lambda 7.04
Sept 16 2001
By J. Thorel
UPDATE 09/28/01


contents

Anti-terrorism laws and tech surveillance

See also new UPDATE lambda 7.05

 

 

Short-circuit

LSI-jolie

A number of crypto reforms urged to be adopted in the US are under discussion in France in a draft law presented by the government on June, 13. The "freedom of use" doctrine set up by PM Jospin in 1999 still strongly controls how crypto products are designed and distributed, excludes from the process open source tools and free software. Free crypto advocates launched the French website LSIjolie.net

www.lsijolie.net

 

anti-terrorism
&
tech surveillance

War vs Liberty UPDATE: lambda 7.05

 

Lambda 7.04, 16 sept 2001. -- "The World Trade Center outrage was co-ordinated on the internet, without question. If Washington is serious in its determination to eliminate terrorism, it will have to forbid internet providers to allow the transmission of encrypted messages ... and close down any provider that refuses to comply."

In an opinion column in the London Daily Telegraph (Sept. 14), John Keegan calls for a combined US/Russian/British invasion of Afghanistan and the end of electronic communications:

"Uncompliant providers on foreign territory should expect their buildings to be destroyed by cruise missiles. Once the internet is implicated in the killing of Americans, its high-rolling days may be reckoned to be over."

Other comments like that emerged in Western politics after the dramatic outages of New York and Wash. DC. Since the appearance of the so-called "Combating Terrorism Act of 2001" (CTA) on Thursday, Sept. 13, the Politech mailing-list of Washington journalist Declan McCullagh mentioned some reports like "Congress considers encryption restrictions in response to attacks", "Reply to crypto restrictions from Tim May...", "Senate votes to permit warrantless Net-wiretaps, Carnivore use", "U.K. government asks Net providers to record, store all data", ...

If Senator Judd Gregg urged its colleagues to forbid all non-backdoored crypto software, privacy guru Phil Zimmermann thinks it's a really bad idea. He told a French online magazine on Sunday, Sept. 16 (personal translation), astonished by recent events:

"... That's just because we're all angry and full of emotions that we've got to think calmly and should not take decisions that could affect us for the rest of our lives. ... Don't give the terrorists a second victory." To ban non-backdoor crypto, he said, "would be the same as searching everyone in this planet to catch one guy with a knife in the pocket. And I really don't think terrorists groups would be stupid enough to use these backdoored software. Modifying all PGP copies won't solve the problem, other software exists. That would just limit privacy rights for ordinary citizens."

During a recent trial in the US, Islamic extremist bin Laden and its group, seen as the major sponsor of recent attacks, was presented as a notorious user of cryptographic schemes like steganography. Experts like EPIC's Wayne Madsen took no credit in these allegations, but stories like "bin Laden uses stegano to escape justice" began to emerge again in the media.

Two days after the attack, FBI's NIPC officials ran a meeting in which, as IDG's Computerworld reported, "experts fear that Tuesday's attacks against the World Trade Center and the Pentagon are only the beginning of a wave of assaults that could include cyberterrorism." The fear before the facts, that is. This is war indeed. And psychology is part of the process.

The CTA 2001, argued McCullagh in a Wired Article, "enhances police wiretap powers and permits monitoring in more situations".

"The measure, proposed by Orrin Hatch (R-Utah) and Dianne Feinstein (D-California), says any U.S. attorney or state attorney general can order the installation of the FBI's Carnivore surveillance system. Previously, there were stiffer restrictions on Carnivore and other Internet surveillance techniques."

Former NSA general counsel Stewart Baker replied to McCullagh (debate on Politech list), claiming that "this seems a bit alarmist".

"The FBI has long had the authority to get the phone numbers that are called from or that call to a suspect's phone These are trap-and-trace and pen-register orders. The Justice Department has generally taken the position that the Internet equivalent of such data is the addressing information in emails It's not that big a change from the status quo."

But even Mr Baker was uncomfortable to give prosecutors such a blank check:

"In my view there are some reasons to be uneasy about the bill but not frothing. First, the to and from lines on my emails (plus the URLs I visit) are in fact more intimate information than the phone numbers I call. ... Once that data is gathered by the police(on a very easy standard, I agree), it may never be thrown out, and lots of people can access it."

Hot Subject in Europe

This fierce debate of whether to let police to monitor, prior to any investigation, all data connections of users (internet and cell phones) is also a hot subject in Europe. At the end of June the Council of EU telecom ministers amended a directive ("privacy in electronic communications") with the smart advice of ENFOPOL, a law enforcement expert group. All communications and traffic data should not be erased after the call, they argued, but operators must record and store users' data for about 12 months. That's exactly what the CTA is about to push in the US.

Mr Keegan should also call for the bombing of the European Parliament in Strasbourg, France. The EP on Sept. 6 rejected the directive (for a lot of other reasons, however) - yes, that was before Sept 11 events. According to one Irish MEP, the directive would have opened the door to widespread abuses by allowing state agencies retain and store personal telecommunications data. Law-enforcement agencies would not have been allowed to access the content of communications without a warrant but they would, however, have been able to access private email and website addresses; the location of Internet newsgroups accessed, and the times and duration of land and mobile phone calls.

The directive is far from complete, however, and some "exceptions" are scheduled for special cases. Mario Cappato, an Italian MEP, wrote a report, approved by the Justice, liberties and citizens' rights Committee in which he stated: "every form of global or exploratory electronic surveillance on a large scale is forbidden."

The same day The EP added another voice adopting a "recommendation" to the 15 governments about "computer-related crime", regarding the Cybercrime Convention under review.

"There must be a legal basis to any exception to the privacy principles, and must be necessary for the protection of a public interest and strictly proportionate to the specific objective foreseen, which means that any general obligation concerning data retention and any form of systematic interception is contrary to this proportionality principle". It also states that "no-one may be forced to incriminate themselves by revealing encryption codes or programmes".

But, again, pressure will be tough on MEPs not to follow their US counterparts. The same text calls also

"to make it easier to prosecute and punish those responsible for ... trafficking of human beings, money laundering, child pornography and terrorism ... ."

In the US Senate, considering wiretap proposals by Ashcroft, Senator Patrick Leahy, chairman of the Judiciary committee and a former prosecutor, said during the floor debate:

"Maybe the Senate wants to just go ahead and adopt new abilities to wiretap our citizens. Maybe they want to adopt new abilities to go into people's computers. Maybe that will make us feel safer. Maybe. And maybe what the terrorists have done made us a little bit less safe. Maybe they have increased Big Brother in this country. ... Do we really show respect to the American people by slapping something together ... and say we are changing the duties of the Attorney General, the Director of the CIA, the U.S. attorneys, we are going to change your rights as Americans, your rights to privacy? We are going to do it with no hearings, no debate. "

John Young, hostmaster of Cryptome.org, has sent an alert message to its users on Saturday, Sept. 15, in which he calls people to help him to backup crypto resources. He said:

"A while back a list of global sites for accessing crypto and privacy tools was set up: http://jya.com/crypto-free.htm. This list, and additions to it, should be mirrored and the mirrors widely publicized to aid citizen access to tools for personal and homeland protection worldwide from those urging war and terrorism at home and around the globe. ... My email provider, pipeline.com is owned by Earthlink, one of the ISPs reportedly now intercepted by Carnivore; Verio, host of Cryptome, may be as well; your hosts too. "

+ Text of the CTA bill - http://www.politechbot.com/docs/cta.091401.html

+ Debate over the telco sections

+ Debate with Stewart Baker

+ Senator Leahy's remarks

+ Wired, "Senate OKs FBI Net Spying"

+ Politech, "Congress considers encryption restrictions"

+ USA Today story (Feb 2001) about stegano

+ Wayne Madsen's reply in Wired

 

+ Europe's cyber-crime recommendation

+ Crypto freedom campaign in France : http://www.lsijolie.net

Other links

+ The end of the myth of electronic intelligence, an opinion by infowar expert Christian Harbulot (in French): http://news.zdnet.fr/cgi-bin/fr/printer_friendly.cgi?id=2095179

+ Did the terrorists succeed in cheating the NSA super spying network? Senator Hatch claims every sign about terrorist action was reported abroad, but not on US soil. A report by the Seattle Times: http://seattletimes.nwsource.com/html/nationworld/134340533_how12.html

+ Airport security under scrutiny: Cnet claims that biometric and facial recognition video surveillance systems could be presented as the ultimate solution for approving security checks, even if experts are not convinced at all. Americans may be more keen to accept Big Brother-like controls after the disaster.
http://news.cnet.com/news/0-1003-200-7141717.html?tag=mn_hd


Internet repression in China : See Lambda 7.05


lambda / arQuemuse
J. Thorel - Sept. 2001
Réactions I Home