongest 
products. What happens in those reviews has not been disclosed 
as far as I know. Whether the NDA is voluntary to hide trade
secrets, compulsary to hide dirty dealing, or worse to hide
really nasty access requirements -- probably some of all
these in the great American tradition of promising much and
delivering not so much unless you play ball under the umpires
clubhouse rules.

Nicky Hager (of Secret Power fame) co-wrote another book
on a PR war in NZ in which he covered at length the practice
of governments and corporations hiding their filthy deals from
freedom of information access through the loophole of
protecting proprietary information from the public.

Another commentator pointed out recently that the vast
majority of FOIA requests are indeed made by people
seeking commercial intelligence which is not intended to
be made public , and relatively few seeking information 
to release to the public.

So there is a bind on getting info on what actually happens
at BXA and its co-agencies during crypto export review.
However, in contrast to a few years back, I don't see 
many corporations or individuals calling for greater access 
to closed information about crypto export procedures.

Could be all the crypto folks are doing just fine under
the system, so why bitch about making it into the comfort
zone. And, oh yeah, fuck the public interest now that
the crypto public outreach PR campaigns did their job to 
get inside the sweetheart PR loophole.

Doug Porter has written an interesting update about all this 
crypto flim-flam in the "Pocket Guide to NSA Sabotage:"

   http://cryptome.org/nsa-sabotage.htm

And what the fuck is Schneier doing trashing crypto to build
his security consulting business? That sounds like priests
preaching Our Church Alone salvation to keep the flock 
frightened, dependent and shelling out for long term 
protection contracts. You know, like the one-world feds 
and all-world spooks.

Re: Re: Bugged Promis in Canada... wheee

[John Young]

Right, "Gideon's Spies."

The Toronto Star has two more Promis-spying stories today:

Murders linked to Promis:

  http://thestar.com/editorial/updates/top/2828NEW01b_NA-MOUNTIE28.html

Mounties debugged software in 94, after a decade of US, Israel spying:

  http://www.thestar.com/thestar/editorial/news/2828NEW06_NA-SPY.html

And we offer excerpts from "Gideon's Spies" on the Mossad's 
reconfiguring Promis with additional features and a backdoor
to covertly record how it is used, and choosing to keep the 
name as brand-name disguise (for some $500 million in global 
governmental sales and deep spying on eager-spying buyers):

   http://cryptome.org/promis-mossad.htm  (40K)

Orlin Grabbe has an article on Michael Riconosciuto, the person
The Star says rigged Promis for Canadian use.

  http://www.orlingrabbe.com/ricono.htm

And EFF has an archive on the Bill Hamiltion Inslaw case:

  http://www.eff.org/pub/Legal/Cases/INSLAW/

There is lots more available via the search engines.

Re: Re: Bugged Promis in Canada... wheee

[John Young]

Tim May wrote:

>This story has been around for at least a dozen years. Not saying it 
>isn't factual, just that it's been around since the late 80s. I've 
>heard Bill Hamilton being interviewed many times over the years, as 
>well as the claims of Elliot Richardson, his lawyer, and so on.
>
>Ironically, someone I went to high school with and whom I saw at my 
>30th class reunion earlier this month worked for INSLAW a while back 
>and has much to say to about the plausibility of these claims.

Yes, this is at first glance not a new story. There are a couple of aspects
though that may be more than recycling, but that could just be due
to my ignorance. (I rashly called Bill Hamilton a few years ago upon
hearing that he was under attack by evil powers, and he told me
to get lost, don't waste his time, none of that was true, pretty decent
about it considering what I later learned was mostly crock.)

The Canadian news report reported on the 1999 book, Gideon's 
Trumpet, which has an account about the original Promis software
being reconfigured in Israel with US help to neatly hide a more
lethal version of Promis under the original -- doing the intel trick
of hiding new-worse under well-known old-bad so nobody will 
pay attention to discredited alarms.

The original Toronto Star story:


http://www.thestar.com/thestar/back_issues/ED2825/news/2825NEW01_NA-
SPY.html

Whether Bill Hamilton is in on the deception of hiding a new
Promis under the original is a fair question. And just how
many versions of Promis are out there creating FUD about
suspicions of it.

There has been speculation that several well-known intelligence
bete noirs are covering for worse, Echelon being one. (Now, don't
jump to conclusions about NSA Key and PGP.)

Still, it takes a tough mind to resist the lure of already knowing 
all there is to know about "well-known" threats. James Jesus
Angleton went nuts trying to figure out who was hiding behind 
US-branded evil empires. And his foes beat him with a plenitude
of ever-elusive permutations cloaked by pre-positioned 
discoverables.

What seems to be bedeviling the CA authorities, according to
the news report, is sorting out a plenitude of Promis dismissives
and aged allegations. Hamilton admits he has been inteviewed 
by the Canadians but dismisses the latest charges. Smart man.

PGP ADK Bug Fix

[John Young]

Cryptome offers the ADK bug-fix PGP Freeware 6.5.8:

  http://jya.com/pgpfree/PGPFW658Win32.zip  (7.8MB)

  http://jya.com/pgpfree/PGPFW658Mac_sit.bin  (5.6MB)

Analyses of the ADK fix and any others most welcome.

Superpower Invites Attack

[John Young]

Secretary of Defense Cohen in a speech yesterday to
the VFW about how the US "Superpower" name
invites "asymmetrial attacks," stated:

  What we have to do is intensify our anti-proliferation types 
  of measures to cut down on the technology that so many 
  of our friends or allies or adversaries are helping to spread 
  around the world.

Note linking of friends and allies to adversaries in the spread
of threatening technology. Thus, the need for Echelon.

Then, he goes on to say:

  Today, technology is empowering the average citizen in ways 
  that none of us contemplated just 10 or 20 or 25 years ago.
  But there are two edges to this sword. The hand that wields it, 
  as Toffler pointed out, can sever the hand that's holding it. It's a
  double-edged sword, and we have to be very, very concerned 
  about how we are empowering our citizens, our businessmen 
  and women and our consumers. We also have to be concerned 
  that it is not turned and used against us.

Thus, the need for Garden Plot and domestic spying for homeland
suppression.

Cohen boasts that he has fought hard to increase defense spending
well above the amount agreed upon by the President and Congress
when he took office, and that the threats of foreign and domestic
terrorism loom large in his argument, especially the threat of spreading
technology. And comments that Clinton is about to increase defense
spending to the highest level ever -- against foreign and domestic
enemies: allies, citizens, businessmen and women, consumers, 
and foes.

Cohen's full speech:

  http://cryptome.org/dod082100.htm

The State Department reported yesterday:

"The world's top 10 military spenders in 1997 were (in billions):

United States$276 billion  United Kingdom$35 billion
China - Mainland   75 (rough estimate) Germany33
Russia 42 (  ""  ) Italy  23
France 42  Saudi Arabia   22
Japan  41  South Korea15

Re: MPAA Wins New York DeCSS Case

[John Young]

Kaplan's overt prejudice from day one surely diminished
respect for federal justice. I had not seen such behavior
before in New York. And when the prejudice was flaunted
increasingly during trial it occurred to me that he was 
diabolically aiming to show just how biased the DMCA 
is toward the copyright industry. A kind of reverse or
rather perverse judgmentalism to send a message to
Congress and its lobbyists that they could not get away
with racketeer influenced organized crime, not on his
watch.

But perhaps, I now think, I was being too understanding
of Kaplan, too forgiving of his one-sided behavior. For it
is possible, I tell myself, that Kaplan was showing a modern
face of old time corrupt justice, that the fix was in from day
one. That would also account for his implacable opposition
to the defense, the lackadaisical presentations of the
plaintiffs, his repeated rulings in favor of the plaintiffs, the
personal attacks on Garbus by Kaplan during trial, Kaplan's 
rudeness toward Robin Gross and Allonn Levy at the PI
hearing, and the contempt he displays in his decision
for the defendants and disparagement of supporters.

Kaplan blatantly uses the DMCA to cloak his foregone
conclusions as in days of old judges quoted the law to
justify criminality of those in power to hold maintain their
power.

Running a court across the street from Little Italy may not be 
grounds for associating Kaplan with organized crime, but his 
decision speaks to me for such a tie with the copyright industry 
and its Congressional supporters being foregone.

Yes, hatred of prejudice in such corrupt judges, and contempt
for their courts, is right and just.


At 01:57 PM 8/17/00 -0400, you wrote:
>I hate Judge Kaplan.
>
>Eric Grimm

Jim Bell Msg: So, what's happening?

[John Young]

Forwarding a cypherpunks@toad. com message:

-

From: "jim bell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, "Darcy Bender" <[EMAIL PROTECTED]>
Subject: So, what's happening?
Date: Thu, 10 Aug 2000 15:49:04 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Sender: [EMAIL PROTECTED]
Precedence: bulk

To:  Jessica Stern and Darcy Bender,

"Nevermind!"

If you're old enough to remember Gilda Radner's character "Emily Litella"
from Saturday Night Life, you will understand what I am about to say.  Emily
simply got things wrong, in her case perhaps because of bad hearing, and she
embarrassed herself  continually, cutting short her discomfort with the
classic line, "Nevermind."

Jessica, I've just read (briefly) some of the references about your writings
in a site Darcy Bender pointed me to.   Obviously, you really like to write
about things like chemical weapons, biological weapons, and terrorism in
general.  All material chiefly "pushed" by the government's propaganda arm.
Scaring the public so that it will put up with higher (government) taxes,
jack-booted (government) thugs, and oppressive laws that put ever more
people in jail DESPITE a declining crime rate!

And your background "fits in" with all of this
(http://ksgnotes1.harvard.edu/people/Jessica_Stern):  Council of Foreign

Relations???  Sheesh!  National Security Council (I knew about that from
your letter)?   You have the word "establishment" written all over you.

And, given what I know of the propaganda that the Feds put out about me
three years ago, it makes perfect sense that you would have read it and
concluded that there was an excellent story in there, somewhere, and you
wanted to write it.  Perhaps a story which would make the government people
look like heroes, make me a villain, etc.  But how can I hold that against
you?

But something happened between "then" and "now."   Borrowing (and editing)
an old joke I once heard, "Those stories contained materials that were true
and terrifying.  The problem is that the parts which were true weren't
terrifying, and the parts which were terrifying weren't true.

What you've heard since then are my accusations that the government has
behaved as a bunch of criminals:  They've infiltrated an organization for
political reasons, helped to harass people in such organizations, very
likely lied to obtain search warrants, they've stolen money and possibly
other things from people they search, they've taken objects they weren't
legally allowed to take, they've offered a fraudulent plea agreement that
they didn't intend to honor.  They told a fellow inmate to assault me to get
me to accept the deal, they lied to put me back into prison on a phony
"probation violation" beef, one which not only violated the original deal,
but one in which my hearing was delayed almost one whole year, which was
truly astonishing.   They still have all my property, 3+ years later, they
still have NOT honored the plea agreement, 3 years later.

And that's just a portion of what I know about!  What HAVEN'T these thugs
done yet?

What you haven't heard is the kind of full-throated denial from the
government that you'd expect to hear if my accusations weren't true.   You
don't have proof yet, but I think you already know enough to realize that
from here on in it's going to be worse and worse for the government as more
information is revealed.

Perhaps the most important thing you've been exposed to is that slimy,
sleazy Jeff Gordon, who started out talking to anyone in the news media
who'd listen to his wacky stories, but who now (after I'm out and able to
talk about my accusations) clams up.

You may recall a strong suggestion that I made to you weeks if not months
ago, that you ask Gordon (or any other government official or agent) about
WHY the government wrote a plea agreement deal (without consulting me first)

in which reference was made to a "stink bomb attack".  Specifically, I asked
you to ask them what information they had, if any, that would have linked me
to that incident.  I pointed out that I didn't think they'd be willing to
show you anything, then or now.Was I right?

Almost certainly, the reason the government people can't talk is, first,
they've been lying.  Secondly, anything they say to "expose" what they claim
to know would simply constitute admissions about the existence of illegal
activities (politically-motivated surveillance, illegal bugging, etc) that
I've accused them of for nearly three years.

You've seen copies of notes I sent John Painter of the Portland Oregonian
newspaper, who said that government people simply won't talk about my case
anymore, quite a turnabout from the situation 3 years ago. Even Painter
himself has turned sheepish:  Apparently he and the Oregonian don't want to
run even the most rudimentary article containing my accusations, despite the
fact that never before have they given me

Feds Bust Kazakstan Hackers

[John Young]

We offer the unsealed FBI complaints which led to the recent 
bust of two Kazakstan "hackers" accused of extortion for
breaking into Bloomberg's computer system and asking for
$200,000 to tell how it was done:

   http://cryptome.org/bloomberg-bust.htm

The complaints describe how the defendants were traced
through Hotmail addresses, a sting was arranged, and 
Bloomberg helped make the bust by setting up an offshore 
bank account to lure the hackers to London. One coconspirator 
remains a fugitive -- the lady who made a cellphone call to 
verify the money was in the bank.

The US Attorney and FBI praise the business/law cooperation 
in battling computer crime and boast of how computer crime has 
led to improved global law enforcement.

Re: France and "Crypto Schizophrenia"

[John Young]

In a Guardian article yesterday Duncan Campbell reviewed
the multi-nation effort to coordinate law enforcement snooping
and access to all forms of telecommunications through the
ILETS program. A point he makes is that the operation is
run by LE officials without participation of government lawyers
and so that legal objections will not be raised before 
implementation. ILETS is led by the FBI.

An expected outcome is that the multi-national LE agencies
(and spooks in nations where there is no separation) will cook 
up their own procedures, implement them in union,
and either ignore legal challenges or procrastinate in 
responding -- exactly what the FBI is doing with Carnivore
and the Brits are doing with RIP objections, barking national
security.

And as others have noted before, there is a methodical
testing of public concern by one nation after another
sending out stalking horses to measure the effect of
more openness or more closedness, even using a
see-saw probe of relaxation than tightening to confuse 
the public as to what is permissable. This method has
been deployed by the US administration/BXA, as we 
know, to drive export applicants into asking for
clarification -- which is then given in closed sessions.
Like the closed sessions in Congress and legislatures
worldwide.

It might also be noted that use of crypto is not really
getting easier, after years of calling for it, and that suspicions 
might arise as to why that is the case.

There remains also a question of what other technologies
of privacy aggression (and delayed simplification of use of
privacy protection systems) are being implemented as 
recommended by the National Academy of Sciences 
CRISIS report as a corollary of relaxing strong crypto 
controls.

Recent reports on NTT acquisiton of Verio and what is
being required of NTT to keep hands off Verio's compliance
with FBI surveillance orders, are instructive. These appear
to disclose how not that all ISPs are of necessity complying with
the Feds, but the details of how it is being done. Perhaps no
surprise, except that Verio is quoted as saying that it does
not want to be forced to do more than other ISPs or it will
lose customers. Now exactly how competition for privacy
protection could enhance it would be worth investigating
and telling all.

As a Verio customer we shall ask for a public statement
on the confidential agreement with the FBI expected today.
Without that assurance of privacy, Verio says, our customers 
will walk, even walk out of the country. But what country
is not in the ILETS rogue nation?

Fucking rogue cult CIA is refusing to release records of its 
criminal actions in Chile, crying that would reveal means and 
methods vital to national security against shame. 

The NY Times today argues that Polish informer, collaborators
and spies of the past should admit it and be forgiven in a dialogue
of healing. No such call for US counterparts happy as pigs
in shit that its illegal to reveal their names, fuck healing they
chuckle in ex-spy conclaves.

A couple of people have accurately ID'd my father-in-law.
Okay by me to post it here, not that it's mine to call.

Cryptome Ex-CIA Link

[John Young]

http://216.167.120.50/cia-cryptome.htm

3 August 2000

A note from John Young, operator of Cryptome.

My father-in-law was a long-time career officer in the 
Central Intelligence Agency, one of its earliest members, 
and chief of station in several countries. He retired in 
1979, and is 80 years old. 

My wife, Deborah, and I met in 1993. She supports Cryptome 
with courage and much free labor.

While I have never discussed Cryptome with my father-in-law, 
according to Deborah he is strongly opposed to what it does 
and fears that it may damage his reputation if our 
relationship becomes public. 

My father-in-law has never discussed his career in my 
presence, not even used the term "CIA." As far as I know I 
have never met another CIA or other intelligence officer or 
agent. 

Despite his revulsion for Cryptome, I don't believe 
disclosing our relationship will harm his reputation. No 
more than Cryptome publishing names of intelligence officers 
and secret government documents.

For his family's privacy I won't tell his name here, for now, 
but it won't be hard to learn -- a search of the Internet will 
provide information. Some accounts call him "a legend," and I 
would like to learn more about that.

He's not talking to Cryptome, and that's regrettable, for I 
believe such knowledgeable persons should disclose everything 
they know about the global culture of secret intelligence and 
its profound effects -- to better inform citizens on the true 
way their governments function.

John Young (aged 64)
251 West 89th Street
New York, NY 10024
Tel: 212-873-8700
Fax: 212-787-6102
[EMAIL PROTECTED]

MI6 Ciphers and Comsec

[John Young]

Stephen Dorril's 1999 book on MI6 (just out in the US)
alludes to several ciphers and communications security
methods whose names he has disguised on legal advice, 
presumably to avoid violation of Britain's Official Secrets Act.

We would appreciate receiving information on these ciphers 
and methods for publication on Cryptome. Below are the 
excepts from Chapter 36 of the book with diguises such as 
"B***."

Full chapter and publication data:

   http://216.167.120.49/mi6-sd36.htm

[Begin excepts]

As part of MI6's obsession with security, a great deal of
time is spent on being indoctrinated in cipher and
communications work. Trainee officers are instructed on
how to encrypt messages for transmission and how to use
the manual B*** cipher which is regarded as particularly
secure. Used at stations abroad to transmit details of
operations, potential sources and defectors, B*** is sent
either via the diplomatic bag or by special SIS courier.
Officers learn about 'off-line' systems for the
encryption of messages such as N* - used prior to
transmission by cipher machines - and 'on-line' systems
for the protection of telegrams during transmission,
code-named H*** and T. They are indoctrinated
into the use of certain cryptonyms for forwarding
telegrams to particular organisations and offices such as
SIS headquarters, which is designated A. 

They also learn about code words with which sensitive
messages are headlined, indicating to whom they may be
shown. UK EYES ALPHA warns that the contents are not to
be shown to any foreigners and are intended only for the
home intelligence and security services, armed forces and
Whitehall recipients. UK EYES B includes the above
categories, the Northern Ireland Office, LIST X firms
engaged in the manufacture of sensitive equipment, and
certain US, Australian, New Zealand and Canadian
intelligence personnel liaising with the Joint
Intelligence Committee (JIC) in London. Additional code
words mark specific exclusions and inclusions. E**
material cannot be shown to the Americans, while L*
deprives local intelligence officials and agencies of its
content. Material for named individual officers,
sometimes at specified times, is headed D or D,
while particularly sensitive material about a fellow
officer or operation is known as D**.

An MI6 station is usually sited in a part of the embassy
regularly swept by technical staff for bugs and other
electronic attack. It is entered using special door codes
with an inner strongroom-type door for greater security.
Following all the procedures learned during training,
officers handling material up to the 'Secret' level work
on secure overseas Unix terminals (S) and use a
messaging system known as ARRAMIS. Conversations by
secure telephone masked by white noise are undertaken via
a special SIS version of the BRAHMS system. A special
chip developed by GCHQ apparently makes it impossible
even for the US NSA to decipher such conversations. 

Secure Speech System (H***) handset units are used by
SIS officers within a telephone speech enclosure. The
most important room is electronically shielded and lined
with up to a foot of lead for secure cipher and
communications transmissions. From the comms room, an
officer can send and receive secure faxes up to SECRET
level via the C** fax system and S* encrypted
communications with the Ministry of Defence (MoD),
Cabinet Office, MI5 (codename SNUFFBOX), GCHQ and 22 SAS.
An encrypted electronic messaging system working through
fibre optics, known as the UK Intelligence Messaging
Network, was installed in early 1997 and enables MI6 to
flash intelligence scoops to special terminals in the
MoD, the Foreign Office and the Department of Trade and
Industry. Manned twenty-four hours a day, 365 days a
year, and secured behind a heavy thick door, the cipher
machines have secure 'integral protection', known as
TEMPEST. MI6 officers abroad also work alongside GCHQ
personnel, monitoring foreign missions and
organisations."

[End excerpts]

JYA, Cryptome Help Request

[John Young]

We have finally been able to get the error log of jya and cryptome.
Assistance in interpreting logs would be appreciated.

Background: late Friday, July 21, service for both sites began to be 
very slow and there have been repeated outages since then. 

Our ISP, Digital Nation, has checked on our system several times during the
outages and had stated each time that there is nothing wrong except an
overload of hits, that our server is underpowered for the load. There is
no evidence of DoS or other attack. One administrator stated that due to
the volume of hits he could not access the machine, had to turn it off,
and then quickly get inside for review before the hits built up sufficiently
to prevent access.

On Monday, July 23, upon Digital Nation's advice that more CPU power was 
needed to handle the load, and that there was no other cause of the problem, 
we rented a more powerful server (about 8-fold increase) which should come 
online at the end of this week.

Declan's article ran on Friday July 21 day and the hits from it did not 
seem to affect the sites. Saturday, an AP story appeared but it did not 
include links to the site, however, Drudge Report picked up the AP story
and provided a munged link to jya.com: 

  http://jya.com/crypto.htmhttp://jya.com/crypto.htm

Thousands of hits on this non-existent file began to appear in the
error log, and there have now been tens of thousands of them (maybe in
the hundreds of thousands, no count has been made, and each is
multiplied by Digital Nation's error page with its graphics).

Late Saturday night a Washington Post article appeared which provided
a link to http://jya.com/crypto.htm. That article later appeared on
a number of popular sites. Later articles in Reuters, Financial Times,
also provided links, and the access log shows folks coming in 
from those sites without problems. Still, the Drudge errors were
predominant by far.

The size of the access log for the two sites jumped from ~11MB before 
the problem began (May 3 to July 21) to over 113MB in four days, a 
ten-fold increase.

The error log has jumped from 13MB  to only 15MB since July 21. (By far the
largest cause of previous errors is the pernicious "favicon.ico.")

Soon after the Drudge attack began, this entry in the error log started to
appear and repeated every few minutes, sometimes every minute (entries
numbered by us for reference):

(1)  (32)Broken pipe: accept: (client socket)

This entry had appeared only infrequently previously.

Several hours later entry (2) appeared dozens of times at the
same clock time:

(2)  [warn] child process 736 still did not exit, sending a SIGTERM

Followed by several iterations of entry (3) at the same clock time:

(3)  [error] child process 628 still did not exit, sending a SIGKILL

And then:

(4)  Site site1 has invalid certificate: 4999 Certificate files do not exist.
(5)  Site site2 has invalid certificate: 4999 Certificate files do not exist.

(6)  [crit] (98)Address already in use: make_sock: could not bind to port 80

(7)  [notice] caught SIGTERM, shutting down

(8)  Site site1 has invalid certificate: 4999 Certificate files do not exist.
(9)  Site site2 has invalid certificate: 4999 Certificate files do not exist.

(10) [notice] Apache/1.3.6 (Unix) mod_perl/1.21 mod_ssl/2.2.8 OpenSSL/0.9.2b 
 configured -- resuming normal operations

The pattern of these series of entries continues, with shutdowns and restarts 
repeating since Saturday, July 22.

During the outage period we have been sent frequent automatic messages like 
the following:

(11) Over the past fifteen minutes, the CPU has been heavily loaded.

 This will result in noticible performace loss.  Consider moving some
of the
 services to other Cobalt servers, or reduce the complexity of the CGI
 scripts running on the Cobalt server itself.

 1 minute load average: 27.79
 5 minute load average: 68.67
 15 minute load average:84.27

(12) Memory on the Cobalt server is heavily used.
 The Cobalt server needs more memory than it currently has.

 Consider adding more DRAM to the server.

 Total memory is:   162376 KB
 Used memory is:161012 KB
 Free memory is:1364 KB
 Percent used is:   99

(13) Your server (cob487) is not responding on the port (80) we are
monitoring -
 please let us know if this is going to be a permanent condition.

 If you have a support contract with us, and this is within normal
business 
 hours, feel free to send an e-mail to [EMAIL PROTECTED] or [EMAIL PROTECTED]
 regarding the problem you are having.

 If you are doing work on your server, you can reply to this message
and it will
 be noted by our SOC staff. If this is an unexpected problem for you,
you may
 wish to contact anyone else at your company who might be working on the 
 server to find out if they are aware of the situation.

 This ticket will remain open until the server is back online, is
accepting
 c

Re: Re: cryptome.org?

[John Young]

Ray wrote:

>IMHO, a better solution would have been adding a page for the wrong
>url to not report 404's but to report the content advertised.  I know
>it's The Druge Report's fault, but in this (web) business, it's the
>"right" thing.  Of course, it's JY's perogative to do as he wishes to.

We've been trying to get into the site to do just that, but haven't
been able to. The munged URL is weird. back-to-back URLs,
but we were told how to set that up as a page which would bring
up the correct info or direct to it. 

And we agree that running a site means asking for help in fixing 
work-arounds and not bellyaching about it.

And, and, the advice and goosing we get here, now for six years, 
has been fabulous, in many senses of that word. Thanks very 
much, in case I've not said it enough lately. Sniff. Fuck me.

Re: JYA down?

[John Young]

The sites have not been yanked, though they are
nearly inaccessible.

The server of both sites is still clogged by massive hits, 
and it shuts down automatically when it reaches its
limit. Our ISP, Digital Nation, a Verio branch, worked
yesterday to restart, but after restart the hits soon
overwhelm. We expect to add capacity today which 
could not be done over the weekend.

Both jya and cryptome are virtual domains run on
a single dedicated server, so both die when the box
fails. Shit, we switched to a rented server to improve
service, but what we lost was the backup of 
interconnected boxes which seem to have prevented
this happening in the past -- there have been days
when total hits exceeded 100,000 (Slashdot, etc.), but 
usually the load runs 10-15,000. Don't know what the 
count has been since the news broke, the logs are 
intermittent.

Access is possible for a 10-15 minutes, very slowly, then 
down it goes. Still, there are accesses up in the range of 
our usual traffic before shutdown. And Drudge's munged link is
still running riot.

Now it's possible there's a DoS going on, or somebody
is messing with DNS, or something else. Digital Nation
says it's is only the overload. If there is official interference 
I don't think DN would be allowed to tell. In any case,
when I can get access to the logs, I can see the heavy
load before the box whimpers and dies. And the server
sends out automatic notices that death is coming,
pull up, pull up.

We are sending the CIA-PSIA files by e-mail in the
meantime. The same pack sent here. Mirrors of them
are up or getting up:

  http://www.openpgp.net/censorship/psia/

No news of Noda.

Source of CIA PSIA Docs

[John Young]

The person who sent the CIA and PSIA docs gave
permission today to reveal his name: Hironari Noda,
a former officer in PSIA. He wrote that he had been
arrested in Japan for previous disclosures so has 
"nothing to lose by being named." Noda's message
was not verified, but we've got a CIA certificate for 
Hironari Noda's completion of the Intelligence
Analysis Course featured on Cryptome.

RE: FBI Requests File Removal

[John Young]

Special Agent James Castano said the call he made to me
was his first for matter like that. He was friendly, open, answered
all my questions the best he could, and asked others if he didn't
know. We chatted about the DeCSS trial here in NY. His unit he 
said deals with computer crime, IP violations, trademarks, so he 
knew about DeCSS and the trial.

It was when he passed me to his supervisor, Special Agent
Dave Marzigliano, to asnwer a question about publicing their
e-mail address, that the tone changed, slightly af first as he
repeated what James told me but in a somewhat more
commanding fashion, then closing with the threat -- which by
the way was not connected with the Japanese request or the
list of names, but with the revelation of the agents' names. That
is what surprised me: why their names needed to be concealed,
not for personal privacy as I had originally thought and had offered
to do, but for some unexplained reason which apparently jumped
to Dave's attention and caused him to aggress. James never
acted aggressive, nor did Dave during most of his remarks --
he said he appreciated my First Amendment position on the
lists.

Now it may have been a good/bad guy routine, but at first there
was no bad from either, only at the end. Was I offensive, maybe,
but I was excited about finally getting the official poop on these 
gov-gov favors and wanted to tell a full account. Jeeze, maybe
I sounded like a real reporter, waffling on keeping a promise, and 
Dave picked up the signal based on his wiser experience than
young James had. Maybe Dave smelled a trap, maybe he was 
being monitored, after the NY office got burned a few months
back for browbeating an ISP to yank a site. Certainly when James 
told me to hold for his supervisor there were a lot clicks setting
up the recorder for what Dave would say -- which may be why he
repeated the Japanese request in officialese, then barked the
threat, almost as if he was being semaphored to do so.


Thanks for the support, but I don't think much will come of the
threat. It was part of the favor, to make a persuasive tape for the 
Japanese. Now if only the Japanese will come acalling.

BTW, we were told this morning that the lists had been sent
to alt.security.espionage at the same time they were sent to
us, that they had been previously published in Japan (the FBI
said this too), and that the person who distributed them is known
in Japan. So the stuff is fairly widely distributed, not quite as much
as DeCSS but moving fast.

Related docs are still coming in, though, every few days, so
Carnivore is getting its feed.

FBI Requests File Removal

[John Young]

To: [EMAIL PROTECTED]

July 20, 2000

Federal Bureau of Investigation
NCCS, New York
C37

Dear FBI,

This confirms my telephone remarks today that I decline
your request to remove the list of members of Japan's 
Public Security Investigation Agency posted on Cryptome:

  http://cryptome.org/psia-lists.htm

The file shall not be removed except in response to a US 
court order.

You have informed me that your telephone request to remove
the list was made at the request of the Japanese Ministry of
Justice and that no US criminal investigation is underway in this 
matter.

You said that you will convey to the Ministry of Justice that I
have declined to remove the list and that I should expect
to be contacted directly by the Ministry of Justice as a result
of declining to remove the list.

You said that you will speak to the US Attorney and call me
again.

I have agreed with your request not to identify the two FBI Special 
Agents to whom I spoke today.

I told you that I would be publishing an account of this on Cryptome.

Regards,

John Young
Cryptome

Flakes

[John Young]

NYT reports today on a patent for a system which samples
the plume of dead skin flakes which rise from humans to 
identify carriers of bombs, weapons, contraband, dirty money, 
narcotics, chem-bio warfare ingredients, nuclear materials, 
and other hazardous material. The devices could be set up 
at airports or elsewhere to more speedily process all passengers 
rather than the few selected by lethal profile for examination
by other systems.

The Times notes that privacy protection is not covered in
the patent, number 6,073,499. See  or:

  http://www.patents.ibm.com/cgi-bin/viewpat.cmd/US06073499

The story says that the outer layer of human skin is completely
shed and replaced every one or two days, and the flakes rise
on warm air of the body in a plume that can be captured by
the device for sampling. The flakes would carry evidence of
whatever is on the body or has been on it recently.

It is not clear if each human could be identified by its unique
who-is flakes, of a particular algorithm, pattern, odor, hue, stench, 
malice, hopes, dreams, lies, coitus inanimus.

Could flakes be faked, substituted, peddled, sealed against shed?
How to beat the device when your mate says step over here
sumbitch.

Re: CIA pdf

[John Young]

The PDF files are the secret CIA report on the overthrow of
Mossadeq in 1953, made available on the New York Times
web site:

   http://www.nytimes.com/library/world/mideast/041600iran-cia-index.html

Redactions of names in the report of Iranian participants were 
made digitally by the NYT, and I discovered that by halting the 
page load before the blackout occurred, I could read all the 
redacted parts -- Iranians who worked with the CIA and British 
SIS to carry out the overthrow.

The Times revised its redaction technique on the report 
to prevent this, after I told them about the discovery and sent a 
sample of recovered redactions.

The Times (Rich Meislin, editor of the online site) urged me not 
to publish the recovered information in order to protect the families 
of the persons named from retribution -- as the Times had intended
to do but failed to grasp the weakness of digital security.

I posted this incident to an intelligence-related mail list (Intel Forum)
and was there also urged not to published the redacted information
and "put innocent lives at risk."

However, I had already posted the means to gain access to the badly 
concealed information of the report, and others had duplicated
the discovery -- so the names are out but not yet in the news.

There is a global version of the Unofficial Secrets Act at work
now to keep the names of official killers out of the news, news
as orchestrated by "responsible publishers."

SilentRunner Resend

[John Young]

The Wall Street Journal reports today on Raytheon's
snooping program, SilentRunner, which is claimed to
be the best yet for snooping on computer users and
for being undetectable by ordinary computer users. It utilizes
a TA algorithm to search for suspicious patterns as
well as keywords. Crypto in particular can be singled out
as well as other non-ordinary communication. It passed 
NSA's SPOCK evaluation. 

Several unnamed spy, law and gov agencies have purchased 
copies at $65,000 a pop. The program was invented by 
ex-spooks. While available for select clients months ago it is 
being publicly announced today as a great tool for snooping
on workers. Here's Raytheron's site for it:

   http://www.raytheon.com/c3i/c3iproducts/c3i021/c3i021.htm

And a brochure in PDF:

   http://www.raytheon.com/c3i/c3iproducts/c3i021/images/srunner.pdf

A related item:

As part of Lockheed Martin's settlement agreement with the USG
for illegally exporting satellite technology, it has agreed to use
$5M of the $12M fine to set up a computer access system for the USG
to tap into all LMCO's export deals in order to monitor the firms
activities.

Which raises the question of what other US exporters have similar
real-time tapping of their export deals. If there are any, would such 
arrangements be known to the technologists, say, at ZKS, NAI, MS, 
RSA, IBM, Cylink, HavenCo ... well, not the last -- maybe not yet.
Or are the taps there but covertly, even to investors.

Which comes back to SilentRunner's, and similar program's, claims 
of being undetectable. How does SilentRunner compare to DIRT?

Are there defenses against these sneakthieves?

SilentRunner

[John Young]

The Wall Street Journal reports today on Raytheon's
snooping program, SilentRunner, which is claimed to
be the best yet for snooping on computer users and
for being detectable by ordinary computer users. It utilizes
a TA algorithm to search for suspicious patterns as
well as keywords. Crypto in particular can be singled out
as well as other non-ordinary communication. It passed 
NSA's SPOCK evaluation. 

Several unnamed spy, law and gov agencies have purchased 
copies at $65,000 a pop. The program was invented by 
ex-spooks. While available for select clients months ago it is 
being publicly announced today as a great tool for snooping
on workers. Here's Raytheron's site for it:

   http://www.raytheon.com/c3i/c3iproducts/c3i021/c3i021.htm

And a brochure in PDF:

   http://www.raytheon.com/c3i/c3iproducts/c3i021/images/srunner.pdf

A related item:

As part of Lockheed Martin's settlement agreement with the USG
for illegally exporting satellite technology, it has agreed to use
$5M of the $12M fine to set up a computer access system for the USG
to tap into all LMCO's export deals in order to monitor the firms
activities.

Which raises the question of what other US exporters have similar
real-time tapping of their export deals. If there are any, would such 
arrangements be known to the technologists, say, at ZKS, NAI, MS, 
RSA, IBM, Cylink, HavenCo ... well, not the last -- maybe not yet.
Or are the taps there but covertly, even to investors.

Which comes back to SilentRunner's, and similar program's, claims 
of being undetectable. How does SilentRunner compare to DIRT?

Are there defenses against these sneakthieves?

RE: Trusting HavenCo [was: Sealand Rant] CPUNK

[John Young]

Lucky:

>I agree with Peter in that Sealand may wish to consider adding a nuke to
>their budget of small arms. Nuclear powers are the only sovereigns that
>command any kind of respect from the other members in the club.

Kick that N up to BC arms so the start-up budget is doable. The cost of
a suitcase nuke is about that of a fully loaded 18-wheeler (~$150K) while
B or C fannypacks can be obtained for <10K. Say there are a half-
dozen sysadmins on Sealand (if any), each could wear one of these
which would activate if any server is improperly tampered with. Say 
you love the sysadmins, then have them wear BC protective suits 
under the fannypacks. Say you wonder if a sysadmin will freak
from seabreezed gullshit and mistakenly tamper with a server, then 
have the fannypack contain an injection kit that will VX the nut if a
PAL is mishandled. Say you wonder if all the sysadmins will freak
from bonephone attack by the TLAs, then ban headsets at work.
That will reduce the pool of employables to <1. If the servers
can indefinitely run without human intervention, pack Sealand
with Ebola strains, cover those containers with quilts of GB,
all rigged to activate with power loss or server tamper.

If this is uninteresting stick with interstate flattening of Beetles.

Cpunk Subscribers

[John Young]

Here today's tally of CDR subscribers, by way of "who" command:

  841  [EMAIL PROTECTED]
  115  [EMAIL PROTECTED]
   50  [EMAIL PROTECTED]
   31  [EMAIL PROTECTED]
8  [EMAIL PROTECTED]
-  [EMAIL PROTECTED] - "who" disabled
-  sunder.net - "cypherpunks" not recognized
-  [EMAIL PROTECTED] - no such list "cypherpunks"
-
1,045

---

I remain subscribed to cp-unedited from the old days and 
am also subbed to cyberpass. And there are a lot of 
venerable cpunk names on unedited you never see elsewhere 
though its unclear if all 841, or any, get messages from 
the CDR nodes, or if toad only forwards to the nodes but 
does not receive from them. When I send a test message to
[EMAIL PROTECTED], toad does send it to me and shortly it
comes in from cyberpass as well. A message to cyberpass does
not produce a duplicate from toad.

So do those 840 other cp-unedited subscribers ever get mail 
from the nodes, or are they quietly enjoying be left asleep? 

Cpunk Havenco

[John Young]

More information would be appreciated on Havenco,
reported on by John Markoff in today's New York Times.
It is a project to set up an off-shore data haven on Sealand,
a former anti-aircraft structure six miles off the coast of
England which declared itself a sovereign nation a few
years back. Havenco's founders are said to be "loosely 
associated with a movement of American computer mavens
known as 'cypherpunks,' a largely libertarian group
espousing the idea that advanced computer encryption
techniques can create electronic privacy and provide
freedom from potential government Big Brothers."

Sean Hastings is named as the CEO and co-founder
of Havenco. Havenco founders "are hoping that the
installation, connected to the Internet by high-speed
microwave and satellite links, will become a refuge from
governments increasingly trying to tame and regulate
the Internet."

Legal experts, most ex-gov, doubt the venture will escape
government intervention; one said, "the flaw in the Havenco
plan was that cyberspace markets must still have points of
contact with the world's conventional economies." The failure 
of a similar effort in Anguilla is noted.

A photo of the outlaw platform is shown. It appears to this
eye a prize-winning piece of architecture, unimproved by
horrified professionals who would intervene to make it
safe and pretty as if Martha Stewart was not hiding billions
there.

Microsoft Stonewalls NSA_key Exchange

[John Young]

Duncan Campbell has provided his latest exchanges with
Microsoft on the NSA_key, which Microsoft has now refused
to continue (see letter below):

   http://cryptome.org/nsakey-ms-dc.htm

-

12 May 2000

Dear Richard [Purcell, Director of Corporate Privacy, Microsoft],

You will recall talking to me at the Computers Freedom and Privacy 
2000 conference. You said then that you wished to resolve the questions 
that had been raised about the "NSA_key" in CAPI, and invited Mr Scott 
Culp to correspond with me and answer my questions.

As will have seen, Mr Culp has now refused to continue the correspondence, 
after he was asked by me to provide specific, direct answers to questions 
I asked. He then offered as his reasons for so doing so a number of 
observations which simply did not stand up to scrutiny. When I pointed 
this out to him, he ceased to correspond entirely.

This type of behaviour is not merely impolite, it is intellectually 
dishonest and evasive. It is bound to raise suspicion that Microsoft 
does have something serious to hide about its conduct. It further puts 
in question the integrity of MS systems offered for sale overseas. So 
far as I am concerned, if Microsoft now adopts a position of belligerent 
silence, I am more concerned about the security of its systems than I 
was when I spoke to you a month ago. Then, I was entirely open to the 
idea that Microsoft might be able to prove that its conduct could be 
innocently explained. I now observe that this, apparently, is not the 
case.

If you confirm that that is the position, so be it. The issue will not 
die, even if you now wish to hide from it. Next month, it is expected 
that European Parliament will set up a temporary committee to look 
further issue into the information security and surveillance matters 
which have aroused much concern over the past 2 years. The subject of 
the security of US software including this issue, will be on its agenda.

Yours sincerely,

Duncan Campbell

htaccess help

[John Young]

We need help on analyzing the adverse effect of using
.htaccess to block misbehaving IP addresses.

We first installed the file in September 1999 to block a
single looping machine at kisa.or.kr. Then added a few
more as such loopings occurred from other addresses.

Recently we discovered that nearly all our logfiles have been
inaccurate and asked our provider, Verio, to tell us why. Turns
out the culprit was .htaccess, according to Verio. We were 
blamed for listing hostnames to block rather than numeric
IP addresses, which led reverse lookup to go haywire (see 
message below).

Removal of .htaccess immediately stopped the inaccuracies,
and reinstallation with only numeric addresses seems to
work just fine, so that seems to have been the problem.

We are attempting to analyze the inaccurate logs for a particular
brief period and cannot find a pattern which would produce accuracy.
(Yes, we regularly delete logfiles to protect privacy) Verio claims 
that the inaccurate logs were generated automatically and there is 
no way to regenerate them accurately.

Help would be appreciated on means to figure out how to translate
the inaccuracies into accuracies. This involves only about two dozen
logfile entries we need to accurately identify (more on that when the
details can be substantiated -- it's about gov-snooping).

A related odd discovery: Last December, visitors from ncsc.mil,
including what we call the "NSA bot," disappeared from the logfiles.
We assumed the site was no longer of interest or that cover
addresses were now being used.

Well, maybe wholly coincidental, when we removed .htaccess
a few days ago the ncsc.mil addresses, including the NSA bot, began 
reappearing in the logfiles. Reinstallation of .htaccess with only numeric
addresses has had no affect on the ncsc accesses.

Would anyone know what to make of this?

--

From:  David Klein <[EMAIL PROTECTED]>
Subject: Re: [IDS-946244] CRYPTOME.ORG and JYA.COM 
To: [EMAIL PROTECTED]
Date: Fri, 12 May 2000 07:41:55 -0400 (EDT)

Dear John,

Thank you for contacting technical support. In response to your questions:

Our Apache implementation has HostnameLookups turned off - the 
access_log.custom file should NOT have hostnames in it. The lookups are 
done by logparse/logip when the servers' master log file is parsed. However, 
you had a bunch of 'deny from' directives in his .htaccess that used 
hostnames:

[addresses xxx'd here for privacy]


order allow,deny
deny from 165.xx.xx
deny from xxx.virtualwebsites.com
deny from xxx.att.com
deny from xxx.att.com
deny from xxx.att.com
deny from xxx.nj.dial-access.att.net
deny from 208.xxx.xxx.xxx.flyswat.com
allow from all


This forces Apache to look up the hostnames, so it knows where to 
deny from. Since they are already looked up, they are put into the 
log. So, when logparse runs, it takes the hostname, thinks it's an IP 
address, and tries to reverse it - with unpredictable results. You will 
need to put only IP addresses in your .htaccess file. We tried 
commenting out the entries with hostnames and then only IPs 
were logged - which would be correctly parsed by logip. I hope 
this clarifies things a bit more for you. If you wish to find some more 
information about Apache configurations, please take a look at
http://home.verio.net/support/hosting/htaccess.cfm. There are also 

some links there for more detailed information about Apache 
modifications. If you have any other questions, please feel free to 
contact us. Have a good day.

Sincerely,
David K.
Tech Support

Re: Did MI5 finally kill John Young?

[John Young]

Cryptome is down due to a glitch in switching to a new
server. Should be up again today, unless this is MI5
sucking your brain.

MPAA v. 2600 Defendants' Reply Brief

[John Young]

Thanks to the 2600 legal team we offer the defendants' reply
brief to MPAA's motion to ban linking and a cross-motion 
to vacate the preliminary injunction against offering DeCSS:

   http://cryptome.org/mpaa-v-2600-rb.htm  (248K)

It includes supporting, quite informative declarations by:

Harold Abelson
Andrew Appel
Chris DiBona
Bruce Fries
Martin Garbus
John Gilmore
Robin Gross
Lewis Kurlantzick
Eben Moglen
Matt Pavlovich
Bruce Schneier
Barbara Simons
Frank Stevenson
Dave Touretsky
David Wagner
John Young

Updated A5/1 Paper

[John Young]

Adi Shamir has provided "Real Time Cryptanalysis of A5/1 on a PC,"
an 18-page paper by Alex Biryukov, Adi Shamir and David Wagner 
presented at the Fast Encryption Software Workshop in New York City 
on April 10. It is an updated version of the December 1999 preliminary 
draft by Biryukov and Shamir.

HTML:  http://cryptome.org/a51-bsw.htm (text, 55K; 6 images, 156K)

Original Postscript: http://cryptome.org/a5.ps (297K)

Zipped Postscript: http://cryptome.or/a5.zip (104K)

MI5 Asks FBI Help

[John Young]

The UK Sunday Times reports today:


http://www.the-times.co.uk/news/pages/sti/2000/04/23/stinwenws01014.html

  "MI5 has requested the assistance of the American 
  Federal Bureau of Investigation in tracking down and 
  erasing copies of the document from the internet. 
  Officials are particularly concerned about the release 
  of details of a hitherto unknown intelligence gathering 
  procedure called "telecheck", a system for filtering 
  phone traffic to trace, identify and record important calls."

The document is a top secret MI5 report on Libyan 
intelligence service activities in the UK, December 1995:

   http://cryptome.org/mi5-lis-uk.htm

Publication of this URL is forbidden in the UK by HMG.

Cryptome's ISP, Verio, has inquired about the doc, in
response, it says, to a "British intelligence agency's"
request to remove it. After discussion Cryptome declined
to remove the doc except by court order, and sent an 
e-mail to Verio asking for information on the source and 
method of the request:

   http://cryptome.org/mi5-verio.htm

Verio's president's office called Friday in response to the
letter to say that it will investigate the request to remove the
doc and let Cryptome know. The Verio rep said she was
amazed that the Brits would ask without written grounds.
Based on the Sunday Times report, it's probably that it was 
the FBI who contacted Verio legal with a verbal request.

Exodus Communications ordered Mathaba.net yanked
last Sunday for mirroring the document. A threat was
made by Exodus to NameSecure, a forwarding service for 
Mathaba, to either yank the site immediately or NameSecure
would be shutdown. A telephone inquiry to Exodus's office
of "Policy Enforcement Manager" has not been returned.

Downloads of the doc since April 14: ~8,000. 

CIA on GAK

[John Young]

Greg Broiles has provided two FOIA documents from the
CIA in September 1996 to Clinton and Gore on the US's 
plan to promote key recovery encryption worldwide, to 
assure continued US dominance of the cryptography 
market and to fulfill the wishes of intel and law enforcement 
of the US and allies:

   http://cryptome.org/cia-gak.htm

The docs say that should events turn out differently than
planned, the US can rescind any crypto permissions for
export, or, by implication, for domestic use, in the name of
national security and law and order.

Justice and the FBI was then as now pushing for mandatory 
key recovery domestically as well as internationally.

The steps to implement the plan are of current interest
for the description of how to involve private industry, to
assure obedience, and to head off anti-GAK legislation.

What is not provided is identification of which industry 
members went along with the plan and are likely 
continuing to do so.

The key recovery plan remains in effect, in the US and 
other nations. The Web site which describes USG actions 
which evolved from the CIA docs:

   http://csrc.nist.gov/keyrecovery/

Re: Looking for Jim Bell

[John Young]

Now how in hell can it be determined if Jim is wolfing
for the feds to bring in the lambs?

What the hell has he been fabricating for Jessica Stern
and Declan, and whose names are they taking to report
on and testify against next, quoting Jim's amazingly
selective memory?

What the hell is this national tour he's planning to finger
whoever meets with him?

What have motherfuckers Jeff Gordon and Robb London
got cooking this time to keep the old conspiracy fires
aburning?

Hey, Jim, if you really want to AP the feds go for the
homeboy hostage takers you've fallen in love with.

Otherwise fuck yourself and brag it's AP, federal hoke
for luring targets.

And, now that I had a moment to clear my adenoids, fuck 
you Declan and Jessica -- touting AP for shrill thrills
sucks, or worse, encourages the motherfuckers to arrest
and indict for bonuses and Roy Bean justice .

Re: Re: Crypto-Anarchy/Anarcho-Capitalist Errors in Understanding

[John Young]

Jim,

Your understated messages, following quotes of those by
Declan McCullagh and Tim May, are the best ever, I think. 
I am dumbfounded by their profundity, subtlety, eloquence,
impenetrability, clarity, wit, generosity, amazing gracefulness.
How do you do it? The purity of an unmarked canvas.

Now it is possible that your DSL is so fast that it outran your intent
to say your customary, if so, I withdraw this message.

For the pleasure of awed repetition I duplicate the masterpieces
in their entirety:

-

Date: Wed, 12 Apr 2000 18:17:31 -0500 (CDT)
From: Jim Choate <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CDR: Re: Crypto-Anarchy/Anarcho-Capitalist Errors   in  Understanding
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 12 Apr 2000, Declan McCullagh wrote:

> Well, here's what you wrote. You were somewhat incoherent. Do you wish to 
> retract it?
> 
> I don't know what you mean by "usualy" twist and turn -- I posted only once 
> in this thread

--

Date: Wed, 12 Apr 2000 17:56:23 -0500 (CDT)
From: Jim Choate <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: CDR: Re: WSJ: Who will issue digital IDs...
In-Reply-To: 
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 12 Apr 2000, Tim May wrote:
> First, we have seen a lot of political junk discussion here lately, 
> about the tired subjects of socialism, Microsoft, Nazis, and 
> (presumably) even Heinlein.

[ 
> Second, code is indeed preferable to rhetoric.

> However, importantly, it is clear from recent discussions on the list 
> and from at least one recent physical Cypherpunks meeting, that an 
> increasing number of participants "just don't get it."
> 
> There was, for example, a proposal by some people at a recent meeting 
> that Cypherpunks should set up their own "certificate-issuing 
> authority."
> 
> This is a terrible direction to go in.
> 
> Apparently we are not discussing politics _enough_.
> 
> "Cypherpunks write code" may be a nice mantra, but when Cypherpunks 
> write code in furtherance of statist and centralized missions, the 
> results are awful.
> 
> Let Verisign do anything it wants to do. A free country and all. But 
> monkeywrench any and all attempts to make such "identity credentials" 
> mandatory. In particular, do nothing to promulgate central 
> Cypherpunks signature authorities.
> 
> --Tim May
> 
> -- 
> -:-:-:-:-:-:-:
> Timothy C. May  | Crypto Anarchy: encryption, digital money,
> ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> "Cyphernomicon" | black markets, collapse of governments.
> 

-

Why Crypto Fails Privacy

[John Young]

During a break in FSE yesterday Ross Anderson offered 
comments on why crypto could not protect privacy against 
weak comprehensive systems security. Much of what he 
said was confirmed by the news report today on new Dutch 
privacy invasion law for intelligence and law enforcement.

He stated that traffic analysis is surely the greatest threat
to privacy, and that there are programs in use by law
enforcement and intel agencies -- with more advanced 
versions in the works -- that can log and analyze TA for
global communications, thus greatly reducsing the need 
to process the full floor of communications that the NSA
complains of being unable to do.

>From that TA the agencies can identify targets for black bag
job. And that crypto -- even end to end -- will not protect
against bugs surreptitiously planted in those locations
pinpointed via TA for acquiring vox and plaintext data
outside the crypto loop.

Ross said TEMPEST threats should not be overrated, and
do not pose anywhere near the threat of TA and black
jobs.

I called his attention to the CRISIS report which recommended
widespread use of strong encryption coupled with increased
funding for other, unnammed, technologies for law enforcement.
And that TA and black bag jobs had been mentioned as candidates
for those unnamed technologies.

We swapped tales about the weakness of bricks and
mortar architecture against black jobs. And he noted
that systems security is especially vulnerable to architectural
attack, more so than many engineers trained in electronics
are aware.

Recall that the CIA's Special Collections Service performs 
black bag jobs which have been identified as needed 
by NSA intercepts, especially where encryption is used:

   http://nsa-cia-scs.htm

The other day we transcribed a 1979 set of NSA specifications 
for SCI facilities such as vaults, secure working areas and entire
buildings, which include a fair amount of systems security 
recommendations for architectural vulnerabilites -- various 
types of alarms, building construction, guards and response 
times -- as well as electronic sensors for equipment.

   http://cryptome.org/nsa-scif.htm

To supplement that there's Willis Ware's classic 1967 study 
for the Defense Science Board on computer security:

   http://cryptome.org/sccs.htm

In another indication of evolving policy on intrustive technoloy
Willis says that he is not being re-appointed to the chair
of CSSPAB, that new blood is being called for by the go-go
folks pushing closer working relations with government
and commerce at home and around the globe. He, too, 
wonders what will happend to privacy as invasive technologies 
move from natsec labs to the commercial world of suck data
made so convenient by computer and network technology.

Whether any of this will be fundamentally challenged by the
House hearings tomorrow and upcoming on legal authorities 
of NSA and the intel communicy, remains to be seen.

Re: Republican Leadership's dot.gov Scam?

[John Young]

"We" is .gov victims. Who aren't going to take it anymore.
We are going to assure that governments do the right thing, 
wither away. Enough is enough. We are certain that if good 
people insist on government wither that will make it happen. 

We are not naive. We know that government works hard to 
prevent wither, and intelligence and police agencies are
its main defenders against witherers.

Government does not wither willingly. It must be reminded 
every generation to do so. Then it will. Once its defenders
get better jobs in .com.

Are we naive about withering .com? No, for if we can wither
.gov milk, .com will starve.

Re: Republican Leadership's dot.gov Scam?

[John Young]

Moreover, it is fairly common for government agencies to
contract with a commercial service for Web services, one
reason is for more reliable service than is available on
government servers. Other agencies use commercial
ISPs to cloak their surfing activities. Law enforcement and
intelligence agencies in particular. In some cases agencies
have several domains: .mil, .gov and .org. See, for example,
NRO listed in both .mil and .gov whoises, and maybe .com
for senior personnel eyeballing XXX -- no, this is not a 
cheapshot at Deutch, nor a whiskey shotglass at Woolsey

We've got a global campaign going to get all the world's 
government agencies to use machines identified as such 
when using the Web for official business, and to cut out the 
sneaky use of one-way eyeshade. In the US the NSA and FBI 
are the guiltiest of not showing their badges when stinging and
zinging their source of legitimacy.

Net Moles

[John Young]

France's Le Monde yesterday had a long piece on Echelon 
which closed with speculation about alleged ex-spies going
into commerce around the world as moles and reporting
back economic espionage to the agencies which sent
them out for this purpose under guise of downsizing, or
as with undercover narcs police departments, trained 
new recruits to go directly into business under cover. 
The article:

   http://cryptome.org/echelon040100.htm

Any leads on such covert e-commerce types, or journalists,
or teachers, or lawyers, or physicists?

We got an extraordinary story yesterday from a stranger,
involving an ex-CIA federal prisoner, covert business persons, 
recruits, the Mafia, the IRA, and so on.

And another last week about betrayals concerning a novel, very
cheap means of chip fabrication, suppression by IBM, NSA treachery, 
sleazy New York State pols expropriating the patents, suicide, murder,
exports to China, threats to US national security, and so on.

If we had genuine press credentials we would publish these as 
breaking news. If we were official spies we would edit them for easy 
reading and send them to the NSC and the full technical, detailed 
specs versions out to our buddies in business -- who may be the 
dual-use authors churning the DTRA data.

Net Libel

[John Young]

The NYT today reports on the UK's Demon Internet paying 
a wad of money to Laurence Godfrey, a physicist allegedly 
libeled on a news group, soc.culture.thai, first on January 12, 
1997, there again later, and subsequently on uk.legal.

Phill Hallam-Baker is mentioned as having been required 
in a separate 1994 case to pay a "substantial" amount to 
Godfrey for libel.

All this took place under strict British libel law. US experts say 
that such cases would be very difficult to win under US law.

Questions are raised about whether US ISPs might be
liable for damages if libelous messages are posted that are
available in the UK. Legal advice to such ISPs is to own
no property in the UK or it will be at risk.

Which leads me to ask if anyone archived the libelous
messages which riled Godfrey. 

Phill, whatever did you say about your thin-skinned litigous 
colleague?

Cellular Modem TEMPEST

[John Young]

Last summer World Net Daily published an article on
a hacker group called "Hong Kong Blondes" in which
the hackers claimed  that compromising electromagnetic
emanations from computer equipment could be acquired
up by cellular modems. 

Can cellular modems be used for this purpose? If so,
what is involved in setting them up for it?

Here's the article excerpt:

  As time progressed, members of the Hong
  Kong Blondes leadership told WorldNetDaily
  they began actually to install codes within the
  PLA computer mainframes. By using cellular
  modems, they were able to monitor the
  electromagnetic signals emitted by PLA
  computers by remote means. The Blondes even
  planted transmitters within the offices of the
  Chinese government, People's Liberation Army
  and foreign corporate headquarters in order to
  monitor their activities and infiltrate their
  computer networks.

-

MPAA v. 2600

[John Young]

Martin Garbus, an internationally distinguished New York 
attorney, and his firm have been retained by the defense in 
the New York MPAA DeCSS case. Two of the three defendants 
have withdrawn under consent agreements, leaving only the
magasine 2600, which succeeds its publisher, Emmanuel 
Goldstein, as defendant. At a hearing on Monday a trial date 
was set for December 5.

Mr. Garbus has provided an intra-office memo on his firm's
participation and his CV:

  http://cryptome.org/mpaa-2600-mg.htm

Excerpt:

The Firm has been retained in a very interesting and potentially
precedent-setting case involving the DVD industry. It is one of 
the first and most significant cases involving the Digital 
Millennium Copyright Act (DMCA), copyright, fair use, and the 
First Amendment. We represent a journalist who posted a de-encryption 
code on his magazine's website that permits DVDs to be played on DVD 
players without the otherwise necessary authorization software. 

We have been retained to represent Emmanuel Goldstein, a journalist 
who posted DeCSS on his website, 2600.com. The website and his 16 
year-old 2600 Magazine are long-standing and very respected media 
commentators on the Internet and particularly "hackers" and hacking.

As it winds its way through the District Court, the Second Circuit 
and the Supreme Court, this major lawsuit may be the litigation that 
determines:

+ the constitutionality of the DMCA's very broad access prohibitions,

+ the application of the First Amendment to the DMCA and encryption, and

+ the interaction or survival of Fair Use and DMCA 1201 (a)(2)

End excerpt

Re: French InfoSec Initiative

[John Young]

Barney Wolff wrote:

>IR != RF.

Woops, I screwed that. Here is the original French, and
I'd appreciate an accurate translation of "radioélectrique."
First I thought it was electromagnetic, then radio-frequency,
then infra-red. My native language is grunt, s'il vous plait.

-

Les risques inhérents aux claviers radioélectriques

Tout rayonnement radioélectrique risque d'être intercepté 
et, moyennant un traitement approprié, de révéler le sens 
du signal qu'il propage. Des expériences menées au 
SCSSI ont montré que ce risque existe en particulier 
pour les systèmes où un rayonnement radioélectrique 
assure la liaison entre un micro-ordinateur et son clavier.

Il a été observé que tout conducteur métallique se 
trouvant à proximité du clavier émetteur (fils du secteur, 
câble Ethernet, câble téléphonique...) peut conduire 
et propager le signal utile à une distance nettement 
supérieure à celle du rayonnement direct du clavier. 
Réaffichée sur un micro-ordinateur "espion", toute 
frappe sur le clavier radioélectrique apparaît alors 
en clair, même pour les mots de passe dont les 
caractères sont masqués sur l'écran d'origine.

-

French InfoSec Initiative

[John Young]

Yesterday France initiated a new information security
administration whose aim is to counter the panoply of
digital threats involving economic espionage, cryptology, 
TEMPEST, snooping, PW snarfing, DDoS, Echelon and 
a few that are new to me:

   http://cryptome.org/dcssi.htm

It recounts a bit of research carried by the predessor
agency, SCSSI, on a variety of digital intrusions, some of
which are worth reading to get up to speed on what is
not yet on the market, and may be indications of what
is in use by intel agencies not yet public.

No doubt, there are some here who will find nothing
new, but if that's the case why have we not been briefed
on unpublished threats to vigorous dissidence.

A small example: emissions of IR devices such as those
used to carry signal from keyboard to box, or box to 
peripherals, can be picked up and broadcast by unintential 
antennas like cables and other metal objects in the vicinity, 
and deliver exact copies of what is being typed at a
"spying-configured screen" distances much further away
than the RF signals themselves travel. This includes data
that never appears on the screen of the originating system.

This is a variation on the TEMPEST threat, to be sure,
but I had not seen the the case of amplication of IR signals.
What is the method for TEMPEST-proofing IR devices?

Cryptome CD

[John Young]

Cryptome offers a CD of the full archive from June 1996 
to March 14, 2000. About 4,000 files, with hyperlinked lists 
of contents, 300MB. Price $100. E-mail requests with 
mailing address to: <[EMAIL PROTECTED]>. Pay after you get it.

RE: Brands on privacy

[John Young]

Austin Hill wrote:

>If within these functions, there exists a market demand for payor and payee
>anonymous digital cash, then you can be assured that some ambitious startup
>will license from us and attack that market.

I would appreciate being placed as close to the front of that applicant list
as you can squeeze me. However, always however, would you swear in
the blood of your top intellectual capital not to tell anyone who might want 
to attack me for this sorely needed public service. 

Seriously, Austin, would you grant a license to me, as an absolutely 
undisclosable anonymous, via, say an untraceable ZK disconnect? 

I would not like to have to betray my private customers to save my 
investment, rather to keep their vengeful dogs at bay from my loved
ones in hock. Tough customers, mine.

And, a bit of old business, how goes your meetings with the
authorities, say Treasury in the present instance.

RE: Vin McLellan & Charles Mudd On Denial of Service Attacks

[John Young]

>>Ooops, sorry Tim! On the net you both look alike you know.
>>I'll get it right in the book.
>
>Still not right.

And getting farther off the mark. From the surveillance video I've seen
John and Tim do not look alike. When streaking for a hot tub one wears 
a modesty apron, for example, the other nothing on the x-ray spectrum.

Re: Shimomura, Markoff, and Packet Sniffers

[John Young]

No, I had not read the early archives, at the time I got on
board there was plenty going on to electrify 6 inches of callus 
off my near-dead carcass. Then, later, the early stuff disappeared 
with Bilblio, when I had assumed it would be around whenever
needed. And, then the Cyphernomicon was a ready reference.

To read the stuff now is again electrifying. And I wanted to
make the point that some bright DoJ or legislative researcher is 
going to run across it while searching for new enemies of the state,
a conspiratorial bunch of them, and lo, looky here.

And you got to admit that it's weird that none of the early
cypherpunks have been caught at, or accused, of sedition.
Or even set up like Mitnick for high-profile prosecution.

Phil Zimmermann's long-running case, and those of Bernstein
and Karn (before Junger) may have helped divert attention
from the cypherpunks open advocacy of subversion. Or was
it that the cypherpunks chose not to break the law, or not in 
detectable ways.

Could be that the list was so technologically and politically 
informative that it was wise heads who ordered; let it run, cut 
these wizards some slack, this is producing superb intel for 
easy archiving. And, lo, looky here, Tim May has made us a 
handy data mine pointer.

Now, is it tickling the tiger's tail to wonder who's being looked
at to kick off a cyber demonizing agenda for the '00s?

Two reports may provide clues, one is testimony of the CIA
on February 23 on "Cyber Threats and the U.S. Economy:"

  http://www.cia.gov/cia/public_affairs/speeches/cyberthreats_022300.html

The other is Jeffrey Richelson's article on Echelon in the March
Bulletin of Atomic Scientists:

  http://www.bullatomsci.org/issues/2000/ma00/ma00richelson.html

Re: Vin McLellan & Charles Mudd On Denial of Service Attacks

[John Young]

It's worth pondering what demonization and criminalization
may evolve from close study of the early Cypherpunk archives
made availalble a few days ago by Ralph Seberry :

   http://lanesbry.com/cypherpunks

After a fews days of reading those remarkable exchanges, it would
be a surprise if they are not already being assessed for explanations
of what makes the Net so threatening. And now that many of the
writers have gone on to deeply embed themselves in society to
carry out their takeover schemes, why it is the duty of every law-abiding
person to expose these Mitnick moles. Here are the names, get 
plumbing on Deja

Declan's report today on the soon to be released recommendation
to legislate controls on Net anonymity could be a harbinger to
attack many of the Cypherpunk inventions and proposals. Or even
to mount a campaign to root out all vestiges of, if not cypherpunkism,
then cryptoanarchy.

The history of the rise of virulent anti-whatever frightens the populace, 
and its usefulness to centrists to attack any kind of anti-authoritarianism, 
should remind how handy it would be to plumb the cpunk archives to
devise a comprehensive campaign for criminalizing a new generation
of disagreeables who dare to dream of overthrowing the status quo.

What is surprising, in reviewing the cpunk archives, is the tranformation
of some into Shimomuras, no doubt, as with him, due to the allure of 
being the best, rather being told that by crafty recruiters like Markoff --
or did Shimomura's employers recruit The Times.

Re: Vin McLellan & Charles Mudd On Denial of Service Attacks

[John Young]

Phill wrote:

>I know enough people who were involved in the previous investigations
>of Mitnick to corroborate the points I made, namely that Mitnick is a nasty
>piece of work and a pathetic loser rather than the harmless chap his 
>defence attorney would have people believe.

Watching Mitnick yesterday beng queried by US Senators on what to 
do about hacker attacks was pretty astonishing in the light of so-called
public revulsion about Mitnick and hackers. There was surprising
deference toward Kevin by the senators, and they even joked with
him about his imprisonment.

What it reminded me of was the way the fathers of Shawn Reimerdes
and John Johansen, two so-called hackers in the DeCSS affair, kidded 
with their sons at the foolhardiness of governments which do not know
what to do with they do cannot control and barely understand. Typically,
the fathers explain, first authoritarians demonize then, when intimidation
doesn't work, they criminalize.

It appeared that the Senators wanted to learn from Kevin, as oldsters
must, to avoid being vainly stupid, an occupational hazard of those
who compulsively believe they know what needs to be known. Then
parents grow up and out of that deliberate ignorance and learn to
listen to those kids who ain't kids anymore.

To be sure some parents and some senators, even a few experts,
never succumb to the temptation to abuse their power, to demonize
those smarter, much less criminalize their superiors. That takes guts,
and humilty, attributes in short supply at the top of small heaps.

Cylink Doc

[John Young]

A provocative document on Cylink has been put on Cryptome 
today:

   http://cryptome.org/cylinked.htm

Confirmations, supplements and rebuttals welcomed.

Bill Crowell has been invited to give Cylink's response.

Excerpt:

41. Which United States agency recruited Cylink to work 
with the KGB trained personnel in Armenia? 

42. Which United States agency used Cylink product to 
listen to United States banking and funds transfers? 

43. Which United States agency arranges for the legal 
protection of Cylink from investigation and prosecution? 

44. What United States government agency provided 
Dr. Jimmy K. Omura and Louis Morris immunity from 
prosecution? 

45. How is Robert Fougner able to stay at Cylink and avoid 
legal prosecution? 

46. Is Cylink the National Security Agency's model business, 
or another Central Intelligence Agency business operating 
illegally inside United States borders?

-

Re: The price of bread in Romania

[John Young]

Robert Hettinga wrote:

>> Well, it seems that we're arguing about word definitions, which is a most
>> stupid thing to do.
>
>Sorry if you feel that way. I was just going for a laugh, and not really
>arguing with you at all...

Charlie Trie said the same in Congress a few days ago, when explaining
how he brokered for export "medical equipment" which allegedly can
be used to manufacture bioweaponry juice. Bob Barr, reading from
an analysis of the equipment written by a DoD dual-use technologist,
attempted to nail Charlie, who in answer leaned to his lawyer, got a
new joke to tell, and delivered deadpan word artistry stupidities.

The clock kept running, Barr fuming and ridiculing Charlie and his
attorney confecting hilarious dual-interpretations of lawyerly English
run out of snake-tongued mouth into dragon-dance ear, parsed
by bi-national noodling noggin, to be lip-flapped, eyes squinched,
by Charlie at Bob, eyes squinched and brow furrowed, who couldn't 
fit Charlie's joke with the joke in the incomprehensible analysis.

Just before Caroline's mic is yanked, there's a straight-faced backgrounder
on Charlie's alleged switcheroo thigh slapper at:

   http://cryptome.org/trie-deals.htm

Names of the dual-use tounge-spiltting, ear licking, finger-pointing joke 
writers therein disclosed. How did you guess FBI?

And how about that list of honorees the FBI released yesterday to
show that spying on Americans is American Pie:

   http://cryptome.org/fbi-spies.htm

Very funny stuff, venerable, institutionalized evil. Verily religion.

Oops, nevermind, this thread is about bread. Ha! Hiccup.

Hotmail

[John Young]

What is going around as a way to warn users of Hotmail that
the originating address is not concealed, as with Alex Rogers
below?

We got Hotmail the other day claiming that Queen Elizabeth was
to be assassinated by thugs hired by Mohammah al-Fayed
in Sidney, Australia, in March.

Our response asking for a bit of proof or better concealment
of the originating address so we couldn't tell who told us, has 
not been answered. And that's a pity for we would like to 
receive a genuinely untraceable assassination warning.
Just one, for wall trophy of a rare bird.

Maybe that is just expecting too much, now that virtually all
means of anonymizing have failed periodically, before, during
or after use, and some apparently all the time, whether by
design or stupidity is not clear.

It must be assumed that Hotmail is used by highly skilled
intelligence officials such as John Deutch, as NCSC now
seems to be using AOL as easy to TA proxy.

-

X-Relay-IP: 216.33.241.47
Received: (qmail 91104 invoked by uid 0); 1 Mar 2000 23:54:28 -
Message-ID: <[EMAIL PROTECTED]>
Received: from 62.6.133.40 by www.hotmail.com with HTTP;Wed, 01 Mar 2000
15:54:28 PST
X-Originating-IP: [62.6.133.40]
From: "alex Rogers" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Old-Subject: The Gadaffi Report
Date: Wed, 01 Mar 2000 23:54:28 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Subject:  The Gadaffi Report
Sender: [EMAIL PROTECTED]
Precedence: first-class

Whoever knows the address where I can find the MI6 report on the Gadaffi 
assasination plot will they please send it to me at [EMAIL PROTECTED]  I 
say this as I believe as many people as possible need to know the truth 
about the British intelligence services and their wide abuse of power as 
well as the british governments lies to the people who elected them.

from Alex
__
Get Your Private, Free Email at http://www.hotmail.com



At 11:54 PM 3/1/00 +, you wrote:
>Whoever knows the address where I can find the MI6 report on the Gadaffi 
>assasination plot will they please send it to me at [EMAIL PROTECTED]  I 
>say this as I believe as many people as possible need to know the truth 
>about the British intelligence services and their wide abuse of power as 
>well as the british governments lies to the people who elected them.
>
>from Alex
>__
>Get Your Private, Free Email at http://www.hotmail.com
> 

BXA Updated Crypto Regs

[John Young]

BXA Updated Commercial Encryption Export Controls
February 28, 2000

  http://www.bxa.doc.gov/Encryption/Default.htm

This provides links to the following:

Export of Encryption Technology

  http://www.bxa.doc.gov/Encryption/tech.htm

Updated Q&A

  http://www.bxa.doc.gov/Encryption/qanda.htm

Encryption Licensing Chart

  http://www.bxa.doc.gov/Encryption/licchart.htm

Licensing Guidance

  http://www.bxa.doc.gov/Encryption/guidance.htm

The Q&A appears to have the most informative nuances
of the recent export regulations, corresponds to points
made in response to Bernstein's request for clarification,
and provides other amplications of policy. And probably
protends what will be codified in the Code of Federal 
Rulations.

RE: Crypto Framing in Britain

[John Young]

Uni wrote:

>Not at all what I am talking about.  But then again, I've never been
>disappointed (with noted exceptions) by the inability to read displayed by
>the masses of this list.

Let us remain calm at Uni's mock taunt. We know cypherpunks *write*
code, they do not read, period, knowing full well, as Uni does, that it's 
a time waster.

Cypherpunks also*crack* code, but without reading it, how silly, for if
code could be read it would be protected by the US First Amendment
and thereby free of pernicious export controls.

So remember, whatever cypherpunks may taunt, do not read, repeat
do not read, that is forbidden, and you might be killed for it, and, for
that matter, might be killed for a thousand other reasons often listed
right here, not that anyone would ever read such a list.

Finally, recall that power comes out of the barrel of a gun, and if
you want great wisdom eat gun barrels. First remove the bullets
or you'll lose your wisdom container, and thereafter your sense
of place in the universe, the place in the volume you were
attempting to decipher (not read, goddamit), and never find
the directions to the cypherpunk meeting where people debate
fine points of breathtaking illiteracy.

My .02 sents wart.

Re: Damn french ;-) (Re: damn commie hypocrite leech! (was Re: Re: Re: why worry?))

[John Young]

Okay, Robert, who wore a thong monokini at FC00?

Who's got implants since FC99, unable to face the naked
ridicule at 00?

Were infections running wild as predicted?

Who died? Where'd you stash the carcass, sewing a
pickled corpse in a donkey's stomach, head out the
navel, aint novel, well, not in french-slaughtering TX.

First Echelon Source

[John Young]

Making history: the original source for the 1988 
first Echelon report steps forward

London, Friday 25 February, 2000

By Duncan Campbell

In the circumstances of the extensive worldwide 
political and media attention that is currently 
focussed on the Echelon communications surveillance 
network, I wish to pay tribute to the person who 
first alerted the United States legislature and 
the world to the existence of Echelon.

Following the presentation of my report on Echelon 
and related Sigint systems to the European Parliament 
in Brussels earlier this week, my principal original 
source has said that she may be identified.

I published the first-ever report about Echelon in 
the British political weekly New Statesman on 12 
August 1988. The information about Echelon in that 
report came principally from Margaret Newsham, a 
computer systems manager who is now in retirement.

Margaret Newsham, better known as Peg, was formerly 
employed by a contractor at the National Security 
Agency Field Station at Menwith Hill, Yorkshire, 
England.

Now - finally - 12 years late, CBS has invited her 
to repeat the information we first published in 1988 
on their programme Sixty Minutes, to be shown on 
Sunday evening, 27 February.

-

Full article:

   http://cryptome.org/echelon-mndc.htm

Re: Alternative To Handguns Package (fwd)

[John Young]

Randolph Graham wrote:

>1) If someone comes to rape you, Kill them.
>2) If someone comes to rob you, Kill them
>3) If someone comes to carjack you, Kill them
>4) If someone comes to murder you, Kill them.
>5) If someone comes to abduct you, Kill them. 
>
>After you have killed these five, your life and the lives of the people 
>you love will be safer.
>
>|Our package contains a 20 page report on things you can do to protect
yourself 
>agains crime such as |robbery, rape, how to protect your home, and much 
>more. That is not all. The package comes with a |80,000 volt mini stun gun 
>that is the size of a credit card or cigarette pack.
>
>If someone is not mentally prepared to defend themselves with lethal force,
>than they are not prepared to use a f*ck'n Stun Gun.
>
>Pound sand down a rat hole. 

Praise Mammon for chopper reading on our splendid overfly of
our horizon-cleared million-acre spread. Let me tell you the comfort
an Apache gunship gives your family, we're here hovering, almost 
nobody alive down there, just dot.coms on the landscape of bones 
and hides of vermin who crossed our borderlessness, hah, 
daydreaming this paradise was free for slacking less than 24x7.

Look, children, look at the lazy wetback run like a jack rabbit, yo, 
mamacita, eat this fire and ice, there won't be a next time to suck
the blood of Super Max gringos.

Junior, Missy: throw out the mestizos.

EuroParl Echelon Report 5

[John Young]

Following the four EuroParl reports last year on Echelon
and electronic surveillance in general, a fifth report has
appeared, dated October 1999, but as far as we know
not heretofore widely publicized:

   http://cryptome.org/dst-pa.htm  (108K)

This report briefly outlines the first four and then examines
the history of electronic surveillance and privacy policies in 
Europe and the US, compares laws and regulations, and
makes suggestions for what might be done to resolve
conflicts.

Now that the US and Europe claim to be reaching an
agreement on privacy protection, though details remain
to be explained, this report is useful to understand the
differences between the US and Europe updating of
national security and privacy protection policy in response
to latest technology.

The big difference, the report states, is that the US allows
greater corporate snooping for economic purposes than 
does Europe. The difference among nations in national 
security snooping is seen to be negligible, indeed, that all 
nations go at it tooth and nail, sometimes in cooperation 
sometimes in competition. 

On the question of whether national technical 
means are used for economic advantage, why, it is
claimed that nobody, but nobody, does that, what a
foolish notion, ridiculous, why even ask, no comment, 
ever, on means and methods of distributing intelligence
products to customers. That word "products," that
word "customer."

Thankfully, the report singles out France for refusing to
go along with anybody's scheme for cooperation on
national security and privacy protection, and that 
paranoia and suspicion of outsiders remain Number 1 
and 2. Smart people, those advocates of liberty, equality
and fraternity.

Using intelligence to boost French business, oh yes,
let there be no dissimulation as the six former CIA
directors exhibited by C-SPAN yesterday in DC at CFR.

Wasn't Deutch amazing at that session? He could hardly
restrain himself from screaming "ignoramouses" at the
panel members, all of whom except him, appeared to
know no more than what's in the daily papers, and, to be
sure what's delivered in the kiddie briefings given to the 
association of retired CIA stupes.

Schlesinger's jibe that the DCIs would not criticize their
fellow KGB agents now the top echelon of Russia, was
winning, as was the admission by several of them that
they had no idea how both KGB and CIA bugs in
the Senate Intelligence and Foreign Relations chambers
were overlooked. 

See the CIA Inspector General's report on Deutch's 
stupid computer use (rather disinfomation distribution
under guise of that):

   http://www.fas.org/irp/cia/product/ig_deutch.html

BXA on Bernstein Inquiry

[John Young]

Thanks to Cindy Cohn and Lee Tien we offer BXA's four-page
response to Bernstein's request for clarification of the new 
encryption export regulations, February 18, 2000:

   http://cryptome.org/bxa-bernstein.htm

Excerpts, by James Lewis, BXA:

You ask for an advisory opinion in light of your concern that 
the new regulations "continue to interfere with Professor 
Bernstein's planned scientific activities." Your concerns are 
unfounded. I have sought to answer the general concerns 
you have asked (as they relate to Professor Bernstein) and 
to provide guidance which will allow Professor Bernstein to 
proceed with his activities. 

Your letter also contained a number of comments regarding 
constitutionality of the government's encryption export regulations. 
Because the constitutionality of the regulations is the subject of 
litigation by your client and other persons, and because your 
constitutional arguments are outside the scope of this advisory 
opinion, I will only note that we believe our regulations have 
always been constitutional. 

You ask in your letter that BXA make the response available to
the public. It is not our normal practice to make advisory opinions 
public. Professor Bernstein is free to do so. In light of the changes 
in licensing and review requirements for publicly available source 
code, the new regulations do not interfere with his planned 
activities as you have described them.

-

60 Minutes Does Echelon

[John Young]

Echelon will get a segment on 60 Minutes, February 27,
this coming Sunday, according to Margaret Newsham,
an ex-employee of Lockheed Martin, who worked at
NSA's Menwith Hill Station and trained agency personnel,
and who testified in a secret congressional hearing in the 
80s. She'll be a main player in the segment. A capsule of 
her visit to Menwith Hill and a 60 Minutes crew:

   http://cryptome.org/menwith-mn60.htm

And Bo Elkjær's Danish interview of Newsham:

   http://cryptome.org/echelon-baby.htm

Re: e-gold: Frozen accounts, returned funds, a few of my favorite things...

[John Young]

Sounds as if e-gold got hit by a n undercoverbanking op aping 
a Diallo.

Has there been an ID of the fake 13-year-old that baby-dolled
the meet-me-at-Dariy Queen?

Why has NSA been breaking into banks and governments?
As Madsen claims. Or is it Shimomura aping a rogue state?

Re: MS Funded/Founded by NSA?

[John Young]

Tim May wrote:

>Cryptome site (and sites that preceeded this exact
>name). 

Wah, I didn't know that. I'd like to credit those. Indeed, giving
credit is what keeps Cryptome going, for nearly all of it comes 
from contributions by others, especially Cypherpunks and
its offshoots and graduates.

Is there a copy available of that '92 handout?

Moreover, were the early Cypherpunks archives ever
located after biblio's archive vanished? I subbed in the summer
of '94 (thanks to Steve Levy's piece) and arranged to have most of
everything since then 86ed on Mars. That 92-94 period should be 
recovered if possible, though maybe not advertised. A private 
distribution would be beneficial. If anyone has the stuff, I'll make
CDs. Wait, if this is incriminatory, forgetaboutit.

Re: MS Funded/Founded by NSA?

[John Young]

This list is the first place I heard of Echelon, and a lot of other 
things, from crypto to TEMPEST and more. Maybe it's not at 
the moment at its peak level on politico-technology, but nuggets 
continue to appear, particularly those which provide a densepack
of information dressed up with enlightening critique, context
and history. Thanks for those, Tim, and to all who take the
time to lay out what may be familiar to you but continually
beneficial to others.

Tim, perhaps your novel evolved into Cyphernomicom, a jewel
of narration, chockfull of scary, thrilling, enlightening techno-threads, 
perhaps the most richly-featured hypertext to appear.

Is there to be a sequel? Okay, okay, fuck me.

Bamford's supposed to have one coming, now how long has that 
been rumored? Jeffery Richelson's got a piece on Echelon due out 
shortly in Bulletin of Atomic Scientists, or is it out now?

Re: MS Funded/Founded by NSA?

[John Young]

Very well, your rebuttal would be an informative addition
to the file, if you don't object.

To pick up on a couple of your points:

There should be a sustained burst of activity from Europe
on the Echelon affair as EuroParl deliberates on it, guided by 
the four 1999 Echelon reports prepared by its technological
research department, STOA. The one most recently featured
for its allegations about Wintel is, "Development of Surveillance 
Technology and Risk of Abuse of Economic Information (an 
appraisal of technologies of political control):"

   http://cryptome.org/stoa-r3-5.htm
   
The Cukier CFP99 report Matthew cited presents a useful summary 
of Echelon-like activities by nations other than the US. 

Wayne Madsen is quoted today in Canada's National Post that
the EU hearings are a joke. That all nations spy on each other
and only a fool thinks otherwise:


http://www.nationalpost.com/news.asp?s2=worlds3=observer&f=000219/210021.html

And Wayne Madsen wrote yesterday of Net intrusions and attacks 
by the USG, with the probability that it carried out the US "hacker
attacks:"

   http://cryptome.org/madsen-hmhd.htm

Which of these charges and countercharges and dismissals
are conventional bread and butter propaganda and which are
new revelations, that may never be known for certain.

Would that San Diegian be the gent who bragged of snagging
Mitnick?

-


Tim May wrote:

>It's probably a boullaibaise (sp?) of paranoid conspiracy theory,
>journalistic sensationalism, piling on, French nationalism, and a desire to
>distract attention away from French industrial espionage. (Recall the
>confirmed report that Air France was bugging commercial travellers.)
>
>PC-DOS was so primitive in 1980, when IBM's Boca Raton division--itself a
>backwater, led by Phil "Don" Estridge--that it is inconceivable that it had
>any "spying" hooks built in. I mean, come on! Besides which, it was written
>initially by Tim Patterson, of Seattle Computer, and only bought hastily by
>MS when it looked like they would get the IBM contract. (So the French
>paranoids would claim that Tim Patterson was operating his little company
>in Seattle with the intent of selling his spy software to MS. Get real.)
>
>PC-DOS, later MS-DOS, was also small enough in those days that nearly every
>function could be analyzed in detail, and the code could be dissected.
>
>Ditto for the chips. I worked for Intel during that period when this
>supposed NSA "Operation Wintel" was being developed, and I can assure you
>that the chips of the day had no particular features of interest to the
>NSA, save for some of the well-known bit twiddling instructions wmight
>otherwise have been. (But a lot less well-suited than it _could_ have been.)
>
>Most compellingly, until fairly recently the Net was primarily run off of
>Sun and similar computers...we all know that, of course. Sniffers on Sun
>networks would have been more interesting (and there's anecdotal evidence
>that a certain San Diegan developed precisely those tools for the NSA).
>
>Arghh..where to continue? Consider that at least several other
>manufacturers of Intel-compatible chips exist. AMD, obviously. But also
>Cyrix/National/Via, and Texas Instruments, and IBM. Did all of them design
>in the "special NSA sections"? Without any of them talking?
>
>(And these are only the recent deals. In the past, Matra/Harris, a
>French-affiliated company, was a producer. Ditto for a bunch of others,

>American, European, and Asian. All of them in on the conspiracy?)
>
>As a paranoid theory, it's not even interesting.
>
>
>--Tim May
>
>-:-:-:-:-:-:-:
>Timothy C. May  | Crypto Anarchy: encryption, digital money,
>ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>"Cyphernomicon" | black markets, collapse of governments.
> 

MS Funded/Founded by NSA?

[John Young]

A French intelligence report alleges that Microsoft was
set up with NSA funding and that NSA imposed MS-DOS 
on IBM, and also alleges that NSA agents are now working
at Microsoft:

   http://cryptome.org/nsa-ms-spy.htm

The full confidential report has not been published and these
allegations are made by an intelligence newsletter which
claims to have seen it. The Age, an Australian newspaper,
has reported on the topic today -- that account leads the file
above.

The NSA MS key revelation appears in the reports, and may
have prompted the intelligence investigation and speculation,
along with the April 1999 report for Europarl, due to be considered 
by EuroParl in a week, which also warns of Microsoft's and Intel's
possible cooperation with US intelligence to use Winte as a spying 
tool.

Still, we had not before seen an allegation that NSA was in on
the gitgo with Microsoft and that DOS had been forced upon
IBM. Is that old news or new, or merely a French counterattack 
on Echelon-like espionage?

CCIA Comments on DMCA

[John Young]

Sent to the Copyright Office today:

DMCA Comments by Computers & Communications Industry
Association

[Excerpt from: http://cryptome.org/dmca-ccia.htm]

"The Computer & Communications Industry Association (CCIA) 
strongly supported ratification and implementation of the World 
Intellectual Property Organization (WIPO) Copyright Treaty and 
the WIPO Performances and Phonograms Treaty, both of which 
were intended to update the Berne Copyright Convention to 
improve protections for digital works such as computer software 
and compact disks.  

The WIPO Copyright Treaty affirms that computer programs and 
other digital works are due full copyright protection under the 
Berne Convention.  The WIPO treaty also clarifies transmission
rights for copyrighted works in digital, electronic formats, and 
requires "adequate and effective" remedies to protect against 
the circumvention of anti-copying technologies and alteration
or removal of electronic rights management information.

Following the adoption of the WIPO treaties at the 1996 Diplomatic 
Conference, the Administration introduced implementing legislation 
in the 105th Congress.  However, these bills, S. 1121 and H.R. 2281, 
went beyond the revisions necessary to conform American law to 
our treaty obligations and conferred broad new rights on the owners 
of copyrighted material.  As introduced, these bills would have made 
it illegal for competitors to analyze operating systems or software 
platforms for the purpose of creating interoperable products.  

Computer scientists conducting encryption research and security 
testing would have also been in danger of running afoul of the law.  
In addition, online service providers could have been subject to 
broad liability for the actions of  others engaging in copyright piracy 
utilizing their services, regardless of whether the service provider 
played any role or had any knowledge of such activity.

Working on behalf of its members, CCIA was actively involved 
throughout consideration of this legislation (the Digital Millennium 
Copyright Act) .  In addition to working to limit the legislation's 
impact on the broad issues of service providers' liability and fair 
use, CCIA and other interested parties were able to preserve 
the practice of reverse engineering for interoperability purposes.  

CCIA also spearheaded the effort leading to the exceptions for 
encryption research and security testing.  We believed then, 
and continue to believe, that this language is essential to 
maintaining innovation and competition in the information 
technology industry.  We also cautioned that the need for 
additional exceptions -- based on unforeseen developments 
and innovation in technology -- would almost certainly arise.

As we anticipated, since the enactment of the DMCA by 
Congress the progress of technology has evinced the need
for additional exceptions to the circumvention prohibitions in 
the statute.  Legitimate efforts to deliver new and innovative 
products to the market and to consumers have been thwarted 
or have been challenged as violations of the Copyright Act as 
amended by the DMCA."


-- Jason Mahler
Vice President and General Counsel
Computer & Communications Industry Association
[EMAIL PROTECTED]

Computer & Communications Industry Association members:

Amdahl Corporation
AT&T Corporation
Bell Atlantic Corporation
Block Financial Corporation
CAI/SISCoCerebellum Software
Commercial Data Servers, Inc.
CommonRoad Corporation
Datum, Inc.
Entegrity Solutions Corporation
Fujitsu Limited
Giga Information Group
Government Sales Consultants, Inc.
Hitachi Data Systems, Inc.
Intuit, Inc.
MERANTNet
Com Solutions International, Inc.
NOKIA, Inc.
Nortel Networks
NTT America, Inc.
Okidata
Oracle Corporation
Sun Microsystems, Inc.
Tantivy Communications, Inc.
Telesciences, Inc.
Sabre Inc.
TSI International Software, Ltd.
VeriSign, Inc.
Viatel, Inc.
ViON Corporation
Yahoo! Inc.

Snoop Protection

[John Young]

Peter Lewis writes in today's NY Times about a couple of
programs that will (1) check your computer ports to see if any
are open to Net trollers looking for logged on boxes to host 
DDoS and such, and (2) block such trolls.

1. The checking service is Steve Gibson's site:

   www.grc.com

2. The free blocking program, ZoneAlarm, is available at:

   www.zonelabs.com

Both appear to do what is promised. Questions:

3. Do covert intrusive programs such as DIRT get inserted
through the ports checked and blocked by 1 and 2, and, 

4. If DIRT etc., has already been installed covertly on your 
machine, would ZoneAlarm detect it as it claims to do
for some, unidentifed, programs?

Re: Re: why worry?

[John Young]

Tim May wrote:

>Millions in America need killing.

This is taken out of the property is theft context, still it rings true
as if eternal oracle.

Some want more customers, some want fewer social leeches,
some want more slaves for their life style, some want fewer vote
thieves and more dead elected officials, some even swear more
is less, but that it's impossible to have too much sex except with
lawful partners for whom quickly filled bean jars cannot be emptied
except with the assistance of uncountable covert liaisons, a few
unpaid but most heavily paid for in courts of deadbeat law and 
nattering head shows frantically aiming to direct attention away
from present bedmates around the table.

Killing all the people who deserve it is an agenda perfectly
in synchrony with the march of progress and civilization in which 
the means of doing that is number one in dreamworks, assuming 
that all the supreme beings don't hear themselves whimpering each
alone in space and time, stare at infinity for sec, then say to nobody, 
"ah, what the fuck, this is pointless," then maxiplonk to end it all.

Re: Choate Detritus Revisited

[John Young]

The Org's put a tail on Jim in Austin, and rigged taps on his telecomm 
cables, and emanation snags on his water and sewage piping, 
and put an illegal family of Mexican narcs out of Matamoros planting 
Middle East saltpeter in his double-wide, and locked a geostationary 
bird to slurp residual kiddie porn from his Weimariner antenna farm, and 
the thing the public has to understand is that "CDR" has nothing to do 
with Cypherpunk Distributed Remailers; it's a code for Choate's 
Drunk Rages, emitted by his chained puppy when the flag is up
that Jim is horny, run dogs, hole up in San Saba until the moon
goes black.

Kadaffi Report

[John Young]

We offer the 1995 secret UK report on the plot to
overthrow Kadaffi reported in Britain Saturday:

   http://cryptome.org/qadahfi-plot.htm

Re: Top Secret Report on Kadaffi Plot

[John Young]

We've been told the report has been taken down from
the Yahoo site by someone who learned the URL and found
it gone already. HMG acted faster this time -- The Times
report first appeared on Saturday and by then the gov
knew about the offering.

Any lead to a copy would be welcome. Ready to host it,
so send anon if preferred, or by PGP, PK below.

-

-BEGIN PGP PUBLIC KEY BLOCK-
Version: PGPfreeware 5.5.3i for non-commercial use 

mQGiBDUT1GoRBAD96qrjqMjIZK30XrvsEgsDssidjh4gjxoM3XZwYvjuNqohFUYC
W6ktcjtHkITXeCP0leprRByF4LIZZp75JrR/FODnpELnTQwzQ03kD/OTRBl+m2ED
/3N4T29KwwKdvEvfoKgJ8UYrAb4nS5F7W26kiKAIslpIIKBSdMCWszoBRwCg/ydS
4PuvY6YJMbHc3Ir0OpW9NZ8EANM9K1c7OKDOQEriJOtYqlwd//qKP2GQLvq7Kdel
/fjZRKBDW3vRRJZvNkTpMN44eRz2wJxuQh1Jjqj/RWO7+KkeJF1ftVhWcC3kzmBa
7HX2CXmFX2Y+/Fqk1nyzDh2hD5nDidYS4uDMgNfAKs8WBVqWY9l9rHmX3LvoKIUP
WYGWBADFmYF5n+6LMwnrEWJb3/G/LPTz8bupjZAX3pk7JAysJjwet1ZRfN356RuF
8p4ia4BY8evpmwG0ICW0skrzPf6EelOGef7RpQN+4CSTHaF2lsMe4PFfQSI9c7lP
vGG74byiiR7V9BpWR6yhsB18FZhrCXkp44HQTFEbqbDbKwB3krQdSm9obiBZb3Vu
ZyA8anlhQHBpcGVsaW5lLmNvbT6JAEsEEBECAAsFAjUT1GoECwMCAQAKCRCDRF/O
eTbvYJ2pAJ0cPHIxXi8h0tbgWOH9NgPof7uH7QCfee3M2/PHjS59s5KTLHi1qrHu
O+m5Ag0ENRPUaxAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU
6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFXklnN
/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl9Ij9
WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhdONM0
/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQ
mwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIIANDxYVQYe4ZXIS8pYMT5
RyCM1IH8Zl2D29Dem3DpaR8nIaaV7S3MqtQ78m0dH2ae5GeyVEmNl1Hbr0N2SHzi
tmAMHqU2wriYsWuczFO+55Qman924+0LHJTykpj6LIzs7C426hkj23nuDc4m4y4n
p8wCLg8f4ySWwDHdFNgydRwcgC6M8Z5HqFeCsUFX5KPbZjxmMyD+jzoeKSKtju4D
MqTMvbotVDycnjB4P2aXEas1iie4irlgB/bNsQCFQY3KdTJsCkb70KwaK+eAzo5Y
iXXREZqK9XsIR65AG5B6jenwziwrTEirCtqDs4gqBt54X/IeKIjJDIYwTmUyxIcW
GK2JAEYEGBECAAYFAjUT1GsACgkQg0Rfznk272D76gCg/LOtMsq7I0NnuEp3qr/I
qKmOJngAoNPsyKKflQrPkA6LAJfFXVRmRSdx
=KgPx
-END PGP PUBLIC KEY BLOCK-

Top Secret Report on Kadaffi Plot

[John Young]

We would appreciate the URL for this report.

The Sunday Times, today;


http://www.the-times.co.uk/news/pages/Times/frontpage.html?1124027

"A top-secret report linking MI6 with a failed attempt to 
assassinate Colonel Gadaffi appeared on an American 
internet site yesterday, refuting Robin Cook's claim that 
British intelligence was not involved. The document, 
marked "UK Eyes Alpha", details contacts between 
MI6 and a group of Middle Eastern plotters who tried 
unsuccessfully to blow up Gadaffi's motorcade. The 
report, coded CX95/ 53452, was passed to senior 
Foreign Office officials. It revealed when and where 
he assassination attempt was due and said that at 
least 250 British-made weapons were distributed 
among the plotters. The four-page CX document 
was published on the California-based Yahoo! 
website. The Sunday Times has complied with a 
request by Rear-Admiral Nick Wilkinson, secretary 
of the government's defence, press and broadcasting 
advisory committee, not to print the address of the 
website on which the CX report is published."

-

Thanks to GG.

Re: Good Christ!

[John Young]

The story that's intriguing is that the cyber-attacks are the work
of the dark side of NSA, the ones opposed to the new DIRNSA's
housecleaning and deadwood chopping. A warning No. 3 after
the brownout of the intel sat receiving stations (No. 1) and the 
computer meltdown (No. 2).

Civilians Barbara McNamara and cohorts are reputed to be mean
motherfuckers and believe military brass are pussies who don't
know shit about black art technology, just strategizing big tin toys, 
warlording, armaments ballooning and standoff bluff-nuking 
tape-vermiforms. 

Somebody wrote a few months ago: in three months only one
will be still at NSA, McNamara or Layton. Would the old guard
take the Net down in a us or them suicide? Probably not, the 
newly recruited hackers won't give them access. 

Like that great LA Times cartoon last week, showing NSA 
timeservers wrapped in tape reels and manning obsolete 
Osborne, Wang and Digital boxes, an investigator of sloth 
saying, "Time to reorganize this place, round up the usual 
Chinese suspects."

In the present instance, "hackers v. hackers."

DMCA Comments Due

[John Young]

Forward:

Date: Wed, 9 Feb 2000 23:02:12 -0500
Sender:   Law & Policy of Computer Communications
<[EMAIL PROTECTED]>
From: Seth Finkelstein <[EMAIL PROTECTED]>
Subject:  DMCA Anti-Circumvention comments - deadline Feb 17
To:   [EMAIL PROTECTED]

Did you like Section 1201(a)(2) of the Digital Millennium
Copyright Act? That provision under which we've seen programmers
subjected to everything from injunctions to a raid by the police? Well
then, you're going to LOVE Section 1201(a)(1) of the DMCA.

  1201(a)(2) is the "offer to the public" prohibition.
  1201(a)(1) applies to the very act of "circumvention" itself:

 "``(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES.--
 (1)(A) No person shall circumvent a technological measure that
 effectively controls access to a work protected"

This is something like patent, copyright, and trade-secret all
rolled into one. We've just seen the DMCA in practice, and it's going
to get worse before it gets better. Now regarding this provision:

"The Copyright Office is first seeking written and reply comments from
interested parties in order to elicit information and views on whether
noninfringing uses of certain classes of works are, or are likely to
be, adversely affected by the prohibition against circumvention of
access control technologies."

http://www.loc.gov/copyright/1201/anticirc.html

The implications should be obvious.

The deadline for comments has been extended to February 17, 2000.
Read the above for format information, there's some picky requirements on
how to submit a comment.

Send your contribution before it's too late. The court case you
avoid may be your own!

==---
Seth Finkelstein  Consulting Web Programmer, potential circumvention-criminal
==---

Re: Re: CDR: Re: Nietzsche as the G”del of Philosophy

[John Young]

Aaron existentially emissioned:

> Mental masturbation doesn't actualize anything.

Out of 35 years devoted to gobbling everything emissed
by this list(s) Aaron's takes the Petard Prize. And all
the rest of you, yes each and every subscriber, poster,
lurker, snoozer, spy, got to blow through the nose to 
cowtit a big milk hoot for Head Wanker (temporary,
until surely soon out-footshot by heavy tinkers).

WTF nose code is that subject line?

MPAA Anti-Piracy Invite

[John Young]

Cryptome got a demand letter from the MPAA Anti-Priacy Unit
yesterday to remove DeCSS as well as to immediately perform 
other unnatural acts:

   http://cryptome.org/dvd-mpaa-ccd.htm

A number of responses to the letter have come in which
might be of interest here:

   http://cryptome.org/dvd-mpaa-ccd2.htm

One item we've added to the package is a message from the 
Copy Protection Technical Working Group, an MPAA related 
org, which lists dozens of subscribers to its mail list, including 
familiar cryptographers, attorneys and other faithful servants 
from the world's most cartel-ic .coms, .edus and .orgs.

Re: Boston flights to FC00

[John Young]

Ray Hirschfield wrote:

>We welcome serious proposals for hosting future meetings of the FC
>conference at locations other than Anguilla.  If you would like to
>submit one, please contact Adam Shostack <[EMAIL PROTECTED]>.

If one is held at Tim's spread I would attend. From accounts of his
unbounded hospitality there might be a problem getting me to
leave. Day laboring as a snakekiller, weedpuller, apple on the head target,
not a problem for daily beans and rice and security under the porch.
behind the outhouse, cowered in a culvert -- out of range during
the long dark night of antibody rage.

DeCSS MPAA New York Opinion

[John Young]

Judge Kaplan has issued his Memorandum Opinion in 
the DeCSS MPAA v. 3 suit in New York:

   http://www.nysd.uscourts.gov/courtweb/pdf/00-01149.PDF

We offer an HTML version:

   http://cryptome.org/dvd-mpaa-3-mo.htm

Judge Kaplan aims at settling the code as expression
dispute, citing Bernstein, Karn and Junger cases, and 
the First Amendment loses to Copyright and DMCA Acts.

Cypherpunks Stats

[John Young]

1 Feb 2000

Unedited   762
Algebra218
SSZ 44
Cyberpass   12
  
Total 1036

Are there other CDRs?

Majordomo at toad says there's no plain cypherpunks,
so it looks as though subs to toad go to unedited.

Except mail to [EMAIL PROTECTED] comes through
from toad and it also forwards to the CDRs.

Inet-one appears to archive only Algebra.

Hmm.

Pardon 2

[John Young]

Just learned that I was axed by Cyberpass in the last few days
and have re-subbed. So:

Anybody attending Linux World Expo in New York this week?

BTW, there are only 12 subscribers on Cyberpass. Who snatched
the bodies?

Pardon

[John Young]

Who's attending Linux World Expo in New York this week?