Re: [NEWS] FBI To Require ISPs To Reconfigure E-mail Systems (fwd)
Not picking on anyone in particular but just plucking an example at ~random:
Funny you should mention that, as I think we are about to find out.
It's possible that the feds are going about this in the wrong way. Rather than seeking ways to expose that wrongness if any, we ought to be putting our effort into figuring out what they're trying to do and then making a recommendation (or several) as to how to actually get it done. Put your shoulder to this wheel, folks. Or find someplace else to live. (There's a four year sunset provision in the law they're passing tonight.)
On 17 Oct 2001, Paul Vixie wrote:
Funny you should mention that, as I think we are about to find out.
It's possible that the feds are going about this in the wrong way. Rather than seeking ways to expose that wrongness if any, we ought to be putting our effort into figuring out what they're trying to do and then making a recommendation (or several) as to how to actually get it done.
I would if I could. Some of it is confused by "we can't tell you," so no one can evaluate if there is a less disruptive, less expensive and maybe even more effective way to accomplish the same thing. Some of my best friends work for the FBI :-) I talk to them at conferences, by e-mail, and so forth. They are all very reasonable and intelligent people. They are very good at what they do, but their expertise is focused in other areas. But something happens between the meetings and the publishing of the "punchlist." I've never met a person willing to admit they wrote any of the punchlist items. They just seem to appear anonymously out of thin air. The majority of the information law enforcement requests (court order, subpoena, etc) is handed over without (much) argument by most ISPs. The most pushback comes from items carriers/providers believe may corrupt, disrupt or otherwise impact the service of other customers. There are people very good at designing tools for building doors, and people very good at designing tools for breaking down doors. While you might use a hammer to do both, the mistake is thinking the same hammer is always the best tool for every job. If you happen to use screws instead of nails, I guess you are out of luck. Unless law enforcement is willing to tell us what the problem is, we can't engineer the correct hammer for their needs. Instead it appears the FBI will design the hammer for us, and still not tell us what the problem is. Hey, FBI. Tell us what you are trying to build and maybe we can design a cool tool to help you build it.
Put your shoulder to this wheel, folks. Or find someplace else to live. (There's a four year sunset provision in the law they're passing tonight.)
I doubt the house is voting on any laws tonight.
Sean Donelan wrote:
Some of it is confused by "we can't tell you," so no one can evaluate if there is a less disruptive, less expensive and maybe even more effective way to accomplish the same thing.
Actually, they've already told us all we need to know: 1) NO cryptography was used. 2) Public library terminals were used. 3) Free accounts were used. 4) No suspicious international communications. 5) None of the terrorists was a suspect before the incident. 6) None would have been prevented from boarding an airplane. Therefore, no amount of network monitoring would have prevented the attacks! This is just a police state power grab, trying to get facilities and laws that a democracy would never give them otherwise, sought during a time of concern. So far, none of the "security" measures we've seen has actually prevented anything, or even been designed to prevent anything that has happened in the recent past. Camouflaged guards in airports? Secret searches? All we have is an impotent executive seeking to expand its power. -- What we HAVE discovered through analysis is that the two preventative measures that MIGHT have helped were cut due to bottom line costs: 1) Secure cockpit doors. Even now, the Administration refuses to mandate a security standard. 2) Immigration visa checks. Bush I drastically cut the size of the department, and Bush II was poised to throw open the doors. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
On Thu, 18 Oct 2001, William Allen Simpson wrote:
Sean Donelan wrote:
Some of it is confused by "we can't tell you," so no one can evaluate if there is a less disruptive, less expensive and maybe even more effective way to accomplish the same thing.
Actually, they've already told us all we need to know:
I was refering to why something like Altivore wouldn't satisfy the unknown requirements the FBI has.
This from John Young. -------------------------------------------- I believe this report refers to FBI guidelines whose implementaion is being worked out by direct consultation with telecommunication carriers: http://cryptome.org/fbi-flexguide2.htm The original date of compliance with these guidelines was September 24, 2001, but after widespread complaint to the FCC from the telecomm industry about infeasibility of compliance by the deadline, the FCC granted an extension in time to be set for each service provider in consultation with the FBI. That FCC order is with the file above. What other distinctive arrangments are being made with telecomm providers may be difficult to determine since each can cut a deal to fit its unique position without having to submit to a general standard. It is not yet clear if these private arrangements will be made fully public or if the FCC will allow concealment under rubric of privileged business information -- or, to fit the times of peril, for national security reasons. It will be interesting which ISPs join the big time ranks of legacy telecomm providers by offering services to fit the urgency for all uniting in patriotic fervor to kill the ISP dissidents unwilling to betray their customers. Lots of stellar Internet leaders changing sides as reported in National Journal's Technology Daily and other media, not to say media itself.
On Thu, 18 Oct 2001, Sean Donelan wrote: :I was refering to why something like Altivore wouldn't satisfy the unknown :requirements the FBI has. Do we know if specifications will have to be made public? I can't imagine mail administrators and sysadmins all having to get public trust (or higher) clearances. Is there a definition of 'ISP' in the US, either in this proposed legislation or other? We could speculate forever about juristdiction (over trans-national networks) and implications of these sort of things, but it would be nice to have some solid info. -j p.s. <short rant> The first step in developing any security policy is to enumerate and appraise the things that the policy will be designed to protect. Evidently, there has been no public consultation on what the recent legislation in various countries has been designed to protect. Most of the measures which have been demanded by our leaders have the symptoms of a security policy, and use technologies which would be used to enforce a policy, but there has been no public discussioin of what they actually think they are protecting. Of all the new sources offering analysis, opinion and their own brand of earnest reason, I'll take the Onion over CNN any day. "Freedoms Curtailed in Defense of Liberty". Brilliant. </short rant> -- batz Reluctant Ninja Defective Technologies
Paul Vixie wrote:
Put your shoulder to this wheel, folks. Or find someplace else to live.
Gosh and Golly Gee, not another "my way or the highway" despot! I'd never have guessed that Vixie was a supporter of a police state. I'll stop supporting democracy when they pry my vote out of my cold dead hands.... Meanwhile, where is it exactly that all ISPs should move?
(There's a four year sunset provision in the law they're passing tonight.)
Where? The US House has adjourned. (You might be referring to the "pre-conference" committee that met before the "conference" committee meets next week?) It's all being done, probably illegally, by executive order. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
On Thu, 18 Oct 2001, William Allen Simpson wrote:
I'd never have guessed that Vixie was a supporter of a police state.
Perhaps you should re-read Paul's statement before issuing your own, because that's exactly *not* what he said.
-- JustThe.net LLC - Steve "Web Dude" Sobol, CTO - sjsobol@JustThe.net In another world it may be true that "Information wants to be free." Directory Assistance, or lack thereof, is a profit center here and now. - John Myers, speaking in comp.dcom.telecom
On Wed, Oct 17, 2001 at 11:25:09PM -0700, Paul Vixie wrote:
(There's a four year sunset provision in the law they're passing tonight.)
Forty garbonzoes says even the sunset provisions will be mysteriously absent from the final version, whenever it passes. -- Jeff Gehlbach, Concord Communications <jgehlbach@concord.com> Senior Professional Services Consultant, Atlanta ph. 770.384.0184 fax 770.384.0183
participants (8)
-
batz -
bmanning@vacation.karoshi.com -
Jeff Gehlbach -
mike harrison -
Paul Vixie -
Sean Donelan -
Steven J. Sobol -
William Allen Simpson