Re: JAP compromised, privacy community panics

[hans]

Juergen Nieveler <juergen.nieveler.nospam@arcor.de> wrote:

>hans@xxx.ooo (hans) wrote:
>
>> It's secret, man, they're not going to tell us anything. Don't you
>> understand how the secret police operate?
>
>It's not "secret police", it's the plain ordinary police.

Any govt affiliated entity which engages in secret undercover operations
can properly be called 'secret police'.

>Apparently
>the JAP team has been handed a court order to log all traffic going to a
>kiddie-porn site, and of course publishing the address of said site
>would interfere with the police trying to catch the people surfing for
>said kiddie-porn


Yeah sure, a likely story. It's the standard excuse given by sycophants
for all oppressive regimes -- we've got to place everyone under
surveillance
so we can catch kiddie porners, terrorists etc. Of course what
you really want to do is identify everyone who doesn't love Big
Brother.

I might ask, if the URL of the kiddie porn site is already known, why
don't the German authorities take steps to shut it down? I suspect
I know the answer. It's a sting operation of the type that the U.S.
FBI runs all the time. The site is actually run by a secret police
outfit - German, American or other - and it's being used to troll for
suckers. They are trying to entrap poor unsuspecting saps by
inviting them to connect to a "really hot site", and when they do,
BAM they're busted.

And you think that it is worth compromising JAP's security in order
to cooperate with that kind of crap?

[Anonymous]

On 21 Aug 2003, Juergen Nieveler <juergen.nieveler.nospam@arcor.de> wrote:
>hans@xxx.ooo (hans) wrote:

>> Yeah sure, a likely story. It's the standard excuse given by
>> sycophants for all oppressive regimes -- we've got to place everyone
>> under surveillance
>> so we can catch kiddie porners, terrorists etc. Of course what
>> you really want to do is identify everyone who doesn't love Big
>> Brother.

>Well, it's the story that the JAP team has been given, and they cannot
>ignore a court order.

I can't imagine a court order that explicitly states that they must create a spyware version
of software, then trick people into downloading it under false pretenses. Additionally, the
fact that they admitted it upon being asked seems to indicate they were NOT under any
compulsion not to explain themselves. They only admitted it when they were flat-out
caught.

Additionally, tricking people into installing spyware may even be illegal. At the very least,
tricking people into installing spyware under the false pretense that it is privacy software is
a form of fraud.

I'd like to see this "court order" and where it required tricking people into installing spyware
and quite possibly violating laws against distributing viruses, worms and trojans.

[Anonymous via the Cypherpunks Tonga Remailer]

On Thu, 21 Aug 2003 21:15:57 GMT, Anonymous <Use-Author-Supplied-Address@[127.1]> wrote:

>On 21 Aug 2003, Juergen Nieveler <juergen.nieveler.nospam@arcor.de> wrote:
>>hans@xxx.ooo (hans) wrote:
>
>>> Yeah sure, a likely story. It's the standard excuse given by
>>> sycophants for all oppressive regimes -- we've got to place everyone
>>> under surveillance
>>> so we can catch kiddie porners, terrorists etc. Of course what
>>> you really want to do is identify everyone who doesn't love Big
>>> Brother.
>
>>Well, it's the story that the JAP team has been given, and they cannot
>>ignore a court order.
>
>I can't imagine a court order that explicitly states that they must create a spyware version
>of software, then trick people into downloading it under false pretenses. Additionally, the
>fact that they admitted it upon being asked seems to indicate they were NOT under any
>compulsion not to explain themselves. They only admitted it when they were flat-out
>caught.
>

That's not necessarily so. I don't know German law, but e.g. the UK RIP act would compel them to do exactly as they have done. Again e.g. under the UK RIP act, it is illegal to disclose that you have been compelled to install logging, had a warrant served on you, had your encryption keys seized etc.

I think perhaps all they could do to tip people off that the system was now bugged, was "dumbly" publish the source code as usual in the hope that somebody spotted it.

That said and done, they could have taken a small risk and simply leaked things here anonymously.


All that notwithstanding, the JAP project is now effectively over. It has been fatally compromised. Sadly it has fallen all too easily when challenged. Perhaps the only bit of good to be taken from this, is the proof that any system that can be compromised by a legal attack at a single point offers no real protection.


>
>Additionally, tricking people into installing spyware may even be illegal. At the very least,
>tricking people into installing spyware under the false pretense that it is privacy software is
>a form of fraud.
>
>I'd like to see this "court order" and where it required tricking people into installing spyware
>and quite possibly violating laws against distributing viruses, worms and trojans.