December 15, 2000- Various Topics
In this issue:
- Another Oxymoron from the USA
- Global Eavesdroppers
- USA - Carnivore Details Revealed
- ScramDisk - An alternative to PGP
- The Invisible Man
- This Month's Promotion - Get One While You Still Can
1.UNITED STATES - Exposing Government misconduct is now a felony crimeOn October 12 the US Congress made it a felony crime to disclose classified information. By bypassing normal committee jurisdiction, and using unscheduled voice votes, sponsors of H.R. 4392, the Intelligence Authorization Act, succeeded in passing a law that will profoundly effect Congress and the public's right to know about government misconduct.
The fine print in the bill removes all requirements that classified information be clearly marked to indicate its status. Under the new law, information could be classified even if there are no markings or other warning. That revives a discredited concept from the 1980's known as "classifiable" information, which means "virtually anything."
It forces whistle blowers to seek advance permission before exposing nearly any evidence of bureaucratic misconduct, or risk criminal liability.
Full report at the Government Accountability Project web site: http://www.whistleblower.org/ www/specialaction.html
Editor's Comment:The world's superpower is becoming a prison for its citizens. This article used with permission by Financial Privacy Consultants, Inc. email: firstname.lastname@example.org
2. Global EavesdroppersYes, Virginia, there actually is an international conspiracy to spy on you!
Title:They Hear Everything You Say
Plot:A global surveillance network, run by the in famous National Security Agency and allied intelligence bureau's, listens to every electronic communication in the world. No one and nothing-from cell phone calls to satellite transmissions to baby monitors lies outside the range of its giant ear. Privacy is dead.
It sounds too corny to be true, but Echelon isn't the product of a B-movie script factory. Its very real, and it has been violating the privacy of Americans and foreign nationals alike for close to 50 years. "If you're on the phone with someone in another country, assume that three people are listening to the call-you, your friend, and the National Security Agency," says John Pike, an intelligence analyst at the Federation of American Scientists.
Echelon has come under increasing heat in the past few years, as U.S. privacy advocates, Congress, and European governments discover the extent to which the Echelon project retrieves and records communications from both private citizens and government agencies around the world. A committee of the European Parliament is investigating the giant global wiretap, and a French prosecutor has accused the NSA of conducting corporate espionage at a multibillion dollar expense to French companies.
Echelon intercepts messages-billions per hour, according to one estimate-from the Net, undersea cables, radio transmissions, and bugged embassies, with the majority of data collected through eight or nine radar stations, located from Sugar Grove, West Virginia, to Waihopai, New Zealand. After signals intelligence is gathered, its run through massive computers that scan messages to see if words such as bomb and Congress appear in proximity to each other. Earmarked messages are analysed and redistributed to the member country's security agencies.
This extensive surveillance could, for example, lead to the capture of a fugitive terrorist. Or it could be an egregious, illicit violation of your privacy. Authoritative information on Echelon is sparse (government officials do not call the NSA the No Such Agency for nothing), but according to a study commissioned by the European Parliament; Echelon had its roots in a 1947 agreement between the U.S. and Britain.
The countries agreed to divide the world into segments and share intelligence information gathered from their respective zones. Canada, Australia, and New Zealand joined the pact in the mid-1980s. At home, the NSA maintains such a low profile that few Americans had ever heard of the agency prior to 1975.
It gained attention during the Watergate hearings, when the Senate discovered that it had been illegally gathering the communications of thousands of civil rights and antiwar activists, including Jane Fonda and Benjamin Spock. Two confidential NSA memos obtained by the Electronic Privacy Information Center in June confirm that the NSA uses massive information gathering techniques, but the agency has yet to officially acknowledged Echelon's existence. Of course, covert intelligence gathering is hardly a new concept, and it has unquestionable benefits: Without it, young Americans might be pledging the swastika or hammer and sickle instead of the Stars and Stripes. But intelligence activities have generally toed a fine line in the U.S. By constitutional design, American citizens should be able to enjoy a degree of privacy unheard of in other nations.
That is exactly why the pervasiveness and scope of Echelon have so drawn the ire of U.S. privacy advocates. "It appears to me that Echelon is doing far more than the law allows. Such a large volume of communications is being intercepted, and because its all classified, we really have no idea whether or not they're targeting individuals," says Barry Steinhardt, associate director of the American Civil Liberties Union."Were concerned about two things: If they're using Echelon to conduct what amounts to political intelligence; and if they're using it to engage in domestic law enforcement, which they're not supposed to be doing."
There is additional evidence that Echelon has been abused in the past. As Mike Frost, a former Canadian intelligence operative, revealed to 60 Minutes, Echelon monitors not just cell phone chatter but even ATM transactions. Frost says member countries circumvent laws such as the Foreign Intelligence Surveillance Act by spying on one another's citizens. Pike notes the ambiguity involved in monitoring communications with foreigners. "Constitutional protections apply only to citizens. The problem arises when a foreigner is talking to an American."
Pike cautions that the current controversy might be overblown. "Listen, anything that can be abused will be abused. Its in the nature of a big organization, and the NSA is a very big organization. But I think its probably the exception rather than the rule." Yet Pike demurs when asked if he thinks citizens have anything to worry about: "I cant say I find even the wilder assertions totally implausible."
Editor's Comment:When you are the biggest kid on the block, you get to make all the rules, and break the ones the smaller kids made.
3. UNITED STATES - Carnivore Details RevealedNewly declassified documents obtained by Electronic Privacy Information Centre (EPIC) under the Freedom of Information Act reveal that Carnivore can monitor all of a target user's Internet traffic, and, in conjunction with other FBI tools, can reconstruct web pages exactly as a surveillance target saw them while surfing the web, writes Kevin Poulsen at SecurityFocus.com (4 October 2000).
-The released documents confirm that Carnivore grew from an earlier FBI project called Omnivore, but reveal for the first time that Omnivore itself was preceded by a still older tool. The name of the predecessor was carefully blacked out of the documents, and remains classified "secret."
- Next version of Carnivore will include the ability to display captured Internet traffic directly from Carnivore. Currently, the tool only stores data as raw packets, and another application called "Packeteer" is needed to process those packets.
- A third program called "CoolMiner" uses Packeteer's output to display and organize the intercepted data. The documents show that in tests, CoolMiner was able to reconstruct HTTP traffic captured by Carnivore into coherent web pages, a capability that would allow FBI agents to see the pages exactly as the user saw them while surfing the web.
- Justice Department and FBI officials have testified that Carnivore is used almost exclusively to monitor email, but noted that it was capable of monitoring messages sent over web based email services like Hotmail.
- An "Enhanced Carnivore" contract began in November 1999, the papers show, and will run out in January of next year at a total cost of $650,000. Some of the documents show that the FBI plans to add yet more features to version 2.0 and 3.0 of the surveillance tool, but the details are almost entirely redacted.
- A document subject to particularly heavy editing shows that the FBI was interested in voice over IP technology, and was in particular looking at protocols used by Net2Phone and FreeTel. The FBI's next release of documents is scheduled for mid-November.
Editor's Comment - It might be a good time to get your anonymous GSM phone from Privacy World, before this product is no longer available. Email us for details. This article used with permission by Financial Privacy Consultants, Inc. email: email@example.com
4. SCRAMDISK - Non-PGP disk encryption alternativeSCRAMDISK is a program that allows the creation and use of virtual encrypted drives. Basically, you create a container file on an existing hard drive which is created with a specific password. This container can then be mounted by the Scramdisk software which creates a new drive letter to represent the drive. The virtual drive can then only be accessed with the correct pass phrase. Without the correct pass phrase the files on the virtual drive are totally inaccessible. Once the pass phrase has been entered correctly and the drive is mounted the new virtual drive can then be used as a normal drive, files can be saved and retrieved to the drive and you can even install applications onto the encrypted drive.
Scramdisk has a range of interesting features:Allows virtual disks to be stored in a number of ways:
- In a container file on a FAT formatted hard disk.
- On an empty partition.
- Stored in the low bits of a WAV audio file (e.g. steganography).
Most readers may be asking - with us - why not use PGP?The authors of Scramdisk answer: "PGP is a great program, but it doesn't allow the on-the-fly encryption of a disk's contents. Instead users have to:
- Decrypt the existing file,
- Work on the data,
- Re-encrypt the data.
Editors Comment:Worth looking at! This article used with permission by Financial Privacy Consultants, Inc. email: firstname.lastname@example.org
5. The Invisible Man by AnonymousOnline, everyone knows you're a dog. New anonymity software can help in the privacy battle. The chances are getting better every day that an ill-advised remark you made online could come back to haunt you. You do not know me, and you never will. I do not mean that literally, of course, but when I log on to the Internet, I'm as close to unknowable as is possible in these interconnected times. Online, I slip my skin and disappear into invisibility. Its easy and nearly automatic, thanks to a program I use that buries my browser and scrambles my e-mail. Its a program that renders me invisible. Its not that I need to do this. I'm not a spy or a secret agent. Most of my activities online are fairly banal. I read. I troll for jokes. If I see something I like, I click and buy.
But every once in a while Ill post something to a news group or purchase something that I'd rather not be traced back to me. If the boss deserves a lashing on VAULT.COM that virtual water cooler, I'd just as soon go incognito when I wield the whip. If I'm experimenting with a trial subscription or a new sex toy, I do not want the company hounding me if I decide to cancel, or selling my name to people I prefer not to do business with.
I could tell you more-but then you'd know who I am. My friends say I'm a little extreme. But I'm in the very best company. In The Road Ahead, Bill Gates predicts that in the future we'll all live a fully "documented life," in which databases record our every transaction, whether trivial or profound. Its not hard to see how. We're transposing more and more of ourselves to the Internet at the very moment that the capacity to store data of every flavor is undergoing blinding growth.
Think I'm paranoid? In the past two years, there have been at least 70 lawsuits filed against message board posters. Most defendants were criticizing corporations under the assumption that they could do so behind a veil of privacy. Last year, the defence contractor Raytheon successfully sued 21 posters for disclosing information about the company. To avoid litigation, the critics could have relied on one of the many companies that help average computer users resist documentation and protect their privacy. The companies are thriving by catering to the over 80 percent of Net users who say they worry about online privacy. And in the process of meeting this demand, they're doing nothing less than changing the nature of cyberspace. Neither totally revealing nor completely anonymous, the option they're creating has a new name: pseudonymous.
Pseudonymity is actually an old idea on the Internet. Long before graphics enabled browsers, people typed in fictional handles in multi user domains, or MUDs. That tradition survives today in the form of screen names, those often absurd standins for a real identity. But today, going by a made up name is no guarantee of anonymity. If pseudonymity becomes the norm, we'll all be floating around cyberspace under assumed names. You won't have just one online identity-you'll have several, each a sliver of your real self. While the chances that an ill-advised remark could come back to haunt you maybe low right now, they're getting better every day.
No law prevents bulletin boards from turning over so-called tracer routes that can be used to determine the computer from which a message came. And although many larger ISPs and message boards will reveal a user's identity only under warrant or court order, most smaller companies will do so out of a sense of good citizenship, according to Jeff Bedser, managing director of ICG: INTERNET CRIMES GROUP INC., which specializes in uncovering anonymous posters. "They're generally happy to cooperate," says Bedser. So its no wonder that privacy advocates who chart the risks of invasive practices are worried. Andrew Shen, a policy analyst at the Electronic Privacy Information Center, warns, "Most people haven't fully grasped how everything that you see or do on the Internet is recorded and stored somewhere."
Indeed, employers, insurance companies, and others are beginning to troll newsgroups and bulletin boards. Some companies simply monitor message boards simply to know what's on their customers' minds. Others are looking for red flags that put the lie to an inflated résumé, that show evidence of a preexisting condition, or that otherwise suggest you're not who you say you are. For companies lacking the staff or motivation for this task, there's an outfit willing to take it on.
Online sleuth EWATCH, a service of PR Newswire, boasts that for a fee of $5,000, it can find the actual identity behind a screen name. Who's willing to pay? So far, claims eWatch, more than 800 corporate clients. One satisfied customer is U.S. West. Kristina Jonell, the company's Internet manager, provided eWatch with a glowing testimonial: "We decided to try eWatch because...we didn't have a way to know what customers were saying and in which discussion groups they were talking about US West. So this is a great way for us to do that tracking and to allow us to participate in those discussions." This kind of tracking is especially worrisome when you consider that many bulletin boards do not allow you to erase postings. Except in rare cases, the major newsgroups and bulletin boards preserve every remark-obscene or mundane-on their servers for as long as they are in business, and sometimes beyond.
DEJA.COM now has Usenet newsgroups that can be searched by keyword as far back as 1995. On AOL, each community decides for itself how long to archive postings, and some save every word for a period of time. If you simply want to cover your tracks online and make it impossible for eWatch to watch, look no further than the several companies offering free anonymizers. An anonymizer is a buffer an extra server that stands between your browser and its final destination ANONYMIZER.COM offers a no-fee service that hits you with banner ads in exchange for hiding your computer's location (a faster version without the ads costs $50 a year). IDZAP.COM offers a similar service, and others will sprout as privacy concerns grow. But there's a serious downside to the sort of anonymity those programs offer. For one thing, you can't stay part of an online community for long without maintaining a steady identity that's somehow verifiable. Its not that fellow posters are likely to check up on you. But in the course of a community dialogue you're more likely to reveal things about yourself that a trained sleuth could use to determine your actual identity.
The Canadian company Zero-Knowledge Systems offers a software package for Windows at its site ZERO-KNOWLEDGE that provides privacy protection while allowing you to nourish online communities. Called Freedom, it is the Rolls Royce of privacy software. Freedom wraps the data that leaves your computer in encrypted envelopes, so that nobody-not even the government can discover your identity or read your e-mail. Likewise, your boss cant peek into Freedom communications unless he's standing over your shoulder as you type. The program's most innovative feature is its five pseudonymous identities, or "nyms." Each nym comes with a mailbox address; mail to the nym address can be accessed from your ordinary e-mail account. Activate a nym before browsing and even cookies will be contained in that nym's "cookie jar."
Say you want to research cancer: Using one nym, you go to a site about the disease; using another, you visit a health insurance site. With Freedom, neither site can learn about your visit to the other. Freedom may well be a radical measure for most people.
Then again, you could be grateful down the road. Just ask Jim Rutt. The CEO of domain-name company Network Solutions, Rutt used to be an avid poster to hip online community THE WELL For 10 years, Rutt wrote daily missives to the Well under the obvious screen name jimrutt. In the comfort of the community, jimrutt said things that Jim Rutt never would. When Rutt joined Network Solutions he feared that the media would exhume his late night banter. So he went back and deleted 200 pages, one by one, erasing his past. "It was a controversial move at the time, and it got a lot of other people thinking about whether they should go back and erase their old postings," recalls one Well conference host. Rutt was lucky-and prudent. He covered his tracks. You may not need to go that far, but its reassuring to know the option exists. Whatever you do, donut worry about me. I'm already gone.