lambda 5.03 / Novembre
24, 1999
ShortCuts
THE PSN FIASCO:
INTEL'S PRIVACY POLICY FACES EU LAW
An exclusive document from the French Data Commision CNIL (july 1999)
explains what was to be done with Intel's Processor Serial Number regarding
European laws on privacy (see lambda
5.02). The chip giant changed
its worldwide policy during these negocations. For those who can read French.
And for those who would want to translate the stuff.
> The CNIL report (French)
> Bigbrotherinside
by Junkbusters |
B2 92 UNDER PRESSURE
-AGAIN
ANEM said on November 2 that Yugoslav Academic Network blocks access
to Radio B292 web site (Xs4all servers)
www.freeb92.net |
Contents 5.03
+ CISCO'S WIRETAP-FRIENDLY ROUTERS
+ EASY TO FIND, DIFFICULT TO JAM: a special report
+ FRENCHELON: Helios Connection
- S H O R T C U T S (China, UK, GILC ALERT)
VoiP wiretaps
Wiretap-friendly routers
By Cisco Systems
While a court challenge involving the US Communications Assistance for
Law Enforcement Act ("CALEA") was launched against the FCC by
EPIC and ACLU councels, the lambda has found evidence that Cisco Systems
has already made its broadband routers "wiretap-ready" for VoIP
as well as data.
EPIC and ACLU assert that the FCC ruling exceeds the requirements of
CALEA and frustrates the privacy interests protected by federal statutes
and the Fourth Amendment. According to EPIC's General Counsel, David L.
Sobel, "The FBI is seeking surveillance capabilities that far exceed
the powers law enforcement has had in the past and is entitled to under
the law. It is disappointing that the FCC resolved this issue in favor of
police powers and against privacy."
Sobel said that the appeals court challenge "raises fundamental
privacy issues affecting the American public. This case will likely define
the privacy standards for the Nation's telecommunication networks, including
the cellular systems and the Internet."
The CALEA could be compared to a French 1991 Act covering "interceptions
de sécurités" ordered either by the government or by
the judiciary (e-mail as well as voice, cellular and fixed). In that law
network operators are already obliged to build their hardware to allow law
enforcement agencies' wiretaps under control of an "independant"
Commission.
Recently, the IETF, members were under
pressure from US authorities to modify IPv6 standards to comply with CALEA.
"It'd be like having the Christian Coalition debating a protocol for
third-trimester abortions", one member reportedly said.
But as Bob Barr, a US Congressman, said in an open letter to the IETF
Chairman on Oct. 25, "it is questionable whether Internet telephony
could ever be appropriately included under the Act's mandates. Of course,
this fact will not put an end to demands by law enforcement and regulators
that Internet service providers and telecommunications companies make their
jobs easier by wiretapping the Internet for them."
Cisco Systems builds broadband routers used widely for the public backbone
of the Internet. A technical note published on Sept. 27 1999 give details
about a "new feature" called "Basic Wiretap Facility".
(2 updates have appeared since then, the last on Nov. 11.)
- Release Notes for Cisco uBR7200 Series for Cisco
IOS Release 12.0 T.
-
- September 7, 1999
-
- ... Basic Wiretap Support. ... The wiretap facility
is based on the MAC address of the
- cable modem so it can be used for either data or
digitized voice connections.
-
- This feature is controlled by the new interface command,
cable intercept, which requires a MAC address, an IP address, and a UDP
port number as its parameters. When activated, the Cisco uBR7200 series
router examines each packet for the desired MAC address; when a matching
MAC address is found (for either the origination or destination endpoint),
a copy of the packet is encapsulated into a UDP packet which is then sent
to the server at the specified IP address and port. ..."
***
Related article about the IPv6's wiretapp policy
EASY TO SPOT, DIFFICULT TO JAM
SIGN OF THE TIMES
Time for change, Echelon?
The Echelon snooping network is on the agenda to be severely scrutinized.
The Washington Post reported on Nov 13 that Rep. Bob Barr "added a
provision in the fiscal 2000 intelligence budget that requires the NSA to
report within 60 days on its legal standards for intercepting communications
in the United States and abroad." The provision was approved by "House
and Senate conferees" on Nov. 5, the paper said.
On Tuesday, November 16, the American Civil Liberties Union launched
a web site designed to shed light on the THING:
www.echelonwatch.org
Meanwhile elsewhere, people talked a lot more about Echelon since Oct.
21, and the 'Jam Echelon Day'
campaign.
International members of the 'hacktivism' mailing list advised people to jam the network putting
subversive keywords in their email, an action firstly designed to protest
the secrecy behing ComInt capabilities of what is known as Echelon.
They succeeded to gain a lot of public attention and it helped privacy
rights as a whole.
The lambda talked on the phone with British MEP Glyn Ford a few days
before. "Everything that can bring the public more awareness about
Echelon is welcomed," said Ford, a member of the STOA panel who published
two reports in '98 and '99 for the European Parliament. "I'm not against
using modern technology to avoid crimes, but this interception network doesn't
make any difference, honests citizens or criminals, with no democratic control."
But Ford recognized that keyword-jaming scams won't do nothing to the
NSA, even with its supposed several billionn wiretaps per day capabilities
worldwide.
"This initiative is a welcome step towards improving and extending
public awareness of the illegal interception of international civil communications
by the US NSA and other intelligence organisations," Duncan Campbell,
author of the last EP report, Interception Capabilities 2000, said in a "prepared
statement" the same day, 21/10/99. "By raising awareness of such
unlawful activities, however, Jam Echelon Day will undoubtedly contribute
to its goal, by bringing awareness to an ever wider constituency. ...
"The repeated transmission of strings of hypothetical
key words will certainly come to the attention of NSA and its sister organisations,
but is unlikely to affect or degrade their spying capabilities. They are
skilled in information warfare; their tools are designed to separate signals
from noise. Advertised attacks such as the "jam Echelon" string
can be recognised as noise and, thus, not processed.
Wayne Madsen, EPIC (Washington DC):
"I think it will cause a lot of laughter up
at NSA, to tell the truth. If they seriously think they're going to bring
the computers at the NSA to a grinding halt, they're going to be seriously
disappointed." (AP)
Simon Davies, Privacy International
(London):
"I don't think we'll ever know [about the effectiveness
of JED]. I would guess maybe it will be 10 years before we understand the
ramifications of any civil disobedience campaign." (AP)
SO HOW DOES IT WORK?
(Or supposed to be)
FromDuncan Campbell (1999)
Interception
Capabilities 2000
As Campbell's report says (Interception Capabilities 2000, par. 81), "The
use of strong cryptography is slowly impinging on Comint agencies' capabilities.
This difficulty for Comint agencies has been offset by covert and overt
activities which have subverted the effectiveness of cryptographic systems
supplied from and/or used in Europe."
Other evidence of keyworks methods' effectiveness found by Campbell in
his report are described there:
81. Fax messages and computer data (from modems)
are given priority in processing because of the ease with which they are
understood and analysed. The main method of filtering and analysing non-verbal
traffic, the Dictionary computers, utilise traditional information retrieval
techniques, including keywords. Fast special purpose chips enable vast
quantities of data to be processed in this way. The newest technique is
"topic spotting". The processing of telephone calls is mainly
limited to identifying call-related information, and traffic analysis.
Effective voice "wordspotting" systems do not exist are not in
use, despite reports to the contrary. But "voiceprint" type speaker
identification systems have been in use since at least 1995. ...
Technical annexe
27. According to former NSA Director William Studeman,
"information management will be the single most important problem
for the (US) Intelligence Community" in the future.(85) Explaining
this point in 1992, he described the type of filtering involved in systems
like ECHELON:
"One [unidentified] intelligence collection system alone can
generate a million inputs per half hour; filters throw away all but 6500
inputs; only 1,000 inputs meet forwarding criteria; 10 inputs are normally
selected by analysts and only one report Is produced. These are routine
statistics for a number of intelligence collection and analysis systems
which collect technical intelligence." ...
Details about trafic analysis and efficient keyword search engines systems
(par. n°19 to 27 in the report), Speech recognition software (par. 28
to 34).
STOA Reports:
Omega Foundation, 1997
D.
Campbell, 1999
NSA PATENT TELLS THE TRUTH ?
Part of it
Three NSA engineer patented
a new technology (USPO n°5937422) about a topic-based information
retrieval system. Some reports Nov. 15 said it is designed to track telephone
calls. But it does not deal specifically with voice. It has more to do with
semantics analysis with multilingual features, like the "langage pivot",
developed in France in a software named Taiga, now called Aperto Libro in
a commercial version (Inforama), and aprts of the technology were used by
Arisem, a start-up, to launch a powerful info retrieval software.
The NSA patent was filled on Aug. 10, 1999, and first proposed in April
97.
The lambda first learned about it in October. From 'hacktivism', a thread originally
posted on another mailing-l, by Mark Bowyer:
- "... According to an NSA fact sheet, their preferred
method of information sorting and retrieval is "totally independent
of particular languages or topics of interest, and relies for guidance
solely upon examples provided by the user. It employs no dictionaries,
keywords, stoplists, stemming, syntax, semantics, or grammar.
- A patent-number graciously provided at the end of
the document led us to more detailed information. "The present invention
uses a pattern-recognition technique based on n-gram comparisons among
documents instead of the traditional keyword or context-based approach,"
the patent information specifies.
- We're not a hundred percent sure what that all means,
but we sense it spells bad news for "Jam Echelon Day". The mindless
insertion of keywords being urged upon would-be participants looks like
a mere exercise. ...
JAMED ?
Militia Noise
Andy Oram from the CPSR mailing-list forwarded a message from Spain,
signed David Casacuberta <da5id@jet.es>, a leading member of FrEE group in Spain. Originally published
in Spanish at the website Kriptopolis.com.
"... The proposal turns even more nonsense applied
to Spain. In my country the more succesful initiative included keywords
in Spanish, despite the fact that the original proposal stated that only
words in English would be useful for the jamming.
"This is by any means not trivial. It is reasonable
to imagine the NSA is not ruled by complete idiots, so they don't expect
that a Corsican terrorist group, a Spanish drug dealer or Hezbolah member
talk to each other in English, so ECHELON e-mail recognition software only
surveils messages that are originated and/or go to the USA. So if a user
in Barcelona send an e-mail to another user in Madrid with the famous keywords
-no matter if in Spanish or English- this is a childish exercise because
there is no Yank electronic ear listening."
"But the most unsettling even is -without a
doubt- the political implications of the action ... The original proposal
to jam ECHELON came from the "hacktivism" list ... Wired [reported
the idea] came from an American group of so-called Lawyers for Constitution.
The proposal from these lawyers included a keyword list that was slightly
different from the original one in "hacktivism"; for example,
it included words like "United Nations". ... Very few people
claim it, but this group of lawyers have strong connections with fascist
groups such as the American Militia ... If you take a close look to the
keywords that have been circulating these days in Spain, you'll probably
notice that they are mostly words to detect militias: bombing federal buildings
that represent this New World Order incarnated in the United Nations...
."
True story: Linda Thompson, who introduces herself as "a Constitutional
rights attorney and Chairman of the American Justice Federation", told
a Wired reporter on Oct. 5:
"...Actually, this recent effort was started
by Doug McIntosh in Indianapolis, Indiana, a reporter for AEN News, who
wrote the original list. ... In 1992, our news network, AEN News, put out
information on Echelon. Together, we revised the list and I wrote the message
explaining what Echelon is and pointing to some Echelon articles. I just
write more posts than he does so the tagline gets around more. ... Someone
else apparently came up with the October 18 target date.
The target date was first Oct. 1st. Finaly Oct. 21. But never Oct. 18.
Wired corrected its article.
Echelon's copycat?
HELIOS! HELLO¡
Remember that France and Germany share some intelligence from a 90's
projet with satellites listening stations (Helios-1A).
Le Point, a French weekly, reported in 1998 on the matter. Communications
Week made a very good round-up.
"According to the Le Point report, France targets
the Intelsat and Inmarsat civilian communications satellites. One of the
satellites used in the French surveillance project is the country's Hélios
1-A, in a program called Euracom. However, the satellite is said to have
poor technical capacity for interception and re-transmission. As a result,
in August 1995 the French reportedly began an experimental initiative called
"Cerise" (Cherry) to intercept satellite communications. However,
a larger follow-on project named Zenon had to be abandoned on budgetary
grounds." ...
A most recent article by Le Point says the French Defense Ministry agreed
with the weekly's story. (From The
Tocqueville Connection)
"The DGSE for its part runs an important electronic
eavesdropping base in Domme (Dordogne), and has just opened two new stations,
in the United Arab Emirates and New Caledonia. The French, in liaison with
Germany's BND (Bundesnachrichtendienst), also have established an electronic
listening station at the Kourou space center, French Guiana, to eavesdrop
on satellites orbiting over the Western Hemisphere. ... Although officials
at the French defense ministry, which oversees the DGSE, refused to answer
Le Point's questions when it was researching the story, they have since
been more forthcoming. In a highly unusual statement, the chief of staff
of the French defense ministry, François Roussely, in effect confirmed
the existence of a national eavesdropping network. In Le Point's June 20
edition, he said the purpose of the French eavesdropping systems is "to
follow the military dimensions of international crises, notably in areas
where French forces may become engaged; to monitor the proliferation of
non conventional arms; and for use in the struggle against terrorism. Because
of the transnational character of these threats, collecting information
sometimes requires means that go beyond the capabilities of individual
states. For France, that means joining its partners in a search for solutions,
notably technical solutions, that are suitable for warning against these
dangers."
SHORT CIRCUITS
REBUILDING ONLINE FRONTIERS
Windows NT = China's Evil Empire
In its September 13 edition, China Youth Daily, the Communist Party's
teenager branch newspaper, published what couldbe seen as an official call
to protect China from internet-based "information hegemony and cultural
infiltration!". Information security would be used as a shield against
foreign influence.
>From "No national borders on the Internet? No way!",
China Youth Daily, 09/13/99
-
- "Some believe that national borders do not exist
on the Internet. Absolutely not! Borders on the Internet are Internet security!
-
- "Some believe that the threats on the Web are
only from "viruses" and "hackers." Absolutely not!
There are also threats from information hegemony and cultural infiltration!
...
-
- "The attacks by computer "viruses"
and "hackers," the infiltration of web culture, and the unfair
invasion of the people who horde web information will politically deceive
the people, cause economic losses, leak out classified military intelligence
(and hence lose the power to command), and cause ideological chaos and
social disturbances. ... Because of this, we can say that "web domination
= territorial domination."...
-
- "Among the 3,700 websites in China now, 91%
of them use Windows NT as the server operating system, and its stability
and security cannot satisfy the need to protect the online territory. Web
security products are being imported and used without independent rights
and control. This will inevitably harbor dangers such as imbedded viruses,
hidden passageways, and decodable passwords. Looking at the rule of the
online game, the power to register Internet domain names, and the TCP/IP
protocol commonly used on the Internet, we see these are in the hands of
the US as well. Where is independence and self-control on the web?
-
- "... We must strengthen management of web security
and legislation. We should establish a web security infrastructure ...
speed the building of supporting systems, thereby reaching the goal of
improving our network's ability to destroy enemies."
TAKE CARE, JACK
Crypto scam
In order to prove the danger of the Electronic Commerce Bill last October,
Malcolm Hutty from STAND in London
launched "Operation Dear
Jack". He sent a curious letter to the Head of the Home Office,to
conclude Jack Straw "would be liable for 2 years in jail."
Inside the letter: an encrypted confession to a real crime.
"The bill would make it another if you fail
to give up the decryption key to a message if a policeman thinks you've
got it; if you haven't got it, it is up to you to prove you haven't. If
you can't prove it, you would be liable for 2 years in jail."
STAND generated a pair of RSA-based keys under the name of Jack Straw;
and destroyed the decryption key.
"If the police ask you keep the demand to hand
over the key secret, telling anyone would render you liable to 5 years
in jail. So you couldn't complain - or explain your predicament - to the
PM or Home Secretary, to the Chief Whip or a journalist, or even to another
policeman.
"Happily for all of us, the E-Commerce Bill
has not yet been enacted by Parliament, so we have not in fact set you
up for jail time. "
GILC A l e r t
Volume 3, Issue 6, September 21, 1999
- Free Expression
- [1] Bertelsmann Foundation recommends Net content rating system
- [2] GILC Member Statement for the Bertelsmann Internet Content Summit
- [3] Bertelsmann halts online sale of Hitler's "Mein Kampf"
- [4] Beijing Turns the Internet On Its Enemies
- Members of the Falun Gong sect in the United States, Britain and Canada
have reported recent assaults on their World Wide Web sites. The members
accuse Chinese security officials of being behind the harassment.
- [5] Twenty Enemies of the Internet - RSF released a report, naming
twenty countries that may be described as real
- enemies of the new means of communication.
- [6] Umno to probe 48 websites
- Malaysian anti-defamation committee has identified 48 websites containing
allegedly slanderous and defamatory accusations against the Government
and will investigate them as it begins a more intensive effort to haul
offenders to court.
- [7] Sex sites win case in Britain for real-sex videos
- The British Board of Film Censorship loses its attempt to prevent sale
of pornographic films.
- [8] War of words over Australian Net censorship Controversy has arisen
over Australian government censorship of the Internet.
- [9] Singapore to relax Internet censorship laws
-
- Privacy and Encryption
- [10] Japanese Parliament passes Wiretapping and National ID Bills
- [11] Sri Lanka row over e-mail 'espionage'
- A Sri Lankan Government minister has admitted in public that he intercepted
a personal e-mail sent to the leader of the country's opposition. The opposition
threatens nationwide protests over the privacy issue.
- [12] New US legislation deals compatibility and open systems People
concerned with issues of product compatibility and open standards should
take a look at the proposed Uniform Computer Information Transaction Act,
which would determine rules for the distribution of software and computerized
information.
- [13] U.S. Government proposal: break into homes to defeat encryption
- [14] Some info on the GILC webpage updates
lambda / arQuemuse
nov-dec 1999
Réactions
I Home