My wife is a middle school teacher so I do have something of a window into the hows and whys of the administrator thought process. School administrators, since they are dealing with actual children, believe they need to stay "on message". The world of rules has to be black and white. If you compromise, how are the kids going to react when they see that? If they do compromise, for whatever reason, then the incident must keep kept as hidden as possible. I think it would make more sense if they taught that the world is rarely black and white, that enforcing rules, and justice in general, is about compromises. However, that takes courage and zero-tolerance is much safer for the administrator. Courage is indeed what it takes in the face of all those potentially irate parents and a school board with the power to end your employment. In this context, perception is indeed reality. Kids do crazy things, embarrassing things, and sometimes even dangerous things all the time so administrators, in fear of their job, are constantly motivated to use the traditional standbys as well as come up with creative new ways to keep them in check. School administrators are supposed to have training as administrators beforehand yet many of them seem to believe their role as administrators is still "In Loco Parentis" without restriction. This is still true despite the decades of court precedents that recognize the constitutional rights of children place restrictions on the power of school administrators. The upshot of all this is that zero-tolerance policies do not make schools or children safer, they make administrators jobs safer.
The ethics of using an ID system that is not completely accurate depends entirely on how it is used. Yeah, 20% for false positives is a maximum and real world usage will likely show better results. If you think the FBI is incapable of intentionally abusing an ID system or making gross mistakes then look at the case of Brandon Mayfield. On the basis of fingerprint identification, and the fact he converted to Islam in the late 1980's, he was arrested in 2004 and held for over two weeks as a material witness. The FBI first claimed his fingerprints were a 100% match with those found on a bag from the Madrid train bombing. It turned out from the information discovered during the lawsuit brought by Mayfield that there were 20 individuals in the US whose fingerprints were SIMILAR to the one found in Spain. The FBI investigate all of them. Because of Mayfield's Islamic beliefs he became the prime suspect despite not having left the US in over 10 years. Furthermore, before his arrest, Spanish authorities said his fingerprints were not a match. The FBI disregarded all this and arrested him anyway.
It doesn't worry me that the FBI is looking to adopt facial recognition and I probably agree with you that this article complains about its accuracy without knowing how it will be used. I am worried about how they will use it. Do not fool yourself into thinking the FBI will not use facial recognition to arrest someone. It may not be the only factor in the arrest but, as with fingerprints, law enforcement tends to be eagerly biased in favor of its usage and tends to disregard what science says about the level of doubt.
There are a lot of inconsistencies in what is known publicly, so far, about the two supposed hits. My suspicion is Ulbricht was acting out a charade in setting these up and had no intention of getting anyone killed. Remember, no one was actually killed. A scenario supposing a charade makes perhaps more sense than actual intended killings. I am not willing to bet on my suspicion just yet but killing people seems contradictory to Ulbricht's stated philosophy.
Law Enforcement would like to convince everyone that because they have the servers all the buyers and dealers can be found and arrested. Remember that a seller can retain anonymity from those running silk road, from buyers, and from other sellers. The weak link is in buying and receiving a package. Look at the arrests and see how defendants are found. An undercover seller can lure buyers from their honeypot. The compromised buyer can be made to purchase from another seller. With enough purchases, the seller can be tracked down. The automated post office can and does track packages and standard 1st class mail. The target address could be put on a hot list. I don't think there will be too many arrests as the window for setting up such busts has closed.
I wonder if Sadler is the FriendlyChemist. Bellevue is fairly close to White Rock, BC.
Re: Re: (Source: more anti-spam experience than anyone else.)?
When you claim more experience without providing your resume and without knowing the experience of others on this site, it definitely comes across as arrogance. I have more than 30 years experience in network protocols, yet I would never say I know more (on any subject) than everyone else who comments on this site. I would even hesitate to say I know more than anyone in particular. I suggest you just argue your case. Can you cite any studies?
I would argue that scanning the contents of an email message can only help in categorizing spam versus non-spam. Just one example is using the text/image ratio which is something the metadata doesn't provide. The text/image ration will not ever, by itself, be a determining factor, but it is additional circumstantial evidence.
You mentioned the hop count in your original message but there is no hop count in SMTP. Are you referring to the "hop count" in the IP header (actually the "time to live" field)? Maybe you mean the number of "mail transfer agents" as each one adds a line to the header. But looping is already handled by the IP protocol and it is routers looking at the loop count who decide when a discard is necessary to control looping. So, what do you mean?
Your analogy is good insofar as it relates to scanning for which the results are under your control. This works for indexing, spam and anti-virus filtering and such. The distinction between whether the user has control of a scans stored results is one the ECPA doesn't take into account and should. When email is scanned for the purposes of targeted advertising you do not have control over the results. Also, it is third parties, the advertisers paying Google for this keyword information and ad placement, who are ultimately using it.
The owner of an account should consent to scans before they are allowed. Whether or not the scanning is optional is not the main point. What is most important is the scanning should be explained to the user so that consent is informed. An important part of the suit is whether Google has properly informed users. They have not informed users in a clear way. This is particularly important if any results of a scan are stored in a way that is outside of user control. A further distinction should be made between statistical scans (e.g. for disease symptoms) for which the results do not identify any particular user and scans for which stored traces are tied to a user (e.g. targeted advertising, copyright infringement, objectionable content).
2)and 5) I agree that an SR vendor selling to another SR vendor was risky. I think that this was obvious to DPR who made an effort to detect law enforcement activity on the site. Vendors that showed an interest in selling large amounts for resale should have been under suspicion. I can't imagine that DPR would knowingly let admins both buy and sell on the site. The following could be an explanation. DPR suspected "the employee" of being dishonest. DPR set him up by directing him to be a direct middleman in the 1KG cocaine buy from the suspect vendor (UC). Employee gets busted and DPR performs a charade where he directs him to be tortured and killed by UC as a way of ferreting out whether UC is really undercover. What dangerous information could the employee have access to since TOR allowed anonymity of both vendors and buyers? Remember it is only a single vendor that gets some real address from a buyer. Also, the employee is in a Maryland jurisdiction (thus the indictment from a Maryland Grand Jury for this murder for hire) and did not access to the server for the website which is in some foreign country. Doesn't it seem odd that all of a sudden DPR is asking a vendor to perform a murder? Isn't it also stretching credibility to expect just pictures to be proof of a murder. Cmon, anyone who has ever seen a movie know that is easily faked. DPR's mistake in acting out this charade was that now he has been indicted for a murder for hire even when no murder ever took place.
"No in the Masnick world, prior restraint and ex parte domain name seizures are only a free speech issue if it impacts upon the infringement of copyrighted works."
In the case discussed in this article there was no domain name seizure. SilkRoad was a TOR hidden service and DNS is not used to access them. It makes no sense to say the domain name was seized. What was seized were the servers that implemented that hidden service.
Doesn't destroy jobs huh, tell that to those poor little boys now out of work because chimneys are cleaned differently these days. Cmon, think of the children!
The Courthouse News Service article about this which is linked to in this article has an image which is the cover to one of the paperback versions of Philip K. Dick's novel "Eye in the Sky". If Isa Dick Hackett were aware of this she would probably complain on behalf of the PK Dick estate or does copyright belong to the artist who created the image? I do believe Courthouse news should at least give attribution for that image.
I don't think you understand what the DOJ is doing in general and more specifically with the CFAA. The federal court system has moved away from using intent as a critical element of a crime. Weev was charged with conspiracy to commit unauthorized access as well as fraud. The unauthorized access charge does not require them to show intent one way or another,just that the access was unauthorized. Thus, the technical explanation of how the access occurred is the core of the argument. The fraud charge does require intent and this is why the DOJ uses pained logic to show that Weev benefited from disclosing the vulnerability. The trouble is that that logic can apply to any, I repeat, any security researcher who discloses a vulnerability. It doesn't matter if the disclosure is full disclosure or responsible disclosure the researcher can be convicted of a crime because at some point they had to confirm the vulnerability by using it.
The crux of responsible disclosure is that the company responsible for the faulty software or hardware is notified of the security vulnerability and given a reasonable amount of time to fix it before the vulnerability is made public. This actually happened in this case. Neither Weev nor Spitler directly notified ATT. However, they did wait until the vulnerability was fixed before Weev gave Ryan Tate of Gawker the list of email/ICC-ID pairings. Weev sent emails to various members of mainstream media whose email addresses were included in their acquired list. For each media person he included only their own email/ICC-ID in the email he sent. He also invited them to interview him about the ATT security breach. In this way he was indirectly notifying ATT of the breach as well as attempting to garner more publicity. Weev and Spitler waited until they could no longer repeat the retrieval of email addresses with their slurper program before contacting Ryan Tate. This meant that ATT had closed the security vulnerability.
The ATT/Apple assignment of ICC-IDs are not sequential. There is a number space of 100 billion to 100 trillion within the overall 20 digit ICC-ID set that is assigned to Apple. At that time there were (I think) roughly 200,000 ICC-IDs assigned in this block. They are assigned somewhat randomly from chosen sub-blocks.
Owners of an iPad 3G must provide an email address, billing address, and a password to complete registration and activate AT&T’s 3G service. When users log-in to the AT&T website for 3G subscribers they must provide that email address and password. AT&T made this process easier by automatically pre-populating the email address on the log-in page. A twenty digit ICC-ID (Integrated Circuit Card Identification) number uniquely identifies the SIM (Subscriber Identity Module) card of any device with cellular network connectivity. The iPad browser’s HTTP request for the log-in page, contained the iPad’s ICC-ID in plain text within the URL. The browser’s “user agent” (a portion of the HTTP header) is one specific to an iPad. When the ATT server received such a request from an apparent iPad it would return the log-in page with the correct email address already supplied as long as the ICC-ID was one that matched a registered user. This feature, that made logging easier, also made it insecure. Note, that the email address is supplied before any authentication is done using a password.
How does one collect email addresses from multiple ICC-IDs? One way is to, sequentially, go through all the potential ICC-IDs and collect the emails received from the relatively few requests that were successful. Of the twenty digits the first two represent the Major Industry Identifier (MII, 89 for telecommunications). The next two are a country code (CC, 01 for the US). The next 1-4 digits are for the issuer, which is Apple in this case. These are not published but every iPad reveals one of them. This leaves 11-14 digits for the account number. The final digit is a check digit for error detection. So, one has to go through, roughly, 100 billion to 100 trillion ICC-IDs to find all the valid ones for Apple iPads. That is a pretty large number. Daniel Spitler wrote a simple PHP script that was colorfully named "the iPad3G Account Slurper", to automate the procedure. The set of valid ICC-IDs are not sequential. After some initial success they were having a problem finding valid ones. They guessed that the iPad 3G used ICC-IDs from different blocks of numbers. The ICC-ID is printed on the SIM, so they guessed these blocks based on Daniel Spitler’s iPad, those of acquaintances, and from public pictures of the iPad 3G shown on Flickr and other photo websites.
An app could have been written for the iPad. Since it would be unlikely such an app would be approved by Apple this would have to done with a jailbroken iPad. Such an app would still need to “spoof” the “user agent” of the browser for the iPad. Another option is to write a script for use on a computer that is not an iPad and, again, utilize a spoofed “user agent”. Whichever approach was taken, the result was that, altogether, approximately 120,000 email address/ICC-ID pairs were collected over a period of several days from June 3, 2010 up to June 8, 2010.
Note that Spitler identified the sub-blocks that Apple used by finding ICC-IDs from pictures of Ipads on Flickr. If the ICC-ID were a password why would people post this number publicly on their Flickr account? Also, the painfully obvious flaw in the DOJ's argument about ICC-IDs being passwords is that a real password was required right after ATT so helpfully filled in the email address in response to a valid ICC-ID.
The critical point that distinguishes access of a computer from unauthorized access is the authorization step. The DOJ is bending over backwards to try to show what they did was unauthorized and so now pretend that an ICC-ID is a password. This ignores the fact that accessing your ATT account for an Ipad 3G requires a real password. ATT automatically filled in the email address whenever a server request was sent to get the page that asked for the password. A violation of the CFAA requires unauthorized access. How can the DOJ claim the the ICC-ID is a password when the very next step in the process of accessing an ATT account requires a real password. Spitler and Weev never accessed anyone's account.
"The Metropolitan Transportation Commission/511 operates a data collection system based on FasTrak toll tags to provide better information about the transportation network to Bay Area travelers, transportation managers, and transportation planners through its 511 Driving TimesSM service. To ensure that FasTrak users remain anonymous, encryption software is used to scramble each FasTrak toll tag ID number before any other processing happens. In addition, the encrypted toll tag ID numbers are retained for no longer than 24 hours and are then discarded. If you do not want your toll tag read for these purposes, place the toll tag in the special Mylar bag provided to you when you are not using it for payment of tolls at a toll plaza. The Mylar bags can be requested from the Customer Service Center. If you would like additional information about 511 Driving TimesSM and how toll tag data is protected, please visit www.511.org/copyright_items/privacy.asp."
The reason for the Faraday bag is because FastTrak also has reading stations used only for traffic monitoring. They do tell you about this but I am having trouble locating where that is on their website.
They also allow you to use the system anonymously, though they don't make it all that convenient.
"In order to open an anonymous FasTrak account, you must visit the FasTrak Customer Service Center in person. You can open your account with cash, money order, or cashier's check. A Representative will be able to open your account without requiring customer name, address or vehicle information. (If you try to open an account online, your name, address and vehicle information will be required.)"
"All account management for anonymous accounts must be conducted in person at the FasTrak Customer Service Center, including checking your account balance, ordering additional toll tags or closing your account."
I am wondering if the henchman at the NSA don't have a delicious sense of irony and humor. There are two parts to the NSA; the "sigint-codebreaking" side and the "securing the nation's infrastructure" side. The program named after a civil war battle, bullrun, puts those two sides in direct conflict.
One aspect of Schneier's article that Mike didn't mention (yet) is that the revelation of the NSA's surveillance will motivate a push away from US control and Internet governance will end up bending to nations that would use censorship to stifle dissent and to special interests who want to protect their business model (i.e. copyright). Unfortunately, all the problems being discussed on Techdirt may get worse as an indirect result of the NSA's actions.
The Internet security protocols are already open. That is to say the algorithms are public. The NSA may have some influence in crafting them and that's OK when they wearing their "secure network and computer infrastructure" hat. Their codebreaking hat means they cannot be trusted to have the final word on anything. However, NIST, under the influence of the NSA, did a good job in adopting the Rijndael algorithm for AES. The dark hat NSA may have the goal of subverting algorithm designs but AES and the 2007 discovery of an injected weakness in a 2006 protocol shows they can be kept honest here.
I agree with Schneier that not only the protocol stack for the Internet should be an open implementation, but whatever OS as well. That means that Microsoft and Apple will have to change or be supplanted by variations of Unix. There is one thing that Schneier did not address and that is probably because he was writing to a general audience. The tools used to build a protocol stack, or OS, or hardware logic also need to be open. If you use a subverted C compiler to compile your own instance of Linux, the software still cannot be trusted.
I wrote a comment (anonymously, I didn't realize I wasn't logged in) to an earlier post on Techdirt today mentioning Ken Thompson's seminal paper on computer security; "Reflecting on Trusting Trust". If you haven't read this and are distrustful of the NSA, then read it now.
On the post: School Suspends Student Indefinitely For A Drawing Of A Cartoon Bomb He Made At Home
administrative thought process
School administrators, since they are dealing with actual children, believe they need to stay "on message". The world of rules has to be black and white. If you compromise, how are the kids going to react when they see that? If they do compromise, for whatever reason, then the incident must keep kept as hidden as possible. I think it would make more sense if they taught that the world is rarely black and white, that enforcing rules, and justice in general, is about compromises. However, that takes courage and zero-tolerance is much safer for the administrator.
Courage is indeed what it takes in the face of all those potentially irate parents and a school board with the power to end your employment. In this context, perception is indeed reality.
Kids do crazy things, embarrassing things, and sometimes even dangerous things all the time so administrators, in fear of their job, are constantly motivated to use the traditional standbys as well as come up with creative new ways to keep them in check.
School administrators are supposed to have training as administrators beforehand yet many of them seem to believe their role as administrators is still "In Loco Parentis" without restriction. This is still true despite the decades of court precedents that recognize the constitutional rights of children place restrictions on the power of school administrators.
The upshot of all this is that zero-tolerance policies do not make schools or children safer, they make administrators jobs safer.
On the post: Facial Recognition Software That Returns Incorrect Results 20% Of The Time Is Good Enough For The FBI
Re: This is total BS ..
It doesn't worry me that the FBI is looking to adopt facial recognition and I probably agree with you that this article complains about its accuracy without knowing how it will be used. I am worried about how they will use it. Do not fool yourself into thinking the FBI will not use facial recognition to arrest someone. It may not be the only factor in the arrest but, as with fingerprints, law enforcement tends to be eagerly biased in favor of its usage and tends to disregard what science says about the level of doubt.
On the post: Silk Road Sellers Around The Globe Getting Arrested
Re: Re:
On the post: Silk Road Sellers Around The Globe Getting Arrested
I wonder if Sadler is the FriendlyChemist. Bellevue is fairly close to White Rock, BC.
On the post: How Is Consumer Watchdog 'Helping' When It's Trying To Destroy Services Consumers Find Useful
Re: Re: (Source: more anti-spam experience than anyone else.)?
I would argue that scanning the contents of an email message can only help in categorizing spam versus non-spam. Just one example is using the text/image ratio which is something the metadata doesn't provide. The text/image ration will not ever, by itself, be a determining factor, but it is additional circumstantial evidence.
You mentioned the hop count in your original message but there is no hop count in SMTP. Are you referring to the "hop count" in the IP header (actually the "time to live" field)? Maybe you mean the number of "mail transfer agents" as each one adds a line to the header. But looping is already handled by the IP protocol and it is routers looking at the loop count who decide when a discard is necessary to control looping. So, what do you mean?
On the post: How Is Consumer Watchdog 'Helping' When It's Trying To Destroy Services Consumers Find Useful
Re: Parallel with a secretary
The owner of an account should consent to scans before they are allowed. Whether or not the scanning is optional is not the main point. What is most important is the scanning should be explained to the user so that consent is informed. An important part of the suit is whether Google has properly informed users. They have not informed users in a clear way. This is particularly important if any results of a scan are stored in a way that is outside of user control. A further distinction should be made between statistical scans (e.g. for disease symptoms) for which the results do not identify any particular user and scans for which stored traces are tied to a user (e.g. targeted advertising, copyright infringement, objectionable content).
On the post: Second Silk Road Indictment Details Ulbright's Attempt To Have Former Silk Road Employee Killed
Re: Op Sec -- Subtle Failures
On the post: Second Silk Road Indictment Details Ulbright's Attempt To Have Former Silk Road Employee Killed
Re: Re:
In the case discussed in this article there was no domain name seizure. SilkRoad was a TOR hidden service and DNS is not used to access them. It makes no sense to say the domain name was seized. What was seized were the servers that implemented that hidden service.
On the post: Luddites Are Almost Always Wrong: Technology Rarely Destroys Jobs
On the post: EFF Lawsuit Uncovers Abuse Of Surveillance Drones; DHS Files Motion To Suppress Further Transparency
curious sidenote about copyright
On the post: The DOJ's Insane Argument Against Weev: He's A Felon Because He Broke The Rules We Made Up
Re: Re: Re: Ugh
On the post: The DOJ's Insane Argument Against Weev: He's A Felon Because He Broke The Rules We Made Up
responsible disclosure, contacting ATT
On the post: The DOJ's Insane Argument Against Weev: He's A Felon Because He Broke The Rules We Made Up
ICC-IDs
Owners of an iPad 3G must provide an email address, billing address, and a password to complete registration and activate AT&T’s 3G service. When users log-in to the AT&T website for 3G subscribers they must provide that email address and password. AT&T made this process easier by automatically pre-populating the email address on the log-in page. A twenty digit ICC-ID (Integrated Circuit Card Identification) number uniquely identifies the SIM (Subscriber Identity Module) card of any device with cellular network connectivity. The iPad browser’s HTTP request for the log-in page, contained the iPad’s ICC-ID in plain text within the URL. The browser’s “user agent” (a portion of the HTTP header) is one specific to an iPad. When the ATT server received such a request from an apparent iPad it would return the log-in page with the correct email address already supplied as long as the ICC-ID was one that matched a registered user. This feature, that made logging easier, also made it insecure. Note, that the email address is supplied before any authentication is done using a password.
How does one collect email addresses from multiple ICC-IDs? One way is to, sequentially, go through all the potential ICC-IDs and collect the emails received from the relatively few requests that were successful. Of the twenty digits the first two represent the Major Industry Identifier (MII, 89 for telecommunications). The next two are a country code (CC, 01 for the US). The next 1-4 digits are for the issuer, which is Apple in this case. These are not published but every iPad reveals one of them. This leaves 11-14 digits for the account number. The final digit is a check digit for error detection. So, one has to go through, roughly, 100 billion to 100 trillion ICC-IDs to find all the valid ones for Apple iPads. That is a pretty large number. Daniel Spitler wrote a simple PHP script that was colorfully named "the iPad3G Account Slurper", to automate the procedure. The set of valid ICC-IDs are not sequential. After some initial success they were having a problem finding valid ones. They guessed that the iPad 3G used ICC-IDs from different blocks of numbers. The ICC-ID is printed on the SIM, so they guessed these blocks based on Daniel Spitler’s iPad, those of acquaintances, and from public pictures of the iPad 3G shown on Flickr and other photo websites.
An app could have been written for the iPad. Since it would be unlikely such an app would be approved by Apple this would have to done with a jailbroken iPad. Such an app would still need to “spoof” the “user agent” of the browser for the iPad. Another option is to write a script for use on a computer that is not an iPad and, again, utilize a spoofed “user agent”. Whichever approach was taken, the result was that, altogether, approximately 120,000 email address/ICC-ID pairs were collected over a period of several days from June 3, 2010 up to June 8, 2010.
Note that Spitler identified the sub-blocks that Apple used by finding ICC-IDs from pictures of Ipads on Flickr. If the ICC-ID were a password why would people post this number publicly on their Flickr account? Also, the painfully obvious flaw in the DOJ's argument about ICC-IDs being passwords is that a real password was required right after ATT so helpfully filled in the email address in response to a valid ICC-ID.
On the post: The DOJ's Insane Argument Against Weev: He's A Felon Because He Broke The Rules We Made Up
Re: Ugh
On the post: NYC Tracking E-ZPass Tags All Over The City, Without Telling Drivers
Re:
"The Metropolitan Transportation Commission/511 operates a data collection system based on FasTrak toll tags to provide better information about the transportation network to Bay Area travelers, transportation managers, and transportation planners through its 511 Driving TimesSM service. To ensure that FasTrak users remain anonymous, encryption software is used to scramble each FasTrak toll tag ID number before any other processing happens. In addition, the encrypted toll tag ID numbers are retained for no longer than 24 hours and are then discarded. If you do not want your toll tag read for these purposes, place the toll tag in the special Mylar bag provided to you when you are not using it for payment of tolls at a toll plaza. The Mylar bags can be requested from the Customer Service Center. If you would like additional information about 511 Driving TimesSM and how toll tag data is protected, please visit www.511.org/copyright_items/privacy.asp."
On the post: NYC Tracking E-ZPass Tags All Over The City, Without Telling Drivers
Re:
They also allow you to use the system anonymously, though they don't make it all that convenient.
"In order to open an anonymous FasTrak account, you must visit the FasTrak Customer Service Center in person. You can open your account with cash, money order, or cashier's check. A Representative will be able to open your account without requiring customer name, address or vehicle information. (If you try to open an account online, your name, address and vehicle information will be required.)"
"All account management for anonymous accounts must be conducted in person at the FasTrak Customer Service Center, including checking your account balance, ordering additional toll tags or closing your account."
On the post: The US Government Has Betrayed The Internet; It's Time To Fix That Now
civil wars
On the post: The US Government Has Betrayed The Internet; It's Time To Fix That Now
Internet Governance
On the post: The US Government Has Betrayed The Internet; It's Time To Fix That Now
Re: trusting trust
On the post: The US Government Has Betrayed The Internet; It's Time To Fix That Now
trusting trust
I agree with Schneier that not only the protocol stack for the Internet should be an open implementation, but whatever OS as well. That means that Microsoft and Apple will have to change or be supplanted by variations of Unix. There is one thing that Schneier did not address and that is probably because he was writing to a general audience. The tools used to build a protocol stack, or OS, or hardware logic also need to be open. If you use a subverted C compiler to compile your own instance of Linux, the software still cannot be trusted.
I wrote a comment (anonymously, I didn't realize I wasn't logged in) to an earlier post on Techdirt today mentioning Ken Thompson's seminal paper on computer security; "Reflecting on Trusting Trust". If you haven't read this and are distrustful of the NSA, then read it now.
Next >>