Jump to content

Feds want to intercept and decrypt internet traffic


/dev/null

Recommended Posts

Ok, how is obtaining information from an IP router different than obtaining similar information from a telephone switch? If you're ok with the government's right to snoop on telephone conversations & telephone traffic data that are obtained at the central office, how will you carry over that right when the telephone traffic is commingled with the general IP traffic?

Again, you are confusing the applications here.

 

To use your phone analogy:

There is a difference between what you say during a phone call, and a message on your answering machine, and your private finance spreadsheet on your computer. Again, your comparison is predicated on all these things being the same.

 

Essentially, there's a difference between transmitted/transactional data and stored data. While the source of the transaction's data is itself, the stored data can be coming from someplace/someone who is not covered by the warrant. Their privacy and illegal search rights are being violated, and there's no way to tell you did it, until you do it. What's being discussed here is not only going after transmitted data(phone call), but also, stored data(answering machine). And, forcibly being able to access that stored data using a guaranteed piece of crap interface, that will be beaten by some 16 year old hacker the first week it is introduced.

 

Do you see the confusion in your comparison yet? If not, here's the next part:

IF we allow the government this back door, what is to stop them from accessing ALL the messages on the "answering machine", Since the computer is hooked up to the "answering machine", then they can access your private finances spreadsheet, too. There's no way to stop them, short of tagging every single piece of data/file, and even then, once they are in, there's no way to prove what they don't need = proving a negative. And they can't prove what they do need, because they won't know until they find it. So, it's real easy for this go from nothing to ALL, and no way to create a viable legal standard.

 

Does any of this emulate listening at the central office? Not even close. I could write 2 more pages on other reasons why this comparison is flawed. I will be happy if you simply understand the difference between transactional data and stored.

Link to comment
Share on other sites

Again, you are confusing the applications here.

 

To use your phone analogy:

There is a difference between what you say during a phone call, and a message on your answering machine, and your private finance spreadsheet on your computer. Again, your comparison is predicated on all these things being the same.

 

Essentially, there's a difference between transmitted/transactional data and stored data. While the source of the transaction's data is itself, the stored data can be coming from someplace/someone who is not covered by the warrant. Their privacy and illegal search rights are being violated, and there's no way to tell you did it, until you do it. What's being discussed here is not only going after transmitted data(phone call), but also, stored data(answering machine). And, forcibly being able to access that stored data using a guaranteed piece of crap interface, that will be beaten by some 16 year old hacker the first week it is introduced.

 

Do you see the confusion in your comparison yet? If not, here's the next part:

IF we allow the government this back door, what is to stop them from accessing ALL the messages on the "answering machine", Since the computer is hooked up to the "answering machine", then they can access your private finances spreadsheet, too. There's no way to stop them, short of tagging every single piece of data/file, and even then, once they are in, there's no way to prove what they don't need = proving a negative. And they can't prove what they do need, because they won't know until they find it. So, it's real easy for this go from nothing to ALL, and no way to create a viable legal standard.

 

Does any of this emulate listening at the central office? Not even close. I could write 2 more pages on other reasons why this comparison is flawed. I will be happy if you simply understand the difference between transactional data and stored.

 

Gee it wouldn't be like you to take a topic on a tangent, write a ten page volume describing that tangent, then going off in CAPs when people don't want to argue your tangent. Did you even read the article? No one is talking about stored content. The topic is the ability to snoop on live IP transmissions.

 

So to recap, how different is intercepting live IP traffic from listening to a phone conversation at the telephone central office?

 

Eagerly awaiting a ten page response on an irrelevant tangent.

Link to comment
Share on other sites

Gee it wouldn't be like you to take a topic on a tangent, write a ten page volume describing that tangent, then going off in CAPs when people don't want to argue your tangent. Did you even read the article? No one is talking about stored content. The topic is the ability to snoop on live IP transmissions.

 

So to recap, how different is intercepting live IP traffic from listening to a phone conversation at the telephone central office?

 

Eagerly awaiting a ten page response on an irrelevant tangent.

I did read the article, but I also read a whole bunch of other stuff you didn't read. The article talks about skype, so that the casual reader can relate to it. Let me assure you that this article represents 5% authority on this subject, and barely scratches the surface.

 

"Live IP traffic", or whatever you call it, almost always contains stored data that doesn't 100% belong to the user. Concise enough? Also, clearly the concept of "integration" eludes you.

 

You can't pick and choose which transactions you listen to, if you are listening on Facebook's port via the new "backdoor". The only way would be to have everybody's encryption keys/user ids, and if you have them all, then there's no point in "security", we might as well just send tarballs of what we do/say to the government every day. I am assuming the bad guy isn't dumb enough to use a fixed IP, so you can't get him that way. If he is, then this whole thing isn't necessary. No, the only way would be to sit on the Facebook side of things and wait until he logs in and/or somehow get some really good spyware on his machine. You'd need a keystroke logger also.

------

Uhh......forget the rest of what I was gonna say and wrote already :D

 

You could avoid all of this if you simply authorized FBI types to to install loggers on suspect's machines. THAT is all they need here.

 

You do the keylogger thing, and NOW your phone comparison is totally legit, and it's totally fine for everybody else.

 

That's the solution. It's costs next to nothing, and it only gets the bad guys, because it's on their machine, and not on a server. Good key loggers are a B word to detect, and some can even be very sneakily applied = flashing the ROM. Hell you could even make it look like a standard windows update thing.

 

Forget all this other crap. This is how you do it, and it's ballsy because you can keep changing how they work.

 

The only part that doesn't work is if the guy jumps from machine to machine. But, people usually use data sticks with that, and those are easy to swipe, flash, replace.

 

Funny, I should have thought of this earlier, but I am not used to thinking on this side of the fence.

Link to comment
Share on other sites

I did read the article, but I also read a whole bunch of other stuff you didn't read. The article talks about skype, so that the casual reader can relate to it. Let me assure you that this article represents 5% authority on this subject, and barely scratches the surface.

 

In other words, a tangent.

 

 

"Live IP traffic", or whatever you call it, almost always contains stored data that doesn't 100% belong to the user. Concise enough? Also, clearly the concept of "integration" eludes you.

 

You can't pick and choose which transactions you listen to, if you are listening on Facebook's port via the new "backdoor". The only way would be to have everybody's encryption keys/user ids, and if you have them all, then there's no point in "security", we might as well just send tarballs of what we do/say to the government every day. I am assuming the bad guy isn't dumb enough to use a fixed IP, so you can't get him that way. If he is, then this whole thing isn't necessary. No, the only way would be to sit on the Facebook side of things and wait until he logs in and/or somehow get some really good spyware on his machine. You'd need a keystroke logger also.

------

Uhh......forget the rest of what I was gonna say and wrote already :D

 

You could avoid all of this if you simply authorized FBI types to to install loggers on suspect's machines. THAT is all they need here.

 

You do the keylogger thing, and NOW your phone comparison is totally legit, and it's totally fine for everybody else.

 

That's the solution. It's costs next to nothing, and it only gets the bad guys, because it's on their machine, and not on a server. Good key loggers are a B word to detect, and some can even be very sneakily applied = flashing the ROM. Hell you could even make it look like a standard windows update thing.

 

Forget all this other crap. This is how you do it, and it's ballsy because you can keep changing how they work.

 

The only part that doesn't work is if the guy jumps from machine to machine. But, people usually use data sticks with that, and those are easy to swipe, flash, replace.

 

Funny, I should have thought of this earlier, but I am not used to thinking on this side of the fence.

 

What you just described already exists as collateral opportunity for Feds to snoop in on innocent people as part of surveilance of the parties covered under a warrant. As always it's a challenge to apply the law enforcement techniques to new technologies. Given past court rulings, law enforcement gets latitude to do their jobs and this will be resolved.

 

Why don't you start a crusade that your face may have appeared on a tape recording of a bank video moments before it was robbed, and the police saw your face when they were looking for the suspect?

Link to comment
Share on other sites

In other words, a tangent.

No, I am basically writing you off on that part of the discussion. The amount of things you don't know simply take too long to explain given your whining about the amount of info.

What you just described already exists as collateral opportunity for Feds to snoop in on innocent people as part of surveilance of the parties covered under a warrant. As always it's a challenge to apply the law enforcement techniques to new technologies. Given past court rulings, law enforcement gets latitude to do their jobs and this will be resolved.

What I described, and you keep missing for some reason, is the fact that with this approach, the warrant can be definitive, and limited to the bad guy in question, with practically 0 chance of screwing up. My approach therefore beats the hell out of what is being proposed, and it does a much better job of giving us the data we need to arrest the bad guy. You can't know where a bad guy is going to go next on the internet. IF he thinks his Facebook account is being monitored, or he is just careful, he may just go to gmail and start a new account. You can't predict where he is going to go next and be waiting for him there when he gets there.

 

If you have a keylogger, you don't have to worry, because wherever he goes, you know. And, it has the added benefit of being a more passive approach than trapping encryption keys. I almost guarantee that grabbing keys will cause a delay and different behavior when a site is accessed, and that delay/behavior, although seemingly slight in the real world, is a lifetime/blatantly obvious, and can be monitored with as little as basic javascript. Thus, the server side approach can be easily detected with some simple code. Hell you could do it with Firebug.

 

If you know a bad guy goes to a certain coffee shop that has 3 PCs, you can install on all 3, and just never look at the what comes off the keyboards that aren't used by the bad guy. Delete the stuff that is irrelevant. Do that with a judge as a witness and everything is good. There's no "collateral opportunity"(whatever that means :D ) if the judge is shown that the irrelevant data has been deleted.

 

Given all this, objectively, the server side approach is inferior. Client side is the way to go.

Why don't you start a crusade that your face may have appeared on a tape recording of a bank video moments before it was robbed, and the police saw your face when they were looking for the suspect?

We already have laws about that, which is why you see people's faces blurred out on TV whenever they show a bank robber in action. Why am I worried that "blurfaced me" was at the bank?

 

 

Look......

Crusade? You started this by asking a question. So WTF cusade? I think you have gone around the bend on this internet thing dude. You don't like the fact that that we aren't subject to the same rules you are, and it pisses you off. That much is obvious.

 

I'm immune to your kind, because I have been dealing with your crap my whole career. Yes, nothing about how my job works is "fair" to people like you, nothing. I freely admit that. We get more $$$, quicker promotions, better jobs, the works. You think we don't know it's not fair? But what the f are we supposed to do about it? Make it fairer for you? Please. Lighten up, Francis. All of your indignation and spite is going to change...exactly nothing. Time to re-think exactly who is on a "crusade" here.

Link to comment
Share on other sites

No, I am basically writing you off on that part of the discussion. The amount of things you don't know simply take too long to explain given your whining about the amount of info.

 

What I described, and you keep missing for some reason, is the fact that with this approach, the warrant can be definitive, and limited to the bad guy in question, with practically 0 chance of screwing up. My approach therefore beats the hell out of what is being proposed, and it does a much better job of giving us the data we need to arrest the bad guy. You can't know where a bad guy is going to go next on the internet. IF he thinks his Facebook account is being monitored, or he is just careful, he may just go to gmail and start a new account. You can't predict where he is going to go next and be waiting for him there when he gets there.

 

If you have a keylogger, you don't have to worry, because wherever he goes, you know. And, it has the added benefit of being a more passive approach than trapping encryption keys. I almost guarantee that grabbing keys will cause a delay and different behavior when a site is accessed, and that delay/behavior, although seemingly slight in the real world, is a lifetime/blatantly obvious, and can be monitored with as little as basic javascript. Thus, the server side approach can be easily detected with some simple code. Hell you could do it with Firebug.

 

If you know a bad guy goes to a certain coffee shop that has 3 PCs, you can install on all 3, and just never look at the what comes off the keyboards that aren't used by the bad guy. Delete the stuff that is irrelevant. Do that with a judge as a witness and everything is good. There's no "collateral opportunity"(whatever that means :D ) if the judge is shown that the irrelevant data has been deleted.

 

Given all this, objectively, the server side approach is inferior. Client side is the way to go.

 

We already have laws about that, which is why you see people's faces blurred out on TV whenever they show a bank robber in action. Why am I worried that "blurfaced me" was at the bank?

 

 

Look......

Crusade? You started this by asking a question. So WTF cusade? I think you have gone around the bend on this internet thing dude. You don't like the fact that that we aren't subject to the same rules you are, and it pisses you off. That much is obvious.

 

I'm immune to your kind, because I have been dealing with your crap my whole career. Yes, nothing about how my job works is "fair" to people like you, nothing. I freely admit that. We get more $$$, quicker promotions, better jobs, the works. You think we don't know it's not fair? But what the f are we supposed to do about it? Make it fairer for you? Please. Lighten up, Francis. All of your indignation and spite is going to change...exactly nothing. Time to re-think exactly who is on a "crusade" here.

 

It's always been clearly obvious that every topic is about you. How do people manage with the mirrors when they visit your house?

Link to comment
Share on other sites

It's always been clearly obvious that every topic is about you. How do people manage with the mirrors when they visit your house?

Right. I answer your question and solve the problems you raised...but this is about me?

 

Your nonsensical indignation, and dare I say, envy...is about me?

 

I nailed it. You know it. Time to get over your internet/"IT ain't fair" hissy fit. Things aren't ever going to be the way you think they should be on this. Move on.

Link to comment
Share on other sites

Right. I answer your question and solve the problems you raised...but this is about me?

 

Your nonsensical indignation, and dare I say, envy...is about me?

 

I nailed it. You know it. Time to get over your internet/"IT ain't fair" hissy fit. Things aren't ever going to be the way you think they should be on this. Move on.

 

Yes, envy most certainly is part of it. You must be so dreamy, women swoon when you walk by.

Link to comment
Share on other sites

Yes, envy most certainly is part of it. You must be so dreamy, women swoon when you walk by.

And yet, none of that changes the fact that you don't like IT people or our business culture, and the fact that we don't have to play by your rules throws you into fits of rage. I suit up maybe 20 days a year, and for the last 12 years, work starts for me when I roll out of bed.

 

How's your blood pressure? :D

Link to comment
Share on other sites

And yet, none of that changes the fact that you don't like IT people or our business culture

 

:huh:

 

I missed something, when did this thread become about IT people? I freely admit my bias here, but don't f*ck with IT people...we can make things very unpleasant.

Link to comment
Share on other sites

Yeah, that's it. Must be why he's such a total bastard towards me.

 

Nah, just reinforcing the anti-Tom global crusahIde. It has nothing to with my overall disdain for IT folk.

Link to comment
Share on other sites

Nah, just reinforcing the anti-Tom global crusahIde. It has nothing to with my overall disdain for IT folk.

 

You know, the anti-Tom global crusade is a worthy cause and I was on board with it. But then you had throw in your disdain for my kin.

 

The enemy of my enemy is my friend.

 

F#ck that, you both suck. And the next time your computer crashes, remember this day

Link to comment
Share on other sites

You know, the anti-Tom global crusade is a worthy cause and I was on board with it. But then you had throw in your disdain for my kin.

 

The enemy of my enemy is my friend.

 

F#ck that, you both suck. And the next time your computer crashes, remember this day

 

Yeah like I'm afraid about what you /_%@##.......

 

@¤€¥¢...........

'............

........

.

 

Picard

 

.....^[¤€

Link to comment
Share on other sites

×
×
  • Create New...