[isocnz-l]spooks, snooping, privacy and surveillance
Stephen Judd
and
http://www.stuff.co.nz/inl/index/0,1008,460236a10,FF.html
Will the society be making submissions?
I am particularly interested in the section of the Herald article that
reads:
"The proposal is that existing telecommunications companies who have to
adapt their systems might be able to get a refund from the Government,
but that any new provider would be required to introduce an
interception-capable system at their own expense"
This appears to imply Carnivore style traffic sniffing to me.
Would anyone from an ISP like to comment?
Stephen
Joe Abley
> "The proposal is that existing telecommunications companies who have to
> adapt their systems might be able to get a refund from the Government,
> but that any new provider would be required to introduce an
> interception-capable system at their own expense"
>
> This appears to imply Carnivore style traffic sniffing to me.
Carnivore is just the name of an application the FBI developed to
allow them to intercept IP traffic; there is no magic technology
involved in it.
According to the FBI guy who spoke at NANOG 20 last week they only
use Carnivore with the authority of the courts, and then only if the
ISP in question isn't prepared to gather the data themselves on the
FBI's behalf.
It is apparently not a tool which they deploy in ISP networks as a
matter of routine; it's installed in respone to specific evidence-
gathering in specific cases.
The comment quoted is too vague to mean much though, I think.
Capable of interception by whom? Under whose control? Using whose
equipment, operated by whose staff? Passive capture? Active
probing? Under whose authority?
Are there any facts available?
> Would anyone from an ISP like to comment?
Joe
Rick Shera
> See:
>
> http://www.nzherald.co.nz/storydisplay.cfm?storyID=157534&thes
ection=technology&%20thesubsection=general
and
http://www.stuff.co.nz/inl/index/0,1008,460236a10,FF.html
Will the society be making submissions?
[snip]
Ewen McNeill is heading up an Electronic Privacy wg under the auspices of
the Legal & Regulatory Affairs Committee. This was set up specifically in
anticipation of these moves and no doubt you will be hearing from the wg
very soon. ISOCNZ will indeed be making submissions based on the
deliberations of, and feedback to, this group.
Regards,
Rick Shera
Legal & Regulatory Affairs Committee Chair
Brian Gibbons
>Would anyone from an ISP like to comment?
This raises the question of jurisdiction and the ability of an ISP to
comply.
If I, as a nz ISP, outsource "email server functionality" to a company in
the U.S., their service is unlikely to come bundled with "snooping services
for your local Secret Service".
The goverment might find the odd jurisdiction problem when they turn up with
their court order and find all of the ISP's systems are in another country.
Tax havens in the 80's, data havens for the new millenium, sounds like good
fodder for another Wishart trilogy.
Joe Abley
> This raises the question of jurisdiction and the ability of an ISP to
> comply.
>
> If I, as a nz ISP, outsource "email server functionality" to a company in
> the U.S., their service is unlikely to come bundled with "snooping services
> for your local Secret Service".
>
> The goverment might find the odd jurisdiction problem when they turn up with
> their court order and find all of the ISP's systems are in another country.
Possibly, although I imagine a court could instruct the ISP to recover
whatever data it thought was pertinent, regardless of where it was stored.
Note that the police are already able to request access to mailboxes
with a court order (it has happened at several NZ ISPs that I have been
involved in).
In any case, a NZ agency could use passive capture to watch a subject in
NZ retrieving and sending mail, regardless of where the mail was stored.
> Tax havens in the 80's, data havens for the new millenium, sounds like good
> fodder for another Wishart trilogy.
Joe
Gordon Smith
got through, considering how loose some of the wording is. I saw a good
legal analysis of it a while back - pretty scary stuff.
I guess they feel that ISP staff have too much free time :-)
Is ISOCNZ planning to respond?
Rick Shera
>
> This sounds suspiciously like the Act passed in the UK.
As I understand it, it is based on that.
> I was
> surprised it
> got through, considering how loose some of the wording is. I
> saw a good
> legal analysis of it a while back - pretty scary stuff.
Do you have a reference/link/copy that you could provide to the working
group which is headed by Ween McNeill <ew...@naos.co.nz>?
>
> I guess they feel that ISP staff have too much free time :-)
>
> Is ISOCNZ planning to respond?
As I've already said, yes.
Rick Shera
ISOCNZ Legal & Regulatory Affairs Committee Chair
Rick Shera
"...the working group which is headed by Ween McNeill ..."
Should have referred to Ewen McNeill
Sorry Ewen
Rick Shera
Paul Brislen
http://www.hmso.gov.uk/acts/acts2000/20000023.htm
and some nice coverage of it here:
Having read the Herald and the Stuff stories, I have to ask: has anyone
actually seen the draft bill yet? As far as I'm aware it isn't due to be
released until sometime this week at the earliest. I spoke with Paul
Swain when the RIP bill came out and told him what I knew of it at the
time (admitedly not much) and he assured me the NZ govt wouldn't go down
that track - all he was after was legislation that would put email on a
par with phone calls when it came to signing interception warrants... at
the moment no copper in the land can actually look at your email
(according to Swain) and he wants to fix that.
I did ask what happens if the mail is encrypted and he said that's
another matter - let's get the actual interception sorted out first...
Ewen McNeill
>You can find the full text of the UK's RIP bill here:
>http://www.hmso.gov.uk/acts/acts2000/20000023.htm
Thanks for these links, they'll be very handy.
>Having read the Herald and the Stuff stories, I have to ask: has anyone
>actually seen the draft bill yet? As far as I'm aware it isn't due to be
>released until sometime this week at the earliest. I spoke with Paul
>Swain when the RIP bill came out and told him what I knew of it at the
>time (admitedly not much) and he assured me the NZ govt wouldn't go down
>that track - all he was after was legislation that would put email on a
>par with phone calls when it came to signing interception warrants...
Having seen the Stuff story (but not the Herald one) that was my
impression: that the bill to be introduced soon is basically aimed at
interception warrents for email to put them on par with interception
warrents for phone taps. Plus some stuff so that not just anyone can
"tap email". It doesn't, yet, seem to be at the level of "divulge the
key that encrypted this file we think is encrypted or go to gaol" which
was an interesting "feature" of the UK law.
Depending on how the bill is worded and how broad it is there is obviously
room for some concern there (for one issue that hasn't been raised yet:
network operators occassionally need to tap the network to diagnose
why some programs aren't talking to each other properly, which may
capture bits of email, etc -- this shouldn't be made illegal, although
obviously any information obtained that way should be discarded/forgotten
immediately).
But until the actual bill is available it's clear exactly what is being
proposed, and the discussion necessarily has a certain "FUD" feel to it.
For those that are interested, the details of the working group that I've
been asked to head up (as reported by Rick Shera) are being finalised at
present, and I'm hoping we'll have a mailing list set up for the working
group tomorrow.
Naturally coming up with a basic agreement on overall approach to
Internet surveillance quickly is going to be near the top of the list of
things to do, although the working group is intended to be broader than
that. (The WG terms of reference have been posted to the ISOCNZ members
list; if anyone wants me to I can post them here too.)
Ewen
ma...@tracs.co.nz
> Tax havens in the 80's, data havens for the new millenium, sounds like good
> fodder for another Wishart trilogy.
>
Cryptonomicon, anyone ;-)
Cheers
Mark
--
If it's the tourist season, why can't we shoot them?
Dean Pemberton
<b1ff>
That book r00lz =)
</b1ff>
> _______________________________________________________
> isocnz-l is an open mailing list created for the discussion of issues relevant to the Internet community in New Zealand. Views expressed are not necessarily the views of ISOCNZ. _____________________________________________
>
> go to http://listserver.actrix.co.nz/mailman/listinfo/isocnz-l
> for subscription/unsubscription information.
--
-----------------------------------------------------------------------
Dean Pemberton - d...@lucent.com Linux User# 157870
Guy who does stuff at Lucent Technologies - Bell Labs Innovations
Lvl 38, 55 Collins St, Melbourne 3000, Australia
Current Location - 144d58.110'E 37d49.547'S (Home)
-----------------------------------------------------------------------
ma...@tracs.co.nz
>
> <b1ff>
>
> That book r00lz =)
>
> </b1ff>
>
F**k**g A! it does!!!
(Even my wife who professes not to like math at all and is hardly a crypto-
geek is entranced by it)
Geoff McCaughan
> On Mon, Oct 30, 2000 at 10:34:24PM +1300, ma...@tracs.co.nz wrote:
>> On 30 Oct 2000, at 10:55, Brian Gibbons wrote:
>>
>> > Tax havens in the 80's, data havens for the new millenium, sounds like good
>> > fodder for another Wishart trilogy.
>> >
>> Cryptonomicon, anyone ;-)
> <b1ff>
> That book r00lz =)
> </b1ff>
<AOL>
Me too!
</AOL>
David Mohring
ma...@tracs.co.nz <ma...@tracs.co.nz> wrote:
>On 30 Oct 2000, at 10:55, Brian Gibbons wrote:
>
>> Tax havens in the 80's, data havens for the new millenium,
>> sounds like good
>> fodder for another Wishart trilogy.
>>
>Cryptonomicon, anyone ;-)
>
Actually because of New Zealand's remoteness and relative political
stability, introducing legislation to allow companies inside NZ to
act as a commercial encrypted data havens, is one of the few things
the NZ government could do to guarantee success for NZ in the
knowledge economy.
David Mohring - Aotearoa Nuclear-free, but we charge for encryption
storage by the megabyte.
Dean Pemberton
>
> Actually because of New Zealand's remoteness and relative political
> stability,
Oh please!
NZ will do whatever the US or UK tells it to.
NZ is one of the last places you would want to set up a data haven.
Just ask the residents of Waihopai
Dean
--
-----------------------------------------------------------------------
Dean Pemberton - d...@lucent.com Linux User# 157870
Guy who does stuff at Lucent Technologies - Bell Labs Innovations
Lvl 38, 55 Collins St, Melbourne 3000, Australia
Current Location - 144d58.391'E 37d48.737'S (Work)
-----------------------------------------------------------------------
Andy Gardner
> ma...@tracs.co.nz <ma...@tracs.co.nz> wrote:
>>On 30 Oct 2000, at 10:55, Brian Gibbons wrote:
>>
>>> Tax havens in the 80's, data havens for the new millenium,
>>> sounds like good
>>> fodder for another Wishart trilogy.
>>>
>>Cryptonomicon, anyone ;-)
>>
>
>Actually because of New Zealand's remoteness and relative political
>stability, introducing legislation to allow companies inside NZ to
>act as a commercial encrypted data havens, is one of the few things
>the NZ government could do to guarantee success for NZ in the
>knowledge economy.
Nice in theory, but much like whenever any hint of a change in drug policy
occurs, the yanks start putting the pressure on.
Considering we're already data farming for them in Blenheim, and
considering we've had a succession of governments that don't get the net
(or telecommunications in general), and are all for increasing SIS powers,
I can't see it happening.
Unless something's changed in the year I've been away.
--
Andrew P. Gardner
barcelona.com stolen, stmoritz.com stays. What's uniform about the UDRP?
We could ask ICANN to send WIPO a clue, but do they have any to spare?
Get active: http://www.domain-owners.org http://www.tldlobby.com
Jenny Shearer
>
> NZ will do whatever the US or UK tells it to.
Not necessarily. NZ has shown an ability to make independent decisions
before. Why shouldn't we set up a data haven, with the best of motives? If
we did that, the whole surveillance pack of cards would be undermined.
Jenny.
Andy Gardner
>>
>> NZ will do whatever the US or UK tells it to.
>
>Not necessarily. NZ has shown an ability to make independent decisions
>before. Why shouldn't we set up a data haven, with the best of motives? If
>we did that, the whole surveillance pack of cards would be undermined.
A datahaven is only a datahaven if it is relatively safe from external threat.
I'll stick with havenco, thank you very much.
Does the term "lifetime licence" ring any bells?
Dean Pemberton
> > Oh please!
> >
> > NZ will do whatever the US or UK tells it to.
>
> Not necessarily. NZ has shown an ability to make independent decisions
> before.
Sorry - I do not agree.
Time and time again the NZ govt has acted to save face with the US and UK over
what would be best for it's citizens.
Is it in the best interest of NZ citizens that NZ entered into Echelon? Was it
in their best interests that NZ got involved in Wassenaar?
These things were done because it was in the best interest of the relationship
that NZ has with it's overseas allies.
If there were a datahaven set up in NZ it would last until the first time the
FBI/CIA/NSA/(insert 3 letter code here) wanted data out of it. The US would
ask the NZ government and then you would see the pack of cards fold.
> Why shouldn't we set up a data haven, with the best of motives?
Ah ha - sure. someone somewhere would say that it was being used to trafic
bomb making information or slanderous material and then it would get shut down.
Here is the acid test.
Set up a server in NZ.
Designate it to be the DataHaven.
Place on this server a mocked up photoshop style picture of some random top
politicians in compromising positions.
Advertise this site on Slashdot, Yahoo, etc.
If you manage to get over a million hits a day and the NZ government has still
not shut you down then congratulations, you now own the first NZ datahaven.
It's just not going to happen. The NZ government would have a stroke if there
was a server on it's soil that by definition it could not control the content
of. They would go septic.
David Mohring
>On Tue, Oct 31, 2000 at 04:14:33PM +1300, Jenny Shearer wrote:
>> > Oh please!
>> >
>> > NZ will do whatever the US or UK tells it to.
>>
>> Not necessarily. NZ has shown an ability to make independent decisions
>> before.
>
>
>Sorry - I do not agree.
>
>Time and time again the NZ govt has acted to save face with the US and UK over
>what would be best for it's citizens.
>
>Is it in the best interest of NZ citizens that NZ entered into Echelon?
During the cold war with soviet union, yes. Now that data gathered from it
has been used by US corporations for industrial espionage, no.
>Was it
>in their best interests that NZ got involved in Wassenaar?
>
The US has changed it tune over encryption, allowing 128bit SSL and PGP
to be exported. Frankly every country the US wanted to stop using
encrypted applications now has and uses them all the time.
>These things were done because it was in the best interest of the relationship
>that NZ has with it's overseas allies.
>
Then how do you explain how we have managed to stay Nuke-free?
>If there were a datahaven set up in NZ it would last until the first time the
>FBI/CIA/NSA/(insert 3 letter code here) wanted data out of it. The US would
>ask the NZ government and then you would see the pack of cards fold.
>
As long as there was a procribed proccess, with the accusing party providing
evidence *before* opening provide them with the contents of an individual
account, and not go on "fishing excursions", I sure most of the potiential
account holders would accept that.
>
>> Why shouldn't we set up a data haven, with the best of motives?
>
>Ah ha - sure. someone somewhere would say that it was being used to trafic
>bomb making information or slanderous material and then it would get shut down.
>
>
>Here is the acid test.
>Set up a server in NZ.
>Designate it to be the DataHaven.
>Place on this server a mocked up photoshop style picture of some random top
>politicians in compromising positions.
>Advertise this site on Slashdot, Yahoo, etc.
If your serving the information to the public then that is not a data haven,
a data haven acts as a secure store of *private* information.
>If you manage to get over a million hits a day and the NZ government has still
>not shut you down then congratulations, you now own the first NZ datahaven.
>
>It's just not going to happen. The NZ government would have a stroke if there
>was a server on it's soil that by definition it could not control the content
>of. They would go septic.
>
Not if the government could garner a large tax take from the account
holders for allowing the service ;)
>
>Dean
>
David Mohring - Want to play a game of solitaire?
Dean Pemberton
> >These things were done because it was in the best interest of the relationship
> >that NZ has with it's overseas allies.
> >
>
> Then how do you explain how we have managed to stay Nuke-free?
Great - I was wondering when someone was going to drag up the ONE example from
decades ago when the mouse stood up and roared.
And the answer is;
Because really no one cares any more. If the US actually cared about having
their ships visit NZ then there would be a reversal.
>
> >If there were a datahaven set up in NZ it would last until the first time the
> >FBI/CIA/NSA/(insert 3 letter code here) wanted data out of it. The US would
> >ask the NZ government and then you would see the pack of cards fold.
> >
>
> As long as there was a procribed proccess, with the accusing party providing
> evidence *before* opening provide them with the contents of an individual
> account, and not go on "fishing excursions", I sure most of the potiential
> account holders would accept that.
>
BZZZZZZT - Thats not a datahaven.
Thats just a website.
A datahaven is meant to be protected from legislation. Otherwise whats the point?
There are plenty of co-lo's who have an something like;
``We will not allow access to your data with out a search warrent'' etc.
This does not make them a datahaven.
A datahaven must be able to withstand any and all attempts from external
individuals (and governments) to gain access to the information through any means.
> >Here is the acid test.
> >Set up a server in NZ.
> >Designate it to be the DataHaven.
> >Place on this server a mocked up photoshop style picture of some random top
> >politicians in compromising positions.
> >Advertise this site on Slashdot, Yahoo, etc.
>
> If your serving the information to the public then that is not a data haven,
> a data haven acts as a secure store of *private* information.
Not at all.
To take the example from the Cryptonomicon (long live that book), one of uses
of the datahaven was to be a website to destribute information to aid people in
rising up against oppression.
No matter what your views on that subject are, that is a perfectly legitimate
use for a datahaven.
>
> >If you manage to get over a million hits a day and the NZ government has still
> >not shut you down then congratulations, you now own the first NZ datahaven.
> >
> >It's just not going to happen. The NZ government would have a stroke if there
> >was a server on it's soil that by definition it could not control the content
> >of. They would go septic.
> >
>
> Not if the government could garner a large tax take from the account
> holders for allowing the service ;)
>
Ah ha, whatever.
If that were the case then they would have de-criminalised dope years ago.
They stand to make huge ammounts of cash from the tax on that.
NZ has and always will be a minor power, who's policies are dictated to it by others.
Jenny Shearer
> As long as there was a procribed proccess, with the accusing party
providing
> evidence *before* opening provide them with the contents of an individual
> account, and not go on "fishing excursions", I sure most of the potiential
> account holders would accept that.
This is the tricky bit - while I agree with Dean that allowing any
"external" access would mean that it would not be a true data haven, I also
think that allowing access under applications by international human rights
outfits like the war crimes tribunal wouldn't find many people getting too
upset. I mean look at the way the Swiss banks behaved during and after WW2.
E-commerce should have ethics- its just that they're different from the
goals of national governments.
I think that what you don't want is the US effectively running the global
economy, and our economy also because they know everything about everything.
We should be allowed to mess up independently:-) We're actually not obliged
to grovel, like the Brits are.
On the home front, to suggest that an overwhelming ability to keep the
population under surveillance (the sort of thing these legislative changes
appear to be moving towards) won't be used by the Government to entrench its
own powers, is simply offering to give it power that a democratic government
shouldn't want to have, because of the risks.
Dean says:
>To take the example from the Cryptonomicon (long live that book), one of
uses
>of the datahaven was to be a website to destribute information to aid
people in
>rising up against oppression.
OK nice
Jenny
ma...@tracs.co.nz
> It's just not going to happen. The NZ government would have a stroke if there
> was a server on it's soil that by definition it could not control the content
> of. They would go septic.
<non-government hat>
While the NZ government probably asserts its rights to govern the activities
of its citizens, it doesn't generally look at content per se unless there are
reasons to believe that content contravenes the law (e.g. child pornography).
So "control the content" is probably a little over the top, Deano. ;-)
Having said that, I don't personally think a datahaven would be a goer here for
the other reasons you ascribe (international relationships, etc). Any nation
that sets up a haven (and one will and when they do, it won't matter where it
is) has to be economically independent enough not to give a rat's arse about
sanctions and other pressures, has to be prepared to become a pariah and
has to have the gumption to see it through. That's not a description of NZ,
regardless of who's sitting on the Treasury benches.
</non-government hat>
NB: All opinions expressed in this email are mine and not to be represented
as those of the NZ Government
Dean Pemberton
>
> <non-government hat>
> While the NZ government probably asserts its rights to govern the activities
> of its citizens, it doesn't generally look at content per se unless there are
> reasons to believe that content contravenes the law (e.g. child pornography).
> So "control the content" is probably a little over the top, Deano. ;-)
Oh no - Mark has pulled out the Child Pornography Trump Card(tm) !!!!
Thats it then, the idea must be evil. Forget I spoke.
I was going to use the CPTC three emails ago, but I found out that HavenCo
(www.havenco.com for those of you who don't know) don't allow it either.
This seemed like a resonable thing for them to do, so I just dropped it.
Back to your point though. =)
I have no doubt that The Government has better things to do than to surf the
internet looking for things that it might find contravenes the law. I also
have no doubt that a datahaven in NZ would survive for ages before the
Government turned its eye to it.
But once that eye WAS turned (for whatever reason be it child porn, or just
a leaked copy of the next government budget), BLAM, it's gone.
There would be a police raid that would make Tiananmen Square look like a
picnic tea party =)
>
> Having said that, I don't personally think a datahaven would be a goer here for
> the other reasons you ascribe (international relationships, etc). Any nation
> that sets up a haven (and one will and when they do, it won't matter where it
> is) has to be economically independent enough not to give a rat's arse about
> sanctions and other pressures, has to be prepared to become a pariah and
> has to have the gumption to see it through. That's not a description of NZ,
> regardless of who's sitting on the Treasury benches.
> </non-government hat>
www.havenco.com - It's all good.
Dean
--
-----------------------------------------------------------------------
Dean Pemberton - d...@lucent.com Linux User# 157870
Guy who does stuff at Lucent Technologies - Bell Labs Innovations
Lvl 38, 55 Collins St, Melbourne 3000, Australia
Andy Gardner
Andy Gardner
>"external" access would mean that it would not be a true data haven, I also
>think that allowing access under applications by international human rights
>outfits like the war crimes tribunal wouldn't find many people getting too
>upset. I mean look at the way the Swiss banks behaved during and after WW2.
>E-commerce should have ethics- its just that they're different from the
>goals of national governments.
>
>I think that what you don't want is the US effectively running the global
>economy, and our economy also because they know everything about everything.
Are you aware that the U.S. has made numbered Swiss bank accounts
ineffective, as new legislation "recommended" by them and enacted by the
Swiss during the recent investigation into WW2 event allows the USG to wade
into any account at any time and get ownership details?
Switzerland is no longer a banking privacy haven.
>On the home front, to suggest that an overwhelming ability to keep the
>population under surveillance (the sort of thing these legislative changes
>appear to be moving towards) won't be used by the Government to entrench its
>own powers, is simply offering to give it power that a democratic government
>shouldn't want to have, because of the risks.
Similar to recent draconian changes to the Transport Act, made in the name
of "road safety".
David Mohring
>On Tue, Oct 31, 2000 at 05:03:11AM +0000, David Mohring wrote:
>> >These things were done because it was in the best interest of the relationship
>> >that NZ has with it's overseas allies.
>> >
>>
>> Then how do you explain how we have managed to stay Nuke-free?
>
>Great - I was wondering when someone was going to drag up the ONE example from
>decades ago when the mouse stood up and roared.
>
>And the answer is;
>
>Because really no one cares any more. If the US actually cared about having
>their ships visit NZ then there would be a reversal.
>
The national party, under very heavy pressure from the US govt, tried to
reverse it three times during their nine years in power - too many of their
own members ( and during the last 3 years winston's mob ) threatend to cross
the floor to vote against any change. We are still roaring.
>
>>
>> >If there were a datahaven set up in NZ it would last until the first time the
>> >FBI/CIA/NSA/(insert 3 letter code here) wanted data out of it. The US would
>> >ask the NZ government and then you would see the pack of cards fold.
>> >
>>
>> As long as there was a procribed proccess, with the accusing party providing
>> evidence *before* opening provide them with the contents of an individual
>> account, and not go on "fishing excursions", I sure most of the potiential
>> account holders would accept that.
>>
>
>BZZZZZZT - Thats not a datahaven.
>Thats just a website.
>
>A datahaven is meant to be protected from legislation. Otherwise whats the point?
>
>There are plenty of co-lo's who have an something like;
>``We will not allow access to your data with out a search warrent'' etc.
>
>This does not make them a datahaven.
>
I'm talking more than a search warrent, the accusing party must
provide *evidence* *before* an account is opened and examined.
>A datahaven must be able to withstand any and all attempts from external
>individuals (and governments) to gain access to the information through any means.
>
Not very realistic, even the Swiss and Belgan banking systems now
offer some legal paths that foreign govenments can use to gain details
of account.
There has been one attempted take over of sealand ( see
http://www.havenco.com/ ).
If a foreign power believed senitive data which directly represented
a threat existed on that platform, do you think they could defend it
against even veiled threats? Or would they silently acquiesce?
>> >Here is the acid test.
>> >Set up a server in NZ.
>> >Designate it to be the DataHaven.
>> >Place on this server a mocked up photoshop style picture of some random top
>> >politicians in compromising positions.
>> >Advertise this site on Slashdot, Yahoo, etc.
>>
>> If your serving the information to the public then that is not a data haven,
>> a data haven acts as a secure store of *private* information.
>
>Not at all.
>
>To take the example from the Cryptonomicon (long live that book), one of uses
>of the datahaven was to be a website to destribute information to aid people in
>rising up against oppression.
>
>No matter what your views on that subject are, that is a perfectly legitimate
>use for a datahaven.
>
Then use the datahaven just to store the archive and use a peer to peer
mechanism to distribute it, See http://sourceforge.net/projects/freenet
>
>
>>
>> >If you manage to get over a million hits a day and the NZ government has still
>> >not shut you down then congratulations, you now own the first NZ datahaven.
>> >
>> >It's just not going to happen. The NZ government would have a stroke if there
>> >was a server on it's soil that by definition it could not control the content
>> >of. They would go septic.
>> >
>>
>> Not if the government could garner a large tax take from the account
>> holders for allowing the service ;)
>>
>
>Ah ha, whatever.
>
>If that were the case then they would have de-criminalised dope years ago.
>They stand to make huge ammounts of cash from the tax on that.
>
Isn't that what is happening now in Australia NSW, they have de-criminalised
dope, and are collecting quite a lot from the instant fines.
>NZ has and always will be a minor power, who's policies are dictated to it by others.
>
A mighty oak looked down and laughed a reed bending in the gentle breeze.
The following day a great storm blew in knocking the oak down to the ground
next to the still standing reed.
David Mohring - OOmmmmm OOmmmm on the range ...
Dean Pemberton
>
> The national party, under very heavy pressure from the US govt, tried to
> reverse it three times during their nine years in power - too many of their
> own members ( and during the last 3 years winston's mob ) threatend to cross
> the floor to vote against any change. We are still roaring.
>
Oh lookie me - there it is.
The US government asks and the national party tries to change it.
Thats the point that I'm making, right there. It matters not if the change
took place. Just that the US asked and we oblidged.
In that case the change required an act of parliament, so there was some
safeguard. There are no safeguards when it comes to spying.
> >
> >This does not make them a datahaven.
> >
>
> I'm talking more than a search warrent, the accusing party must
> provide *evidence* *before* an account is opened and examined.
Sorry - the very words ``opened'' and ``examined'' means that it's not a true
data haven.
>
> Not very realistic, even the Swiss and Belgan banking systems now
> offer some legal paths that foreign govenments can use to gain details
> of account.
Yep and they have fallen out of favour with people who would once have used
them as money havens.
>
> There has been one attempted take over of sealand ( see
> http://www.havenco.com/ ).
> If a foreign power believed senitive data which directly represented
> a threat existed on that platform, do you think they could defend it
> against even veiled threats? Or would they silently acquiesce?
>
only time would tell. Although I do have two thoughts on that matter.
1) Physical Security and encryption should make seeing the data all but
impossible. The only threat would be from taking the haven off the air.
2) A full on Navy Seal attack on HavenCo would not be the sort of publicity
that any super power wanted.
But again - only time will tell
>
> Then use the datahaven just to store the archive and use a peer to peer
> mechanism to distribute it, See http://sourceforge.net/projects/freenet
>
Actually I like http://www.freehaven.net/ a lot better.
Freenet is just a jazzed up napster.
>
> Isn't that what is happening now in Australia NSW, they have de-criminalised
> dope, and are collecting quite a lot from the instant fines.
Who knows - I live in Victoria.
>
> >NZ has and always will be a minor power, who's policies are dictated to it by others.
> >
>
> A mighty oak looked down and laughed a reed bending in the gentle breeze.
> The following day a great storm blew in knocking the oak down to the ground
> next to the still standing reed.
>
Sticks and stones may break my bones, but names can never hurt me.
Dean - sorry that's the only prose I know =)
--
-----------------------------------------------------------------------
Dean Pemberton - d...@lucent.com Linux User# 157870
Guy who does stuff at Lucent Technologies - Bell Labs Innovations
Lvl 38, 55 Collins St, Melbourne 3000, Australia
David Mohring
On Tue, 31 Oct 2000 22:35:34 +1100, Dean Pemberton <d...@lucent.com> wrote:
>On Tue, Oct 31, 2000 at 11:12:38AM +0000, David Mohring wrote:
>>
>> The national party, under very heavy pressure from the US govt, tried to
>> reverse it three times during their nine years in power - too many of their
>> own members ( and during the last 3 years winston's mob ) threatend to cross
>> the floor to vote against any change. We are still roaring.
>>
>
>Oh lookie me - there it is.
>
>The US government asks and the national party tries to change it.
>
>Thats the point that I'm making, right there. It matters not if the change
>took place. Just that the US asked and we oblidged.
>
But we didn't oblige, we had enough of the marginal constituent MP's by
the balls to prevent it. Democracy in action!
>
>In that case the change required an act of parliament, so there was some
>safeguard. There are no safeguards when it comes to spying.
>
>
True, however the NZ Green party, who the current administration relies
upon to pass legislation, are now becoming somewhat concerned over the
bill, as it is movements such as theirs that the NZ SIS are targeting.
>> >
>> >This does not make them a datahaven.
>> >
>>
>> I'm talking more than a search warrent, the accusing party must
>> provide *evidence* *before* an account is opened and examined.
>
>
>Sorry - the very words ``opened'' and ``examined'' means that it's not a true
>data haven.
>
But your not going to get a "true" data haven, If your after that level
of protection, house a fileserver in a small concrete bunker with an
entry triggered bomb, and access it only via a diskless/memory only client
( but do try and get planning permission from the local council first ).
>>
>> Not very realistic, even the Swiss and Belgan banking systems now
>> offer some legal paths that foreign govenments can use to gain details
>> of account.
>
>Yep and they have fallen out of favour with people who would once have used
>them as money havens.
>
So what true money havens are left?
>>
>> There has been one attempted take over of sealand ( see
>> http://www.havenco.com/ ).
>> If a foreign power believed senitive data which directly represented
>> a threat existed on that platform, do you think they could defend it
>> against even veiled threats? Or would they silently acquiesce?
>>
>
>only time would tell. Although I do have two thoughts on that matter.
>
>1) Physical Security and encryption should make seeing the data all but
>impossible. The only threat would be from taking the haven off the air.
>
From the webpage, they rely on co-location on foreign soil, what happens
to the data on the cache once if the hosting machine is impounded?
>2) A full on Navy Seal attack on HavenCo would not be the sort of publicity
>that any super power wanted.
>
One long range torpedo from a well hidden submarine, and a few divers to pick
up the pieces from the sea floor. Who did it? Probably the storm used for
cover.
As for encryption, that was the main point of the Cryptonomicon, to discover
an encryption algorithm that could not be broken by the NSA ( and others )
supercomputers. Sadly this may not be the case for most current algorithms.
>But again - only time will tell
>
>>
>> Then use the datahaven just to store the archive and use a peer to peer
>> mechanism to distribute it, See http://sourceforge.net/projects/freenet
>>
>
>Actually I like http://www.freehaven.net/ a lot better.
>
>Freenet is just a jazzed up napster.
>
Roger Dingledine's papers are interesting, but it still would rely on
caching anonymizing servers, easily impounded by the hosting country or
blocked at the network backbone ( as China is doing ).
With a true peer to peer system it is possible to create a true cell
structure, down to even using sneakernet.
>>
>> Isn't that what is happening now in Australia NSW, they have de-criminalised
>> dope, and are collecting quite a lot from the instant fines.
>
>Who knows - I live in Victoria.
>
>>
>> >NZ has and always will be a minor power, who's policies are dictated to it by others.
>> >
>>
>> A mighty oak looked down and laughed a reed bending in the gentle breeze.
>> The following day a great storm blew in knocking the oak down to the ground
>> next to the still standing reed.
>>
>
>Sticks and stones may break my bones, but names can never hurt me.
>
>Dean - sorry that's the only prose I know =)
>
I never get past saying "Sticks and stones may break my bones", at which
point they all pull out baseball bats and say "Allright then".
David Mohring - Run!
Geoff McCaughan
> While the NZ government probably asserts its rights to govern the activities
> of its citizens, it doesn't generally look at content per se unless there are
> reasons to believe that content contravenes the law (e.g. child pornography).
> So "control the content" is probably a little over the top, Deano. ;-)
Uh, you have heard of 'Echelon' haven't you?
What's that if it's not content monitoring?
DPF
>>Because really no one cares any more. If the US actually cared about having
>>their ships visit NZ then there would be a reversal.
They do care but they realise a policy supported by 80% of NZers is
not going to change.
>The national party, under very heavy pressure from the US govt, tried to
>reverse it three times during their nine years in power - too many of their
>own members ( and during the last 3 years winston's mob ) threatend to cross
>the floor to vote against any change. We are still roaring.
Umm - that is stretching things. Certainly in 1990 - 93 there was
some unhappiness at National's policy to retain the ban and some MPs
were keen to reverse the bans on nuclear powered (rather than armed)
ships and an inquiry into their safety was launched. The inquiry
concluded that they were sa safe as houses yet despite this it was
clear there was no public mood for change - esp as it would be a major
broken promise on top of the superannuation one.
Since 1993 or so there has been no effort at all to reverse the ban so
I do not know where this figure of three attempts comes from and I am
100% certain that during the coalition with NZ First it was not even
considered for half a second.
DPF
(apologies somewhat off topic but wishing to correct things)
________________________________________________________________________
<david at farrar dot com>
NZ Usenet FAQs - http://www.dpf.ac.nz/usenet/nz
ICQ 29964527
Dean Pemberton
>
> But we didn't oblige, we had enough of the marginal constituent MP's by
> the balls to prevent it. Democracy in action!
>
I think dpf's post might trump us on this.
> >
> >Sorry - the very words ``opened'' and ``examined'' means that it's not a true
> >data haven.
> >
>
> But your not going to get a "true" data haven, If your after that level
> of protection, house a fileserver in a small concrete bunker with an
> entry triggered bomb, and access it only via a diskless/memory only client
> ( but do try and get planning permission from the local council first ).
>
=)
``I'm sorry sir but we are unable to find a checkbox for `Thermonuculer device'
under the burgler alarm section''
> >>
> >> Not very realistic, even the Swiss and Belgan banking systems now
> >> offer some legal paths that foreign govenments can use to gain details
> >> of account.
> >
> >Yep and they have fallen out of favour with people who would once have used
> >them as money havens.
> >
>
> So what true money havens are left?
I have no idea, but I have no doubt that the people who need them know where
they are.
>
> >2) A full on Navy Seal attack on HavenCo would not be the sort of publicity
> >that any super power wanted.
> >
>
> One long range torpedo from a well hidden submarine, and a few divers to pick
> up the pieces from the sea floor. Who did it? Probably the storm used for
> cover.
Granted - If someone wants to turn the island into Atlantas then the datahaven
is at risk. Risk management tells me that this is acceptable.
>
> As for encryption, that was the main point of the Cryptonomicon, to discover
> an encryption algorithm that could not be broken by the NSA ( and others )
> supercomputers. Sadly this may not be the case for most current algorithms.
>
Sure it is (depending on your paranoia level).
> >Actually I like http://www.freehaven.net/ a lot better.
> >
> >Freenet is just a jazzed up napster.
> >
>
> Roger Dingledine's papers are interesting, but it still would rely on
> caching anonymizing servers, easily impounded by the hosting country or
> blocked at the network backbone ( as China is doing ).
Thats the whole point of the research. With the splitting up of the
information into shares it does not matter how many servers the governments
impound. Unless they can shut down the majority of them (which would be like
shutting down every client using napster) the data lives on.
>
> I never get past saying "Sticks and stones may break my bones", at which
> point they all pull out baseball bats and say "Allright then".
>
=)
Dean
Jenny Shearer
>blocked at the network backbone ( as China is doing ).
Dean Pemberton
I was going to let this drop in the interest of keeping on topic.
But having actually been to China and having actually worked on their network
backbone, I am interested in what they are now up to.
I know they were NAT'ing the whole country for a while =)
Paul Brislen
Have a look at this site if you haven't already:
http://devrandom.net/~dilinger/
and at slashdot.org
(Usual disclaimers - salt by the bucketload.. This IS the internet after all)
Slashdot has a discussion going about it - this guy (alleged administrator type)
had a look at www.yankees.com after it was hacked, sussed out how it worked,
mentioned it on an IRC session and had the FBI come knocking on his door next
morning. Gaining a warrant to search/confiscate hardware and software seems to be
ridiculously easy in the US... and given the low level of understanding of IT
within our own police force/judicial system, what are the odds our plods will do
better? Anyone?
David Mohring
>On Wed, Nov 01, 2000 at 09:36:23AM +1300, Jenny Shearer wrote:
>> David Mohring says:
>>
>> >or
>> >blocked at the network backbone ( as China is doing ).
>>
>> Can you elaborate on this/give the source?
>
>
>I was going to let this drop in the interest of keeping on topic.
>
>But having actually been to China and having actually worked on their network
>backbone, I am interested in what they are now up to.
>
>I know they were NAT'ing the whole country for a while =)
>
>
Which begs the question Dean, which company supplies the equipment that
is doing the NAT'ing?
David Mohring - "I was only following orders"
David Mohring
<paul_b...@idg.co.nz> wrote:
>FYI - this trail on Slashdot...
>
>Have a look at this site if you haven't already:
>
>http://devrandom.net/~dilinger/
>
For long term effects see http://www.sjgames.com/SS/
David Mohring - "Nothing to see here, move along..."
Dean Pemberton
>
> Which begs the question Dean, which company supplies the equipment that
> is doing the NAT'ing?
=)
Not one with a lucent symbol on the front.
David Mohring
>On Tue, Oct 31, 2000 at 02:37:01PM +0000, David Mohring wrote:
>>
>> As for encryption, that was the main point of the Cryptonomicon, to discover
>> an encryption algorithm that could not be broken by the NSA ( and others )
>> supercomputers. Sadly this may not be the case for most current algorithms.
>>
>
>Sure it is (depending on your paranoia level).
>
In most cases this would be true, even though both of us, just in this
one thread, have just triggered about every Echelon/NSA code
word/phrase in existance - from spooks, snooping, privacy and surveillance,
Echelon, encryption algorithm, supercomputers, concrete bunker,
entry triggered bomb, Roger Dingledine, Navy Seal, attack, super power,
torpedo, submarine, divers, China to now `Thermonuculer device' -
one of use would have to do something pretty damm stupid to piss them off
enough to switch us from the "attention" to the "hit" list.
David Mohring - Say, how may NSA Cryptographers does it take to
screw in a light bulb?
Dean Pemberton
=)
> _______________________________________________________
> isocnz-l is an open mailing list created for the discussion of issues relevant to the Internet community in New Zealand. Views expressed are not necessarily the views of ISOCNZ. _____________________________________________
>
> go to http://listserver.actrix.co.nz/mailman/listinfo/isocnz-l
> for subscription/unsubscription information.
--
-----------------------------------------------------------------------
Dean Pemberton - d...@lucent.com Linux User# 157870
Guy who does stuff at Lucent Technologies - Bell Labs Innovations
Lvl 38, 55 Collins St, Melbourne 3000, Australia
ma...@tracs.co.nz
> ma...@tracs.co.nz wrote:
>
> Uh, you have heard of 'Echelon' haven't you?
>
I can neither confirm nor deny that ;-)
> What's that if it's not content monitoring?
>
Monitoring is not the same as control.
I monitor the street before I cross it. I don't control the traffic.
Ewen McNeill
>On 31 Oct 2000, at 16:41, Geoff McCaughan wrote:
>> What's that if it's not content monitoring?
>
>Monitoring is not the same as control.
>I monitor the street before I cross it. I don't control the traffic.
This does depend on who is doing the monitoring.
If a police office monitors the street before crossing it (in such a
way that they can be seen to be doing so, or are known to be doing so),
it is likely to have an effect on the traffic.
This is the "chilling effect" argument, which IMHO has a reasonable
amount of validity in a lot of contexts.
Ewen
Geoff McCaughan
> On 31 Oct 2000, at 16:41, Geoff McCaughan wrote:
>> ma...@tracs.co.nz wrote:
>> Uh, you have heard of 'Echelon' haven't you?
> I can neither confirm nor deny that ;-)
>> What's that if it's not content monitoring?
>>
> Monitoring is not the same as control.
> I monitor the street before I cross it. I don't control the traffic.
And what makes you think they're not controlling it?
For all you know they could be axpp... @#*%.!~ NO CARRIER