A message from John Gilmore - crypto expert. Posted to the Cryptography mailing list.

From: John Gilmore
Subject: Why we spent a decade+ building strong crypto & security
Date: Tue, 19 Nov 2002 13:47:45 -0800

--------------------------------------------------------------------------------

The US government's moves to impose totalitarian control in the last
year (secret trials, enemies lists, massive domestic surveillance) are
what some of the more paranoid among us have been expecting for years.
I was particularly amused by last week's comments from the
Administration that it'll be too hard to retrain the moral FBI agents
who are so careful of our civil rights -- so we'll need a new
domestic-spying agency that will have no compunctions about violating
our civil rights and wasting our money by spying on innocent people.

While there's plenty of fodder for argument among the details, the
overall thrust of the effort seems pretty clear.

Now's a great time to deploy good working encryption, everywhere you
can. Next month or next year may be too late. And even honest ISPs,
banks, airlines (hah), etc, may be forced by law or by secret pressure
to act as government spies. Make your security work end-to-end.

Got STARTTLS?
Got IPSEC?
Got SSH?

Use it or lose it.

John Gilmore

posted by mt at 12:26

This is strange and scary.

Former New Kid on The Block Jordan Knight will release two new singles on December 2, 2002. The songs are available only through his www.JordanKnight.com site. The new interactive website will featuring music videos, original stories from Jordan, step by step dance instruction, fan club, chats with Jordan, contests and games as well as the opportunity to play an online game against Jordan. The site also includes my favorite the JORDAN TRACKER: Jordan Knight Positioning System - a world map on the homepage includes a blinking dot on Jordan's exact location.

posted by mt at 12:23

Takes time. All the redtape and hoops...

Bush administration officials acknowledged today that the Department of Homeland Security would need years to organize itself fully and that the logistics involved in merging 22 agencies and nearly 170,000 government workers into a giant new bureaucracy could threaten to divert the department from its central mission of safeguarding the American public from terrorist attacks.

posted by mt at 09:10

The Wall Street Journal has an interesting story on an FBI watch list which took on a life of its own. Definitely worth a look if you can find a copy - very relevant considering the recent talk of massive government-corporate database sharing.

LAS VEGAS -- When a patron at the New York-New York casino plugged his frequent-player card into a slot machine one day this summer, something strange happened: An alert warned the casino's surveillance officials that an associate of a suspected terrorist might be on the grounds.

How did a casino's computer make such a connection? Shortly after Sept. 11, the FBI had entrusted a quickly developed watch list to scores of corporations around the country.

Departing from its usual practice of closely guarding such lists, the FBI circulated the names of hundreds of people it wanted to question. Counterterrorism officials gave the list to car-rental companies. Then FBI field agents and other officials circulated it to big banks, travel-reservations systems, firms that collect consumer data, as well as casino operators such as MGM Mirage, the owner of New York-New York. Additional recipients included businesses thought vulnerable to terrorist intrusion, including truckers, chemical companies and power-plant operators. It was the largest intelligence-sharing experiment the bureau has ever undertaken with the private sector.

A year later, the list has taken on a life of its own, with multiplying -- and error-filled -- versions being passed around like bootleg music. Some companies fed a version of the list into their own databases and now use it to screen job applicants and customers. A water-utilities trade association used the list "in lieu of" standard background checks, says the New Jersey group's executive director.

posted by mt at 08:01

From Reuters:

WASHINGTON (Reuters) - A special, secretive appeals court on Monday said the U.S. government has the right to use expanded powers to wiretap terrorism suspects under a law adopted by Congress after the Sept. 11, 2001, attacks.

The ruling was seen as a setback for civil libertarians who have said the expanded powers, which allow greater leeway in conducting electronic surveillance and in using information obtained from the wiretaps and searches, jeopardize constitutional rights.

In a 56-page ruling overturning a May opinion by the secret Foreign Intelligence Surveillance Court, the three-judge appeals court panel said the Patriot Act gave the government the right to expanded powers.

posted by mt at 13:29

News.com reports on the Department of Homeland Security. Good editorial piece.

Washington's centralization of computer security could improve federal agencies' practices--and create a near-irresistible temptation to start telling American businesses what to do. "We right now don't feel that the bill threatens industry," Rodger says. "That said, we're definitely more watchful and definitely more vigilant because we're looking at a government that has taken more power upon itself."

posted by mt at 12:50

More info on the Pentagon cracker.

Usenet posts show Gary McKinnon was a bit of a phone phreak, knew where to buy lock picks, and had an early interest in defense computers. A former employer says he was bored at work.

The British man accused of the most ambitious hack attacks against Defense Department computers in years was also a fine network administrator, according to a former co-worker.

posted by mt at 12:17

Funny article about a guy who stumbles onto the world of war driving and wireless security.

So how bad is it out there? I've picked up more than one police station, doctor's office, and business that not only leave their networks unencrypted, but also open for anyone to join. You might not be upset that your porn surfing is being broadcast to the whole network, but what if your medical information was being radiated out to the whole block when Dr. Jones looks at your files? I work in the Health Care industry when I'm not slaving at Rush, and I know how much time we spend worrying about protecting patient data. Careless stuff like this undermines even the more careful employee. What about the police networks? If they are this lax with security, could you waltz into their internal network from the parking lot? Maybe. Then what kind of damage could you do?

posted by mt at 13:36

Is anything funnier than a politician discussing technology? Lamar Smith on CSEA:

Earlier this year, Smith said: "Until we secure our cyberinfrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives. A mouse can be just as dangerous as a bullet or a bomb." Smith heads a subcommittee on crime, which held hearings that drew endorsements of CSEA from a top Justice Department official and executives from Microsoft and WorldCom.

Gotta love it. I appreciate their efforts, but why such drama?
posted by mt at 11:42