31/03/04 FBI pushes for broadband wiretap powers and other information on government spying

A far-reaching proposal from the FBI, made public Friday, would require all broadband Internet providers, including cable modem and DSL companies, to rewire their networks to support easy wiretapping by police. www.msnbc.msn.com/id/4515410/

Questions of control raised as AOL users are blocked from spam sites

By Jonathan Krim
The Washington Post

Questions of control raised as AOL users are blocked from spam sites email.seattletimes.nwsource.com/t?ctl=59B7BF:20A0E33

America Online has adopted a new tactic against spam: blocking its members' ability to see Web sites promoted by bulk e-mailers.

The policy, begun this year, opens a new front in the war on spam. But it also makes the company the first of its kind to push past the traditional Internet orthodoxy that service providers should be neutral conduits to anything the World Wide Web has to offer.

Many spammers advertise products — including body-enhancement pills, pirated software and get-rich-quick schemes — by including links in their e-mail to Internet sites that display the wares and process orders. AOL members attempting to visit a blocked Web page receive an error message that says a connection to the page could not be made, but they are not told that it is a spammer's site that has been placed off limits. No other notification of the policy is provided.

"Essentially, we have vastly improved AOL's ability to restrict identified spammers' sites from being accessed by our members online," said company spokesman Nicholas Graham. He said AOL is choosing which sites to block based on complaints from members, who can report spam to the company.

Graham said the Web site blocking policy has contributed to, for the first time, a reduction in the amount of bulk mail that spammers are trying to send to its members. According to AOL's numbers Feb. 20, 2.6 billion pieces of spam were sent to AOL accounts. The number was 1.9 billion on March 17. Statistics from other Internet providers, e-mail security companies and market-research firms show that overall spam traffic has held steady for the past several months at about 60 percent of all e-mail traffic.

AOL's move highlights the fact that Internet providers have the ability to block users from seeing certain content.

Indeed, in trying to short-circuit the income stream of spammers, AOL is attacking one of the most vexing truths about the spam problem: Some people want and buy the products, which helps keeps spammers in business.

"There is a service to AOL members by doing this," said Paul Smith, a Washington lawyer who specializes in Internet and media law. "But there's some trade-off … because some people want to go to those sites. It shows that there can be in the world of the Internet some serious issues raised by a small number of companies that (control) bottlenecks to the flow of information."

Although AOL has joined hands with Internet service competitors EarthLink, Microsoft and Yahoo! to sue spammers and to develop new technologies for blocking spam, AOL is alone in its move to try to cut off access to commerce Web sites advertised via spam.

EarthLink spokeswoman Carla Shaw said her service has begun to block Web sites that are linked from spam that purports to be from EarthLink. In a scam known as phishing, the e-mail directs users to sites that look like they are EarthLink's and asks for personal data. AOL has blocked phishing sites for about a year.

Neither Microsoft nor Yahoo! blocks access to Web sites for e-mail account holders.
 

Legal experts said there is nothing in the AOL strategy that violates free-speech laws. And Internet service providers (ISPs) long have given parents the ability to block content from their children.

"The model of the Internet always came with some substantial latitude for the ISP to pick and choose," said James Dempsey, executive director of the Center for Democracy and Technology, a public-interest group.

But Cindy Cohn, legal director of the Electronic Frontier Foundation, said AOL's intentions are good, but blocking Web sites is "paternalistic."

---------------------

related info.:

----------------

FBI pushes for broadband wiretap powers:

A far-reaching proposal from the FBI, made public Friday, would require all broadband Internet providers, including cable modem and DSL companies, to rewire their networks to support easy wiretapping by police. www.msnbc.msn.com/id/4515410/

-----

FBI CARNIVORE'S EMAIL VACUUM SWEEPER TAPS & YOUR ISP

PATRIOT Act sets “exactly the same standard that governs the wiretapping of telephones.” Email wiretaps are now carried out with a surveillance system created by the FBI, lovingly named Carnivore. Carnivore is contained in a black box that the FBI compels Internet service providers (ISPs) to attach to their operating system. Though a Carnivore tap might be imposed to target a single person, Carnivore can automatically impound the email of all the customers using that ISP.

The ACLU’s Barry Steinhardt observed,

Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company’s customers, with the “assurance” that the FBI will record only conversations of the specified target.

The PATRIOT Act puts email wiretaps on automatic pilot. An FBI agent or government lawyer need only certify to a judge on the secret Foreign Intelligence Surveillance Court that the information sought is “relevant to an ongoing criminal investigation” to get permission to install Carnivore.

Judges have no discretion: they must approve wiretaps based on government agents’ unsubstantiated assertions. And, if past is prologue, there will be little or no oversight of how the FBI is using its new email vacuum.

Frum and Perle pooh-pooh concerns about the new intrusions: “The privacy of the American home is many millions of times more likely to be invaded by an e-mail spammer or a telemarketer than a federal agent.” But telemarketers do not conduct no-knock raids that leave innocent people dead, and spammers do not conduct mass secret arrests (followed by prison beatings), as did the feds after 9/11.

----------------

CHECK YOUR ISP FOR CARNIVORE SPY PROGRAM CONNECTION stopcarnivore.org/howtostopit/fpisp.htm

-----------------

Friday, February 27, 2004

Heavyweights focus on knocking out e-mail spoofing Microsoft, Yahoo! to fight spam by proving sender's ID By ANICK JESDANUN
THE ASSOCIATED PRESS

…But these solutions alone will not stop spammers. Systems will have to be established to evaluate the reputation of domains that relay e-mail, and that raises questions about who would develop such lists and who would arbitrate disputes.
---------------------

The Dangers of Digital Imprimatur
www.fourmilab.ch/documents/digital-imprimatur/

===================================================

NEWSWEEK

A NET OF CONTROL
Unthinkable: How the Internet could become a tool of corporate and government power, based on updates now in the works

Christoph Niemann for Newsweek

By Steven Levy
Newsweek International

Issues 2004 – Picture, if you will, an information infrastructure that encourages censorship, surveillance and suppression of the creative impulse. Where anonymity is outlawed and every penny spent is accounted for. Where the powers that be can smother subversive (or economically competitive) ideas in the cradle, and no one can publish even a laundry list without the imprimatur of Big Brother. Some prognosticators are saying that such a construct is nearly inevitable. And this infrastructure is none other than the former paradise of rebels and free-speechers: the Internet.

To those exposed to the Panglossian euphoria of Net enthusiasts during the 1990s, this vision seems unbelievable. After all, wasn’t the Internet supposed to be the defining example of empowering technology? Freedom was allegedly built into the very bones of the Internet, designed to withstand nuclear blasts and dictatorial attempts at control. While this cyberslack has its downside—porn, credit-card fraud and insincere bids on eBay—it was considered a small price to pay for free speech and friction-free business models. The freedom genie was out, and no one could put it back into the bottle.

Certainly John Walker believed all that. The hackerish founder of the software firm Autodesk, now retired to Switzerland to work on personal projects of his choosing, enjoyed “unbounded optimism” that the Net would not only offset the powers of industry and government but actually restore some previously threatened personal liberties. But in —the past couple of years, he noticed a disturbing trend. Developments in technology, law and commerce seemed to be directed toward actually changing the open nature of the Net. And Internet Revisited would create opportunities for business and government to control and monitor cyberspace.

In September Walker posted his fears in a 28,000-word Web document called the Digital Imprimatur. The name refers to his belief that it’s possible that nothing would be allowed to even appear on the Internet without having a proper technical authorization.

How could the freedom genie be shoved back into the bottle? Basically, it’s part of a huge effort to transform the Net from an arena where anyone can anonymously participate to a sign-in affair where tamperproof “digital certificates” identify who you are. The advantages of such a system are clear: it would eliminate identity theft and enable small, secure electronic “microtransactions,” long a dream of Internet commerce pioneers. (Another bonus: arrivederci, unwelcome spam.) A concurrent step would be the adoption of “trusted computing,” a system by which not only people but computer programs would be stamped with identifying marks. Those would link with certificates that determine whether programs are uncorrupted and cleared to run on your computer.

The best-known implementation of this scheme is the work in progress at Microsoft known as Next Generation Secure Computing Base (formerly called Palladium). It will be part of Longhorn, the next big Windows version, out in 2006. Intel and AMD are onboard to create special secure chips that would make all computers sold after that point secure. No more viruses! And the addition of “digital rights management” to movies, music and even documents created by individuals (such protections are already built into the recently released version of Microsoft Office) would use the secure system to make sure that no one can access or, potentially, even post anything without permission.

The giants of Internet commerce are eager to see this happen. “The social, economic and legal priorities are going to force the Internet toward security,” says Stratton Sclavos, CEO of VeriSign, a company built to provide digital certificates (it also owns Network Solutions, the exclusive handler of the “dot-com” part of the Internet domain-name system). “It’s not going to be all right not to know who’s on the other end of the wire.” Governments will be able to tax e-commerce—and dictators can keep track of who’s saying what.

Walker isn’t the first to warn of this ominous power shift. The Internet’s pre-eminent dean of darkness is Lawrence Lessig, the Stanford University guru of cyberlaw. Beginning with his 1999 book “Code and Other Laws of Cyberspace,” Lessig has been predicting that corporate and regulatory pressures would usurp the open nature of the Net, and now says that he has little reason to retract his pessimism. Lessig understands that restrictive copyright and Homeland Security laws give a legal rationale to “total control,” and also knows that it will be sold to the people as a great way to stop thieves, pirates, malicious hackers, spammers and child pornographers. “To say we need total freedom isn’t going to win,” Lessig says. He is working hard to promote alternatives in which the law can be enforced outside the actual architecture of the system itself but admits that he considers his own efforts somewhat quixotic. Issues 2004/France
On Jan. 5, Newsweek International and Lafayette Press will put on sale a French language edition of Issues 2004 (Perspectives 2004) in France. "The idea of publishing a special edition in French was inspired by the success of Newsweek's five other foreign language editions," says Thomas Sancton, the editor-in-chief of the French special issue. He's referring to Newsweek's publications in Japanese, Korean, Spanish (for Latin America), Arabic and Polish. Already, the appearance of the first French-language version of an American newsmagazine is attracting considerable interest in the French press. "Newsweek is testing the French market," reported the Parisian daily Le Monde. The first print run is 100,000 copies.

Does this mean that John Walker’s nightmare is a foregone conclusion? Not necessarily. Certain influential companies are beginning to understand that their own businesses depend on an open Internet. (Google, for example, is dependent on the ability to image the Web on its own servers, a task that might be impossible in a controlled Internet.) Activist groups like the Electronic Frontier Foundation are sounding alarms. A few legislators like Sens. Sam Brownback of Kansas and Norm Coleman of Minnesota are beginning to look upon digital rights management schemes with skepticism. Courts might balk if the restrictions clearly violate the First Amendment. And there are pockets of technologists concocting schemes that may be able to bypass even a rigidly controlled Internet. In one paper published by, of all people, some of Microsoft’s Palladium developers, there’s discussion of a scenario where small private “dark nets” can freely move data in a hostile environment. Picture digital freedom fighters huddling in the electronic equivalent of caves, file-swapping and blogging under the radar of censors and copyright cops.

Nonetheless, staving off the Internet power shift will be a difficult task, made even harder by apathy on the part of users who won’t know what they’ve got till it’s gone. “I’ve spent hundreds of hours talking to people about this,” says Walker. “And I can’t think of a single person who is actually going to do something about it.” Unfortunately, our increasingly Internet-based society will get only the freedom it fights for. © 2004 Newsweek, Inc.

-----------------

See You on the Darknet
Why we don't really want Internet security. By Paul Boutin
Posted Wednesday, Jan. 28, 2004, at 12:40 PM PT

… Autodesk founder John Walker, in a recent 28,000-word monograph ponderously titled "The Digital Imprimatur," wastes no time: His piece is subtitled "How big brother and big media can put the Internet genie back in the bottle." If your eyes don't glaze over right then, they will as soon as Walker begins to explain how by signing up for cheap broadband service, with its firewalls and dynamic IP addresses, you've already compromised your freedom.

Walker goes on, listing spam filters, antivirus software, even those perennially just-around-the-corner micropayment schemes as further nails in the coffin of liberty. "I have been amazed at how few comprehended how all the pieces fit together in the way I saw them inevitably converging," he says, in the patiently condescending tone of a Bond villain. But Walker's heavy-handed prose would be funnier if he didn't have a point…

… Walker also argues that the rest of us (the ones who aren't yet peons in Orwellian regimes) will voluntarily sign up for similar surveillance when the certificate system is marketed to us as a cure for spam, fraud, and other Internet annoyances. He's right that we'll be sold this stuff. The question is, will we buy it?

========================

"Spies" in Your Software?

A PRIVACY Forum Special Report — 11/1/99

Lauren Weinstein (lauren@vortex.com)
PRIVACY Forum Moderator

Greetings. As the percentage of computer users with either on-demand or permanent connections to the Internet continues to creep ever closer to 100%, some techniques are beginning to appear in software which can only be described as underhanded—apparently implemented by software firms who consider it their right to pry into your behavior.

It's becoming increasingly popular for various software packages, which would not otherwise seem to have any need for a network connection, to establish "secret" links back to servers to pass along a variety of information or to establish hidden control channels.

One rising star in this area of abuse is remote software control. Various firms now promote packages and libraries, which can be "invisibly" added to *other* software, to provide detailed "command and control" over the software's use, often without any clue to the user as to what's actually going on. These firms promote that they can monitor usage, remotely disable the software, gather statistics—anything you can imagine. The oft-cited major benign justification for such systems is piracy control, leading to gathering of information such as site IP numbers, for example. If the software seems to be running on the "wrong" machine, it can be remotely disabled. But information gathering and control most certainly doesn't necessarily stop there!

Another example is the use of such systems in "demo" software. I recently received promotional material from a firm touting their package's ability to prevent demo software from running without it first "signing in" to a remote server on each run, which would then report all usage of the demo—so the demo producer could figure out who to target for more contacts ("buy now!") or to disable the demo whenever they wished—or whatever might be desired.

It is frequently the case that software using such techniques will establish network connections without even asking the user (though I did succeed in getting one such firm to promise to change this policy after a long phone conversation with their president). But as a general rule, you cannot assume that you'll ever know that software is establishing a "hidden" channel, except in cases with dialup modems where you might actually hear the process. With permanent net connections, there'd typically be no clue.

If you think that your firewalls will protect you against such systems, think again. The protocol of choice for such activities is HTTP—the standard web protocol—meaning that these control and monitoring activities will typically flow freely through most firewalls and proxies that permit web browsing.

Other examples of such "backchannels" have also been appearing, such as e-mail messages containing "hidden" HTTP keys which will indicate to the sender when the e-mail was viewed by the recipient (assuming the e-mail was read in an HTTP-compliant mail package). Is this any of the firms' business? No, of course not. They just think they're being cute, and do it since they can. If you care about this sort of thing, read your e-mail in text-based packages—they're safer from a wide variety of e-mail "surprises" (including viruses) in any case. In the Unix/Linux world, "mh" is a good choice.

Whether one cares to view any particular application of these sorts of "network spy" technologies as trivial or critical will vary of course. Some people probably couldn't care less. Others (especially in business and government, where hidden flows of information can have serious consequences indeed) will be much more concerned.

Unfortunately, until such a time as it is clearly illegal for such packages to siphon information from, or remotely control, users' computers without their knowledge or permissions, such abuses are likely only to continue growing in scope and risks. We haven't seen anything yet.

—Lauren—
Lauren Weinstein
lauren@vortex.com
Moderator, PRIVACY Forum --- www.vortex.com Member, ACM Committee on Computers and Public Policy Host, "Vortex Reality Report & Unreality Trivia Quiz" --- www.vortex.co

---------------------------

excerpted from:

"spam defense" -facilitates corporate/gov't. surveillance & disabling political list-serves

… The stickiest situations involve mail sent by automated programs to willing recipients — mailing lists and legitimate, marketing e-mail.

Mailing-list administrators don't want to field thousands of challenges; some say they'll ignore all of them. "It's your responsibility to make it possible for people to send you e-mail that you request," wrote Adam Engst, editor of the TidBits newsletter, last month.

Unfortunately, many mailing lists come from random or hard-to-remember addresses. (Mailblocks suggests that users set up free, secondary accounts, called "trackers," to receive this sort of bulk mail.)

These problems seem solvable, but not without some sustained industry cooperation on ways to identify legitimate bulk mail and keep challenge messages from being challenged themselves.

And then what? We may wind up in a world where your ISP will have to join the right cartels to ensure that everybody gets their desired mail. Leaving an Internet provider may become even harder than it is now — who will want to start over and get a new address into everybody's approved-sender lists?

There have never been any easy cures for spam, and challenge-response isn't going to be one either.

Living with technology, or trying to? E-mail Rob Pegoraro at rob@twp.com.

------------------------

what govt. & its corporate partners wants to stop—along with uncensored email & internet info. not under their control:

Best Privacy Defense is Anonymous Surfing www.iht.com/articles/123619.html

Main Index >> Spies R US Index