Re: Secret Warrants and Black Bag Jobs--Questions
At 04:21 PM 8/8/01 -0700, Greg Broiles wrote:
>At 08:59 AM 8/8/2001 -0700, Tim May wrote:
>
>> According to my sources ("The Sopranos" 8-)), those doing the bugging
>> are supposed to "not listen" except when putatively criminal acts are
>> being discussed.
>
>The Sopranos gets it right - the process is called "minimization", and is
>intended to limit the evidence collected to only that which discloses
>criminal activity - there are strict rules about how a conversation can be
>sampled, as the show portrayed.
>
>But the agents don't need to follow the rules if they don't intend to ever
>use the proceeds of the tap in court, or disclose its existence.
There is the additional use of evidence raised publicly in LA a few years
back - that LEO routinely passed information collected during wiretapping
to other officers that could be used to collect legal grounds for
admissible search against people not directly related to the initial
wiretapping. In the LA case, this was sometimes as simple as "be at X at Y
time", where the tipped off LEO could observe an incident "accidentally"
without having to reveal their source.
>>1) Are the secret warrants always revealed eventually, regardless of
>>whether a court case happens or the evidence is introduced? Is it possible
>>that there are N never-revealed secret warrants for every warrant
>>discussed in open testimony?
>
>Yes. There is a time limit for when they should be disclosed if they don't
>lead to a prosecution - that time limit can be extended by a judge, if the
>agents think they need more time to develop a case. I don't believe the
>(federal) law allows for taps to go undisclosed forever, but I believe it
>happens anyway. Since the undisclosed taps aren't likely to be the focus of
>litigation, there's no effective check on that practice.
I'd imagine this would depend on the nature of the investigation. If the
feds can make a case that unsealing the warrant could compromise a
"critical contact" (even if they are in fact a worthless paid informant
used as a warrant justification factory) or a "critical technical means"
(i.e. Radio Shack directional microphone), its likely this would never be
unsealed. There are also cases where "national security" is raised by
SS/CIA/NSA/EPA(sic), and the public will never see any of the paperwork
shreds.
Re: low tech surveillance-cam countermeasures in Israel
At 04:56 AM 11/11/00 -0500, Bill Stewart wrote: [snip] >On the other hand, cameras keep getting cheap, >and you can hide radio-equipped web-quality cameras >for nearly no money anywhere you've got electricity, >so getting all (or enough) of them can be harder. OTOOH, if you've a little money to invest, the optical reflection DSP techniques developed to detect sniper rifle scopes could be used to find cameras in large areas. (Laser reflected off spinning scanning mirror into target area, digitize reflected light and process to detect internal reflections of lens assemblies. Done right it can identify scope by make and model, mirror gives relative bearing to points of interest.) This technique should apply to everything but pinhole lenses, which aren't very useful for staring-eye type field surveillance. A simple commercial version of this is already available to sweep for hidden cameras in a small room type environment, scaling for large field use should be relatively simple with better optics and detectors. Its likely a few of the spooks on this list have used such equipment, its probably been deployed for a number of years now by the US.
RE: was: And you thought Nazi agitprop was controversial?
At 02:42 PM 9/18/00 -0400, dmolnar wrote:
>
>
>Here's another link on licensing of software engineers, this time from the
>ACM:
>
>http://www.acm.org/serving/se_policy/report.html
>
>it seems that cryptographic/security software, if we ever get the
>liability structure whose lack is often pointed out by Schneier ("we don't
>have good security because we don't have to"), may be a prime target for
>such licensing.
>
>-david
To one extent, this has already happened. Under 15 CFR Part 740.13, in
order to distribute public domain / open source cryptographic software
without the classic restrictions under ITAR, you have to register yourself
by sending an email to the NSA (well, the BXA address whose office happens
to be in Ft. Meade.)
So we already have mandatory registration for open source crypto developers.
If key escrow legislation finally passes, they've got the list of
individuals and companies to lean on, and imagine thats where licensing
will come in.
Re: VISA to smartcard the US
Take a look at Dallas Semiconductor's Crypto iButton family. FIPS level 2 and 3 certified DSA/SHA services with a JVM in a large watch battery form factor, under $50 for FOB and interface. (Disclaimer - I don't work there, I've just used their products for many years now and have designed them into a dozen odd products.) Many interesting places use these as personal certificate storage to authenticate access. At 02:18 AM 9/13/00 -0400, Ray Dillinger wrote: > > >Hmmm. These devices could be useful, even without using >them as credit cards. I wonder if you could buy a batch >of them from the manufacturer with custom software installed? > >It would sure be nice if I could make a physical key token >that would render my system completely useless if the key >were, say, in my wallet at work, and the computer found its >way to, say, the hands of someone carrying out an illegal >search and seizure. > >likewise it would be nice to store PGP keys on, etc -- bits >of data that you want to maintain complete physical control >of at all times. > >"Oppression is sometimes best fought with the tools that >the oppressors have built for their own use." > >I want a PGPdisk you can boot from. > > Bear > > >On Tue, 12 Sep 2000, A. Melon wrote: > >>Sep 12, 2000 - 07:27 PM >> >>Visa USA to Launch Smart Card in >>the U.S. >>The Associated Press >> >>NEW YORK (AP) - After success with its smart card in >>Europe and Japan, Visa is aiming squarely at the U.S. >>market with an upgraded version that contains more >>memory. >> >>Over the next couple of weeks, Visa USA, the >>companys U.S. division, will be launching smart cards >>- microprocessors embedded in plastic -that will offer >>prepackaged services to be determined by its issuers. >> >>Customers will be able to download information from >>their computers via special card readers. Over the next >>year or so, they will be able to store airline tickets, for >>example, and eventually use the cards as keys to their >>cars and homes. >> >>The card, which has 32 kilobytes of memory, is >>different from Visas original version, which has mainly >>served as a "monetary value card," said Al Banisch, >>senior vice president of consumer credit products. >> >>The new card will be available free to Visas 350 >>million cardholders. >> >> > > > >
Re: FBI gets new hacking tools - any ideas?
At 08:24 PM 8/13/00 -0400, Tim May wrote: >At 3:45 PM -0700 8/13/00, Kerry L. Bonin wrote: >>At 06:17 PM 8/13/00 -0400, Tim May wrote: >>>At 8:33 PM -0400 8/11/00, Kerry L. Bonin wrote: >>>> >>>>heh... I was wondering if/how I should qualify my own comments as well. I >>>>have kids, and my personal opinion on kiddie porn is minimum penalty of >>>>forced castration for creators of the images, if not death penalty. That >>>>said, I don't think its constitutional for the FBI to conduct "dragnet" >>>>sweeps for _any_ crime, which seems to the direction they are heading - >>>>'two wrongs' and the like. The technical issues on both sides are >>>>interesting, and as I work in security and open source crypto, I'm >>>>painfully aware of my role on both sides of the fence. >>> >>> >>>And in my view, you deserve the death penalty for advocating that >>>others who appreciate what you call "kiddie porn" face the death >>>penalty. >>> >>> >>>--Tim May >> >>If you are going to judge me for my comments, please do so accurately. >> >>I did not state that those who "appreciate what you call 'kiddie porn'" >>deserve the death penalty. >> >>I stated that I feel that the "creators of the images", i.e. those behind >>the cameras of "kiddie porn", i.e. sexually exploitive pictures of >>significantly underage (often pre-pubescent) children, deserve the death >>penalty. > > >Point taken. You deserve the death penalty for advocating the death >penalty for this specific point. (Though nearly all child porn laws >make no distinction between producers and consumers.) > >The issue of whether a child is "hurt" by some behavior is not >compelling. Many children are hurt by many things. Being photographed >is only one tiny facet of this. I agree that most child porn laws make no distinction between producers and consumers, my position is reserved for the producers. Since you state that I am deserving of the death penalty, you obviously believe it is warranted in some cases. (This comment is obviously tongue in cheek, I've read many of your posts...) Most anarchists believe that any action is acceptable so long as no harm occurs to others. What to do when others are harmed is one of the areas where the differences in opinion are legion. While I would agree in principle that "being photographed is only one tiny facet of this", again, I know a number of people who have been through this. I would also consider that standards of any kind require quantifiable criteria. The history of laws regarding sexuality are full of subjective ambiguities, which I would like to avoid in taking a position on something as important as capital punishment. My standard is simple - I would instantly execute anyone I caught abusing my own children sexually, and I would consider "creating kiddie porn" as one form of such abuse, along with the more classic forms (coitus, sodomy, ect.) By extension, I believe that anyone carrying out such acts should be permanently 'removed' from society. You seem to be taking the position that the creators of 'kiddie porn' are deserving of far less or possibly no punishment. Do you consider yourself a completely amoral individual? I don't encounter them often. Anarchy is an interesting political position I once held myself, raising a family and dealing with both good and bad in society tends to temper such extreme views.
Re: FBI gets new hacking tools - any ideas?
At 06:17 PM 8/13/00 -0400, Tim May wrote: >At 8:33 PM -0400 8/11/00, Kerry L. Bonin wrote: >> >>heh... I was wondering if/how I should qualify my own comments as well. I >>have kids, and my personal opinion on kiddie porn is minimum penalty of >>forced castration for creators of the images, if not death penalty. That >>said, I don't think its constitutional for the FBI to conduct "dragnet" >>sweeps for _any_ crime, which seems to the direction they are heading - >>'two wrongs' and the like. The technical issues on both sides are >>interesting, and as I work in security and open source crypto, I'm >>painfully aware of my role on both sides of the fence. > > >And in my view, you deserve the death penalty for advocating that >others who appreciate what you call "kiddie porn" face the death >penalty. > > >--Tim May If you are going to judge me for my comments, please do so accurately. I did not state that those who "appreciate what you call 'kiddie porn'" deserve the death penalty. I stated that I feel that the "creators of the images", i.e. those behind the cameras of "kiddie porn", i.e. sexually exploitive pictures of significantly underage (often pre-pubescent) children, deserve the death penalty. I feel this penalty is deserved for the serious harm it usually imparts on those children throughout their lives, and I've known several. The fact that such harm is done to someone so completely incapable of defending themselves is why I feel such a harsh penalty is appropriate, if in no other case. How do deal with those who "appreciate" it is another manner entirely, as it could be stated in an amoral context that arousal by viewing entirely synthetic images of children harms no one.
Re: FBI gets new hacking tools - any ideas?
At 08:00 PM 8/11/00 -0400, Steven Furlong wrote: >"Kerry L. Bonin" wrote: >> Assuming the body of child porn in circulation is of some reasonable size, >> and grows far less rapidly than adult porn, it should be feasible to >> construct a "fingerprint" style database by scanning the collections the >> FBI (and some postmasters) are known to have in their posession. >> >> An automated tool could then conceivably be created in conjunction with a >> statefull inspection firewall or statefull passive line tap to recognize >> when significant quantities of registered porn are being transmitted. >> >> The obvious counter for this would be encryption or steganography, which >> was also mentioned. > >I know little about the JPEG format, but wouldn't it be simple enough >to switch colors 1 and 2 in the palette, then swap all references to >those colors in the image? Or doesn't it work that way? Assuming it >does work, there could be a dozen versions of the same image, visually >identical but not bit-wise identical. This could qualify as a trivial form of steganography. JPEG is considerably more complex than that (GIF,BMP,ect. do meet that description), but the abstract principle holds. Simple mods (add color offsets to random pixels across image before retransmission, like a 'watermark') could be defeated by more comprehensive "fingerprinting" methods, but usual disclaimers about 'bullets' vs. 'armor', and you end up at crypto. >Encryption would be the obvious counter to this. Even in societies >where it's legal, though, the combination of tool inconvenience and >big-brotherish suspicion of encryption where not provable necessary >is preventing the widespread use. Agreed, although many people (including myself) are working hard to make crypto easier to use. >I'm more interested in the extension of these tools to other >information Big Brother would like to ban. The technical challenges of >banning or protecting ASCII text files are different than those for >binaries, so I don't know if the same tools would be used. Same here. I'm pretty much convinced that the only end-user means for privacy are VPN's and web-of-trust PKIs. I think the FBI is heading towards eventual "dragnet" style monitoring of the whole damn net, pretty much like the NSA and friends already have. >Oh, and for the benefit of Big Brother, my ex-wife's attorneys, and >future employers, I'm not especially interested in kiddie porn. I'm >interested in the technical and social challenges here. heh... I was wondering if/how I should qualify my own comments as well. I have kids, and my personal opinion on kiddie porn is minimum penalty of forced castration for creators of the images, if not death penalty. That said, I don't think its constitutional for the FBI to conduct "dragnet" sweeps for _any_ crime, which seems to the direction they are heading - 'two wrongs' and the like. The technical issues on both sides are interesting, and as I work in security and open source crypto, I'm painfully aware of my role on both sides of the fence.
Re: Purpose of anti-laundering laws?
At 08:40 PM 3/11/00 -0500, Petro wrote: > In other words, does the government have a legitimate reason >to prevent you or me from hiding the origin of a legitimate source of >income from prying eyes. Taxation. If the fed can't see you get paid, its difficult to tax you. Constitutionality of taxation aside, as long as the fed relies on income taxes as a signifigant revenue source, they have a vested interest in preventing unauditable cash transactions from being widely avaliable. The reasons typically given (drugs, ransom notes, and the myriad variations of "think of the children") are inconsequential in comparison, but they sound better. As a side note, I did some contract work on client software for the "Mondex" electronic cash system last year. Interesting system, could have been untracable (chip-chip). Except that every bank and almost every vendor wanted audit log capability in all equipment. I stopped working on the system.
