Schneier on Security
A blog covering security and security technology.
« NSA Snooping on Cell Phone Calls |
| The Pentagon's World of Warcraft Movie-Plot Threat »
September 18, 2008
The NSA Teams Up with the Chinese Government to Limit Internet Anonymity
Definitely strange bedfellows:
A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.
The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.
A second, apparently leaked ITU document offers surveillance and monitoring justifications that seem well-suited to repressive regimes:
A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.
This is being sold as a way to go after the bad guys, but it won't help. Here's Steve Bellovin on that issue:
First, very few attacks these days use spoofed source addresses; the real IP address already tells you where the attack is coming from. Second, in case of a DDoS attack, there are too many sources; you can't do anything with the information. Third, the machine attacking you is almost certainly someone else's hacked machine and tracking them down (and getting them to clean it up) is itself time-consuming.
TraceBack is most useful in monitoring the activities of large masses of people. But of course, that's why the Chinese and the NSA are so interested in this proposal in the first place.
It's hard to figure out what the endgame is; the U.N. doesn't have the authority to impose Internet standards on anyone. In any case, this idea is counter to the U.N. Universal Declaration of Human Rights, Article 19: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers." In the U.S., it's counter to the First Amendment, which has long permitted anonymous speech. On the other hand, basic human and constitutional rights have been jettisoned left and right in the years after 9/11; why should this be any different?
But when the Chinese government and the NSA get together to enhance their ability to spy on us all, you have to wonder what's gone wrong with the world.
Posted on September 18, 2008 at 6:34 AM
• 71 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Everything under UN turns into a boondoggle - this effort might be a veiled attempt to draft rules for "cyber-invasion" :-)
On the other hand - it makes me feel good that my Tor is working well.
I'm working on some infosec security projects based in China, and I enjoy telling my client "the Chinese government requires a liaison who can hand over all encryption keys on request." Then when they get the very serious "oh, yes, we're dealing with China" looks on their faces I say "...which is exactly the same requirement as in the U.S." Both the U.S. and China are considered 'surveillance societies,' and after the RNC convention (and the muted media coverage that police excesses received there) the two nations look increasingly similar. But at least having our every blog post traced back to us keeps us safe from terrorism. Or something.
The DDOS angle seems like a red herring:
Al-Qaida's Propaganda Sites, Smacked Down
China is obviously motivated by stifling anti-government sentiment while the NSA is probably most concerned about finding online "terrorist" friends.
... where "terrorist" is defined as any person or entity that says nasty things, that may or may not be true, about the current president and his party at any given point in time.
Now what was that difference you were talking about?
It's not going to work, unless every single ISP on the planet is going to cooperate. There will always be ways to go trough anonymizers, like Tor or anonymous proxy servers.
It doesn't matter what those governments want or decide, there will always be plenty idealistic techies that will find a way to provide anonymous services.
@Sparky: in my understanding, IP Traceback won't allow you to be anonymous when using an anonymizer nor TOR. It must be something like the original starting IP address hardcoded into the IP packet. Or am I wrong?
@NP: and how, exactly would you do that? Undoable without full cooperation of all parties, including you.
@xxx: I don't know how you would do that, such information has not been disclosed. But one way to do it, MAYBE, could be adding a value to the IP packet containing its origin, and having such value somehow validated so that the packet would be ignored if such value was altered. Obviously, this is only my thought.
"You have to wonder what's gone wrong..."
Not at all. It is quite clear what has gone wrong. No wondering needed.
As for wondering "what's wrong with the world", I think Naomi Klein's article on the unnervingly high-tech contemporary Chinese police state that originally appeared on HuffPo back in August might shed some light: http://www.naomiklein.org/articles/2008/08/...
Basically, comprehensive surveillance is a booming industry in China like nowhere else and the NSA aren't dummies: they know what the Chinese are doing and they also know that the best way to learn is by doing. Seems to me like they're probably just keeping up with the state of the art.
One hopes that they're doing so simply in order to stay competitive.
Since you quote the U.N. Universal Declaration of Human Rights, I have some disturbing news for you. The UN's interest in freedom of speech has been reversed in the last two years.
Islamic countries represented by the OIC (Organization of the Islamic Council) have taken over the agenda. The Commission on Human Rights has now been scrapped and replaced with a "Human Rights Council" which has mandate to find and report on "abuses" of free speech, in particular speech against religion.
Here's a passage describing what has happened, from Roy Brown, spokesman at the UNCHR in Geneva for the International Humanist and Ethical Union. It's long, but it's worth reading.
== snip ==
A resolution "combating defamation of religions" was first introduced by the OIC in 1999 in the old Commission for Human Rights and has been adopted every year since - by the Commission and now by the Human Rights Council. Then in December last year the resolution was adopted by the UN General Assembly by a two to one majority. Now while the resolution is not binding on member states, it has created a framework in which it becomes legitimate for States to introduce (or where they have them already – to keep) laws combating defamation of religion: that is, blasphemy laws - laws which, I need not to remind you, some states apply with deadly effect. Rather than moving to eliminate such laws the UN is now complicit in creating an environment in which such laws can thrive.
In March this year, the Council adopted a resolution which modified the mandate of the Special Rapporteur on the right to freedom of expression to require him (or her) not only to report on violations of that right but to report on abuse of that freedom. In the words of one commentator, "it has turned the mandate of the Special Rapporteur on its head".
== snip ==
Let me quote Article 29 of said declaration of human rights:
"(2) In the exercise of his rights and freedoms, everyone shall be subject only to such limitations as are determined by law solely for the purpose of securing due recognition and respect for the rights and freedoms of others and of meeting the just requirements of morality, public order and the general welfare in a democratic society."
So obviously (at least for the NSA and the chinese government), limiting internet anonymity is necessary to meet the just requirements of morality, public order and general welfare.
Because I'm not sure it was made completely clear in my previous post:
Note the reversal of role for the UN. Previously, the role was reporting on violations of the right to free speech. Now, while still paying lip service to that role, they added the new reversed role of reporting on supposed "abuses" of that right. Turned on its head, indeed.
On Dave Farber's IP list, an apologist (member of the closed drafting group) has claimed that the document isn't correct, then implied that it was. The proposal is to allow tracking for "law enforcement purposes"; in too many countries (including the US sometimes) criticizing the government is against the law.
Given the fact that IPv4's inertia has made IPv6 a largely un-implemented standard for about a decade now, I have a hard time believing that a new IP standard, with new law-enforcement-friendly tracking/anti-spoofing fields, could ever become widely enough deployed to suit the intended surveillance purposes.
This activity speaks to a depressing state of mind of the governments involved, but I don't see evidence here for a specific realistic threat.
With free speech being in its nature a "free" form thing mutating as it grows, how can their be an "abuse" of it?
By introducing such a notion, the "speech" is no longer "free" but contained, corralled, marginalized with some words and ideas becoming "too free for their own good".
If I call my leaders incompetent ninnies, is that "free" or "abuse"?
What if I used profanity when I said it? Does that change anything?
What if, at the end, I added "no offense!"
Yet another sign we're becoming a fascist socialist state, we are teaming up with communist to achieve mutual police-state goals.
"The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author."
I thought the Supreme Court struck down the Alein and Sedition act long long ago?
@ Bruce, re: "...On the other hand, basic human and constitutional rights have been jettisoned left and right in the years after 9/11; why should this be any different?"
I'd just scrap the "in the years after 9/11" portion.
There is no excuse for these types of violations, yet even mentioning 9/11 will always give some of us all the emotional justification needed to accept the eroding of our rights, despite all logic and reason.
Kind of a pet-peeve of mine. This is what Governments do. It has nothing to do with 9/11 or the GWoT or kiddie porn, any other excuse-of-the-day. Don't hamstring yourself when you're making a valid point and raising pertinent questions.
Anonymous at 10:50, the Internet is not purely in the US.
Excellent point. I have noticed the same in the US.
For example the religious fundamentalist group "Liberty Legal Institute" claims to protect First Amendment rights "for individuals, groups and churches" by suing critics of religion.
Isn't a church a group?
They have most recently started a lawsuit in Alaska to block discussion of Sarah Palin's ethics and delay investigations until after the election.
Something really peculiar about those who use freedom of speech clauses to justify their attack on dissent.
You are kidding yourself if you think the NSA intends to secure "morality, public order and general welfare" by eliminating anonymity. In other words, what evidence do you have that they are operating under the principle of Article 29?
As to how this could be accomplished, one article about this issue mentioned a that Cisco also participated in the "IP Traceback" drafting group meeting.
Most of the Internet routers run Cisco software (the sources of which are heavily protected by the company, possibly because it has some backdoors in it already). On top of this we have the governments who have their own hackers "participating" in the Linux project and who could well pressure Microsoft to add new code into the TCP/IP stack (through the Windows Update Service). There are many ways on how something like this can be accomplished...
@toconnell: if the stateless, reset-packet shooting great firewall of China is the "state of the art", I'd think we don't have much to fear at the moment.
Just about any cryptographic protocol I can think of assumes the endpoints are trusted. In this case, one of the endpoints is the adversary, and the other end isn't necessarily trusted either.
Tagging a packet when it enters the ISPs network is useless, because it doesn't stop the user from using anonymizing services like Tor. If the user is not connecting to something that is blacklisted, and the contents of the packet are junk (maybe encrypted, maybe just an unknown binary protocol), what are they going to do about it?
The problem of course, is that in China, the authorities don't need to prove anything, ever. If you say stuff they don't like, you simply go missing.
No technology, save lots of gunpowder, will ever change that.
@not_Kurt: Indeed, this seems to be "what governments do". Part of the problem is the availability of cheap technology for spying on people. Tapping a phone used to be insanely expensive, and now the governments bill for the phone tap is probably lower than your phone bill.
The question is: WHY is this "what governments do"?
Isn't this stuff already built into Windows Vista?
could something like this be coupled with the Windows system of a GUID, or does it even need to?
The problem is, this is not just about China. Forget China. They are just one of the players in this.
US and NSA are just as much in it as China is. Not to mention some private corps. This is not some Chinese lack of tech-know-how issue.
One of the points with this is to find a way to identify people who use the net through e.g. a VPN connection. So would it not work even if the person is using the Tor network?
@Armageddon: the problem that exists in China (the "mysteriously disappearing people" problem), doesn't exist in most other places. Because of that, technology that works elsewhere, because there is no basis for a criminal prosecution, doesn't work is China, because there is no need for prosecution. It invalidates all the rules for playing cat and mouse.
@Scared: I doubt it, because I'd think it would have been found by now. Lots of people know how to sniff packets, and what a packet is suppost to look like. It Microsoft would have been doing something fishy with the network packets in Vista, someone would have spotted it. They couldn't even keep the data they send with the windows XP activation secret, and that was encrypted.
@Sparky: I wasn't so much thinking about packets, but rather Vista's ability to call "home", being it Microsoft or NSA (or both). Some encrypted data sent from the Malicious Software removal tool, or Anti Piracy Protection, or whatever.
We need to know who you are, where you are, where you've been, where you are going, what you said, and to whom.
It's the only way we can guarantee your safety.
@Seth ".....in too many countries (including the US sometimes) criticizing the government is against the law."
Care to give ANY -- ANY --- ANY example (for US) - unless you believe burning and exploding bombs is a form of criticism.
Anonymous@1:35: Did you try standing across the street from the Republican Convention wearing a t-shirt saying "Bush is an idiot"?
If calling the President names is illegal, it's a news to me and I guess another few million people who have heard Olberman call him that everyday on TV.
Your comments show naivete --- are you forgetting to mention that may be you were wearing a T-shirt calling Bush an idiot but forgot to wear your pants and underwear ?
"So would it not work even if the person is using the Tor network?"
TOR like most low latency networks is suceptable to analysis at the end points by a number of methods.
If you pop over to the Cambridge Labs (U.K. ;) and have a look there you will see that they have found a number of ways of determining the Who and Where and thereby lifiting the veil of anonimity from TOR.
@Carlo Graziani, re: "I have a hard time believing that a new IP standard, ... could ever become widely enough deployed"
Ah, but please note the splash made in both the tech- and mainstream-press by the recent DNS and BGP flaps. In both cases the fundamental vuln lies in the fact that the IP standard was promulgated in a day when security was completely ignored, for all practical purposes. (Note that my first experience on the net involved dialing into the nearest backbone router, logging into its open guest account and from there virtual terminalling into various major sites around the world using their open guest accounts on a system run by DARPA. That environment is the ground in which IP was conceived. Not fertile soil for serious network security.)
The case can readily made in a day when the estimates of the numbers of zombie machines run to the hundred million order of magnitude that only by adopting a whole new generation of network protocols can anything resembling network security be obtained.
Once you buy that argument, the notion that the security and law enforcement concerns of the world's major governments should be taken into account isn't all that big a leap. With China, the US, Russia and the Islamic world all being surveillance societies, getting basic agreement internationally on what those concerns are shouldn't be all that difficult.
@Bruce, re: "you have to wonder what's gone wrong with the world", I'm afraid that isn't what I'm wondering. What I wonder is what we can do about it.
@sooth sayer: I wouldn't say that Seth is Naive. He may be a bit cynical, possibly alarmist, and quick to overgeneralize, but if you look into the tactics used by the feds and county sheriff in St. Paul just before and during the Republican National Convention, you will find things that are unpleasantly close to "precrime" preemptive strikes aimed at journalists.
There is some rather unnerving footage of a lawyer in handcuffs in front of a house full of journalists who have been ordered to stay in the house or be taken into custody while law enforcement obtains a warrant, which took about two hours. Please note that it isn't clear how in the hour or two BEFORE they have a warrant the police can put people under what amounts to house arrest and cuff the lawyer that they send out to act as a liaison.
It is not naive to generalize from the experience of the lawyers and journalists who were taken into custody, had their cameras, laptops and other equipment confiscated and conclude that at least one step towards a police state has been taken. In fact, it is probably naive NOT to at least ask if we aren't going that way.
For myself, I am not convinced that we have actually crossed the tipping point into the world that Seth thinks we are in, but I do think we are teetering on the edge. Please note the version of the Insurrection Act that the US was operating under between the passage of the 2007 Military Appropriations act and the 2008 version. When the President is authorized to use the military domestically in "other circumstances", the difference between a potential and actual police state begins to become purely circumstantial.
@Care to give ANY -- ANY --- ANY example (for US)
The Supreme Court case which gave us the "fire in a crowded theater" cliche. It was ruled that distributing fliers opposing the draft could be banned, and a man spent 6 months in jail for it. This was only limited 50 years later.
Is that ANY ANY ANY example of the US forbidding speech against the government? I have others...
Just remember, you can say anything about anyone as long as you remember to add, "bless their heart," at the end.
Vista could also have a passive backdoor, such as that it is hardcoded to react to a specific kind of a packet sent to a specific port in a "special way".
Anyways, I think these developments are very much related to the increase in U.S. government power over its citizens (since 9-11) and the current increase in government power over the economy (see e.g. Nouriel Roubini's blog about this).
@ Max Dobberstein,
'as long as you remember to add, "bless their heart," at the end.'
If a uniform is involved remember that those wearing them believe that "rank hath it's priveledges".
So starting with,
"With all due respects XXX,"
Is a better way.
Oh and remember to replace XXX with sir / madam / officer / your honour or whatever their uniform entitles them to otherwise they might get mightily upset. Calling a six foot four traffic cop with five o'clock shadow "madam" might not be appreciated unless you know for certain... ;)
I have little respect for anyone calling themselves journalists these days.
Your story is incomplete at best.
Are you saying St. Paul police were complicit in illegally detaining people?
Is ACLU defunct and dead or turned republican this summer?
And who gave their press credentials to two ruffians who disrupted McCain's speech ?
I didn't see anyone disrupt Democrat convention, and there were many there who called Bush idiot and worse.
In St. Paul why were people marching with their faces covered? I doubt they could fool NSA (if that's your worry).
If you have no conviction of your actions, then only you need to cover your face or your rear-end :-)
Obama used to be a trainer and a lawyer for ACRON who have been convicted in 3 states for voter fraud. You think police, judges are juries were all complicit in that too?
I bet you Obama's ACRON has caused more REAL voter fraud than Die-Bold has ever caused. No one has yet handcuffed HIM.
(And I never saw a word about it on this blog either).
No, Seth is not alarmist -- or naive- there is simpler word for it .. WRONG .. and maybe you are bit more soft spoken, but are too.
" ... It was ruled that distributing fliers opposing the draft could be banned, and a man spent 6 months in jail for it. This was only limited 50 years later. .."
Can you provide the case and names in this ... or any other..
".. yelling fire in a crowded theatre ..." ..
I don't think you understand law or anything about a legally constituted society -- rights by definition have bounds.
You, it appears to me, are an anarchist or may be a socialist who has never read what they did in USSR.
@sooth sayer, I was asked for an example. I gave a specific example: wearing a particular t-shirt at a particular time and place was not permitted. The fact that saying something similar at another time and another place is irrelevant.
Yes, the police were complicit in illegally detaining people. That was only a few weeks ago; lawsuits haven't started yet, so we don't know how the ACLU will act. They're a private organization, not required to respond to everything (or anything) on your schedule.
@anonymous 4:23, GIYF. Schenck v. United States, US Supreme Court, 1919, "The most stringent protection of free speech would not protect a man falsely shouting fire in a theater and causing a panic" Look up the rest of the ruling; Schenck's conviction (for distributing flyers) was upheld.
@sooth sayer, I wasn't there, so I cannot speak with any certainty, but it certainly looked to me as if the police were illegally detaining people. Yes.
All of the accounts I have read to date agree that they surrounded a building full of people who included journalists and lawyers and announced that everyone was to remain in the house while a warrant was obtained, and that anyone who attempted to leave would be detained. The lawyer in the video was clearly handcuffed and acting as a liaison.
If they didn't have a warrant, I don't understand how the detention was legal. It may have been. It LOOKS highly suspect.
Eventually a warrant was obtained, the house searched, no one was arrested and nothing was confiscated. Technically, the police used a warrant with the wrong address but that is probably not significant. I watched the whole thing live as there were a number of people inside and outside the house with cell phones and qix and other simliar accounts. It certainly looked improper.
There's a video of about 12 minutes in length that covers much of what occurred here: http://seattle.indymedia.org/en/2008/09/...
It includes several bits I saw live or near live. This includes the lawyer in handcuffs describing the events in the presence of the police. It does not include the parts where the police tell her what the limits are on what she may and may not say. It is safe to say her on site description is if anything slanted in favor of the police's viewpoint.
I won't be surprised if you dismiss the journalists, lawyers and activists as trouble makers, but the whole point is that dissent, criticism, video recording and the like are protected in this country and an incident like this, especially in the context of such things as the 14 month Insurrection Act monstrosity give one pause. Well, they give me pause. Worry me substantially, in fact.
People like Seth take them as evidence that we are well into the police state territory that I fear we may be verging on, and I understand why. It is not mere naivete, as you dismissed it. It may be alarmism. Combined with the strange bedfellows alliance that Bruce notes here, it feels like part of a very scary pattern to many.
All in all, one does well to ask a lot of questions about the overlap in digital security, physical and national security and civil liberties. The game is afoot,
@Seth .. you are not only legally challenged, but grammatically too.
Read your original post again,
- You used the tense "is" -- may be you will now question what the meaning of world "is" is.
- And you quote a 90 year old ruling that has gone thru much revision - not that the ruling has any relevance to free speech.
Are you from Whoopie Goldberg school wondering if Slavery will come back if McCain became president .. of course US Supreme court in Dred Scott ruled ..... and the constitution ifself uses 5/8 for "other persons" that has never been repleaded
get a life (or a law book) or any book.
@Seth .. my bad, i should be repealed and not repleaded
@Jim .. I don't see anything special about a lawyer being handcuffed, I wish all of them were.
If you don't know the facts of the case but only that a lawyer was arrested and are worried about liberty in this country; may be you should get a glass of wine and relax .. if that doesn't do it light a joint or get prozac.
@sooth sayer, I'm not getting the feeling that you're actually reading what I'm writing. I am not CERTAIN of what happened because I "only" watched it while it was happening over multiple video feeds from both inside and outside the building, read several first hand accounts and news stories and reviewed the video I pointed to above. That is somewhat different from not knowing the facts of the case.
One thing I do know, and which anyone who read what I wrote above should have picked up on is that the lawyer was NOT arrested. No one was. Nothing was confiscated. No warrant was ever obtained for the residence that the police broke into. The lawyer was detained in handcuffs after leaving the building. Everyone in the building was first threatened with detention, and then when the police broke into the home they were in from the home they got the warrant for, everyone was detained at gun point and detained in handcuffs or other restraints. Your summary is just plain wrong.
That LOOKS a whole lot like illegal detention. Of course, since we live in a country ruled by common law, and no case has been heard, no judge or jury has deliberated, I cannot say for certain that it WAS illegal detention. That's how our system works.
The scenario--which you can watch a 12 minute video summary of, as noted above--does not match any legal procedure I am aware of.
I understand that you don't believe that anything bad could have happened and that the trouble makers to whom it did or didn't happen to probably deserved it anyway, but I'm afraid that you are not in good standing to dismiss what I know.
Sadly, there is substantial evidence that dissent is less and less tolerated by our government and that mere criticism or documenting of events can result in arrest or illegal detention. Closing you eyes to it does not make it go away. Go watch the video or look into the incident and then come back and tell me that I don't know what I'm talking about.
This is the last I will comment on it.
Policeman has to have "some" leeway in determining the intent - that's why society hires and pays them. If they do something illegal, they do get fired or reprimanded.
A lot of what you are claiming are non issues -- just something you don't like.
It sounds insincere as I don't think you shed a tear for McCain when he got interrupted.
Who were the loons running around in St. Paul with covered faces?
Reminds me of sundry terrorists around the world - join the club.
As I said before, if you live in fear of the state - have a glass of wine/joint/prozac (OR) carry a gun; at least the supreme court has allowed that for a change!
"get a life (or a law book) or any book."
You've been warned before about exactly this kind of comment. If you cannot be civil to other commenters, you will be banned.
NSA teaming up with the Chinese Gov, well, understandable and smart. Very sophisticated hacker attacks on USA government and USA industry are coming out of China. You would expect nothing less from doing this from even the FBI.
Where the issue is, you hope the NSA is not being played like a fool here. Old saying, there are no friendly intelligence agencies. China could play this out, and get access to top tech and really hammer USA if the NSA missteps.
Consider that DHS has collapsed some of the levels in intelligence, tracking down some security, is a disaster. You need to get to the bottom.
What would be good to read about here in comments, is who, what, where, why, etc the abuses will be.
Keep you friends close...
So whats the problem?
So whats the issues?
\"On the other hand, basic human and constitutional rights have been jettisoned left and right in the years after 9/11; why should this be any different?\"
9/11 was realised by US. US gov (ok, not Bush, the real gov who are behind the scene) financed and made that terr-act. Do you respect yourself? Then don\'t be the foolish victim of US disinformation and zombification, bin Laden, terrorism and al Caida are virtual threats only, imagined by govs to f*ck your brains up.
Wanna know the truth about 9/11 and US? Find in the internet (torrents) this film:
\"Zero\" by Giulietto Chiesa ( http://zero911movie.com/site/ )
Or watch this film here (it\'s not only about 9/11 but also about):
\"Zeitgeist\" ( http://www.zeitgeistmovie.com/ )
I don't think you've really done the fundamental concept of cohesive international traceback justice. It is very reminiscent of how academia has been working for years to provide QoS, and then the slashdot crowd gets the idea that providing tiered service is a threat to net neutrality, and all the work, and potential that the applications are for naught.
So while I am not condoning the form that this particular approach has taken, I think it hints at something deeper, which I think would be a good Wired article for you. While there is the standard chinese anti-dissident language in there, I'd like that to be put aside, to take a
view of the larger scope: We need effective ways to deal with the international nature of cybercrime. We essentially need traceback "treaties" at the national level. They would be something like either party can query the other for information to be used in ongoing law enforcement investigations. There's already ad-hoc networks of law enforcement, but they are severely hampered in what they can do cross- boarder, such that they won't even bother to try unless it's really a very very large case. If you have agreements at the national level, they then in turn push regulation to the ISP level to help implement the traceback. And the fact is the government already has the ability to compel ISPs to give up information, just as they have always had the ability to compel telephone companies, so this is not capability which is going to go away.
But if it is utilized in a more cohesive and transparent manner, as would be required if it was built in to some treaty, it seems like it
can overcome some of the shallow objections Bellovin mentions. In cybercrime cases we typically only care about tracing back to a single
individual (or groups of individuals) to find them physically to arrest them. So yes, if we find the source of the attack, it will be from a hacked box...but then we trace back to the next ISP, and then the next. Again, the FBI already does this, just in a slow and ad-hoc way, so I am very interested in the difference that actual, UN-level,
traceback treaties would have on tracking cyber criminals, and I think it would be a good topic for you to talk about more in depth (even if
you don't agree with my perspective).
A Tool for Internet Chatroom Surveillance
@sooth sayer: Yes, I did make a mindo and get the grammar wrong. The meaning should be clear. In case it wasn't: I specified that activities that are clearly covered by the First Amendment are sometimes prohibited by the government. I gave an example of such an activity. The fact that a similar statement, made at another time in another place, was permitted does not affect the fact that the example I gave was a violation of the First Amendment.
"and the constitution ifself uses 5/8 for "other persons" that has never been repleaded
get a life (or a law book) or any book."
Why don't you start with a copy of the Constitution? (Hint: it says "three fifths".)
The facts of the case Jim Burrows wrote about: a lawyer was handcuffed *for no specifiable reason* other than the police didn't want him to leave. They had no *probable cause* for arresting him. They had no warrant.
Hours later, they searched a house using a warrant that gave a different address. The Constitution (Fourth Amendment) says: "and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched," That warrant didn't describe the place to be searched, it described some other place entirely.
"Policeman has to have "some" leeway in determining the intent - that's why society hires and pays them. If they do something illegal, they do get fired or reprimanded."
I wish that were the case. Look at the many examples on YouTube of police criminal misconduct; how many have led to such? Of the similar actions that weren't videotaped and publicized, how many lead to firings or even reprimands?
I'll worry about politicians being interrupted after I no longer have any worries about citizens being denied their Constitutional rights. Fair enough? Or do you believe that some people are more equal than others?
animal farm anyone?
chinese party - the upholders of the free world...along with the republican party.
"But they had not gone twenty yards when they stopped short. An uproar of voices was coming from the farmhouse. They rushed back and looked through the window again. Yes, a violent quarrel was in progress. There were shoutings, bangings on the table, sharp suspicious glances, furious denials. The source of the trouble appeared to be that Napoleon and Mr. Pilkington had each played an ace of spades simultaneously.
Twelve voices were shouting in anger, and they were all alike. No question, now, what had happened to the faces of the pigs. The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which."
For a hundred years Americans were clamouring for socialism.
Well, Americans are getting it. With all attendant niceties such as police state, total surveilance, propaganda on TV and Party nomenklatura.
I wonder why anybody's surprised at the outcome. It's not like the socialist ideas weren't tried before.
The good news is that, by passing this off to the UN, they have guaranteed that nothing will ever get done... It's the biggest, most corrupt paper tiger ever created.
Negotiation. If China starts cutting us off, then we have a way to say, well, we can shut down your x,y,z.
Research. Hard to get things done in USA, well welcome foreign business deals.
Protection. Already discussed in 2sharpforks.
Monitoring. Good to know what secrets are leaving the USA through all the hacking in China. Contingency handling.
Motto. ~ In god we trust. All others we monitor.
Business. NSA uses contractors a lot. There probably are a lot of very intelligent people looking for work. See Research.
Foreign Relations. Important to keep things from becoming a cold war. If the USA government is not very good at building credibility, why not somebody else?
Security. 9/11 was a joke, because we did squat to prevent it. Post 9/11 is a major joke, cure is worse than disease. Cyber 9/11 is coming, why wait? Perhaps NSA can stop and deal with issue before problem gets 'solved' by politics and greed.
What I do have a major problem with, is poor security built into hardware, software, and solving problems of security with legal punishments and government monitoring.
Again, little good comments on this, compared to other articles.
The US and China - two totalitarian systems working great together!
> I thought the Supreme Court struck down the Alein and Sedition act long long ago?
One word: Scalia. This guy says Torture isn't Torture.
A quick illustration of how traffic analysis could enable this kind of thing, even if you're using TOR or a VPN or similar:
If a high proportion of packets from Node A to Node B are followed quickly by a packet from Node B to Node C, it can be inferred that Node A is communicating with Node C.
@Anonymous: in order to do so, you would need to previously know (or think) that nodes A and C are communicating, and you just need a way to verify this. If you want to know what A is doing on the internet, or you wanna know who is accessing C, what you said won't work.
"For a hundred years Americans were clamouring for socialism. Well, Americans are getting it. With all attendant niceties such as police state, total surveilance, propaganda on TV and Party nomenklatura.I wonder why anybody's surprised at the outcome. It's not like the socialist ideas weren't tried before."
You really need to educate yourself to what socialism is. None of what you mentioned is necessary for socialism. The fact that some attempts to create communism (a form of socialism) failed and instead created dicatorships has little to do with socialism itself. Many attempts to create capitalist societies has also failed miserably (fascist italy, chile, todays china...) and other states that are considered good such as the US has more then it's fair share of problems.
Meanwhile, there are lots of democratic socialist states in the world that has stronger civil rights then the US, especially in Europe even though almost all of them have moved in the same direction as the US the last decades and become less and less socialist and more and more capitalist. And you know what? The only "improvement" I've noticed by more capitalism is on the price tag of everything and it's not an improvement for me but rather for an assorted array of businesses.
But of course, by now I am way off topic, sorry for that.
NP: Or alternatively, you are collecting and cross-referencing a large amount of such timing data at many of the right choke-points in the network. I'm not claiming it would be easy, or that there aren't complications that the eavesdropper would need to solve, but for an entity with the resources of a state (or several) at their disposal, it sounds do-able.
@kme: It sounds extremely hard to me, no matter how much resources you can invest in it. Having so many users (potentially, all the users of the Internet) and so many services to connect to, it is, in my opinion, impossible to safely refer an outgoing connection generated by A to an incoming connection in C, if B is in the middle.
Well, since your first response was to Anonymous and he was mentioning TOR, I figured I'd mention this.
As of mid-2007, there were less than 150 TOR exit nodes. I don't have more current numbers, but that is not a very large number. Even if the NSA was only tapping within it's own borders, there were 53 exit nodes there. If a person of interest came up, with the ISP level data tapping they are allegedly doing, it would not be an intractable problem to loosely match that person to traffic coming out of exit nodes at least 33% of the time. And the NSA has been hiring CompSci folks specifically for data mining for some time now, so likely they'd scale well even with an increased number of exit nodes.
Just food for thought.
I think it is dangerous to state decisively that Internet anonymity is protected under the First Amendment in the United States. The Supreme Court has never completely resolved the scope of protection one is afforded under the First Amendment regarding the disclosure of one's identity.
For more information, check out http://jolt.unc.edu/blog/2008/09/19/...
That such technology research is ongoing should come as no surprise to anyone. That is of common interest to NSA and the communist Chinese government should be no surprise either. It's probably of interest to every government, intelligence agency, police department and hacker group on the face of the earth. Has it some beneficial uses? You bet! Can it be seriously abused? Absolutely! Will it be if implemented? Almost certainly! Just like myriad other technologies since the development of the telescope.
A couple of minor nitpicks -TOR isn't as secure as many would like to think, but more secure than some would like.
Leaving aside the distinction that fascism is a political system and socialism an economic one, fascism and socialism are somewhat opposed ideologies making a fascist socialist state pretty much an oxymoron.
The US is rapidly becoming a fascist state, not a socialist one.
What people have said about correlating (encrypted) packets from A to B with packets from B to C quickly breaks down with more than one step in the procedure. Even if there are only 150 possible nodes I think that it would be very hard to trace from the beginning to the end of the chain. Likewise, the problem of only 150 exit nodes doesn't mean they could figure out who is seeing what through Tor, just what is being seen through Tor. (Since communications from the exit node to the destination are not encrypted, they could also eavesdrop on/change the communications there.) Any 'original destination address' field in packets would be impossible to implement without the cooperation of everyone; even if some DMCA-like legislation is passed that makes it illegal to NOT put this data on packets, it would be hard to detect if it was falsified. No doubt there are methods of making it harder to forge, but I think they could all be circumvented. As to the idea of people within the Linux project changing the TCP/IP stack to conform to some proposed anonymity-killing IP standard, I think that would fail utterly, based on how the project is organized and the mindset of many/most of its contributors.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.