Speak of the Devil

Eugen Leitl eugen at leitl.org
Fri May 19 08:29:05 UTC 2006 

On Fri, May 19, 2006 at 03:59:46AM -0400, Dan Mahoney, System Admin wrote:

> I can't speak for the british government, but if someone came to me and 
> said "someone is using your SSL-enabled webmail system to traffic kiddie 
> porn" and felt that somehow the easiest way to sniff their traffic was 

I can't believe you have actually bought into this tripe about
terrorists, and pedophiles. Consider it the new Godwin's law:
if someone mentions pedophiles, terrorists and drug traffickers
in order to justify wiretapping, that argument is automatically
nil and void.

> with my private key (as opposed to just asking me to tap their spool 
> dir, tar up their homedir, and gladly hand over any information 
> associated with them), I'd be more than willing to cooperate.  With 

Are you running a Tor node? You should not be running a Tor node.

> probable cause.  I know warrants are difficult, but I come from a law 
> enforcement family.
> 
> Sadly, the truth here is that if someone is using my server, then the 
> fedgov HAS to act as if I am in on this, and will likely blow their 
> investigation if they contact me -- at least this is how procedural rules 
> are set up for them.

So basically I can use bogus pedophile and terrorist charges to
shut down about anybody? No doubt that's terribly convenient for
some people.
 
> I've investigated kiddie porn complaints on my network, and let me say 
> this in total seriousness -- while we've all seen the maxim-like young 
> looking models that are just recently 18 (hell, they advertise on regular 
> cable here in the states)...every once in a while you come across a site 
> like the ones in question that is so blatant, so disgusting -- where 
> there's no question in your mind that yes, that's thirteen.  Following 

What has this to do with turning over your keys because somebody
claims that children are being violated somewhere?

> that, there's a fit of nausea and a willingness to research some drug or 
> amount of voltage that can remove the images you've just seen from your 
> mind.  I'm told the sensation is about ten times worse if you're a parent.

So, again, what has moral indignation to do with cooperating with
people who you *know* would lie and bend the law to their advantage?
 
> With that said, however...
> 
> There's nothing stopping governments from logging the traffic (possibly at 
> a higher level, like the upstream level) and then getting a subpoena for 
> whatever key was used to encrypt it.
> 
> The PROBLEM with this method is that once the length of the warrant has 
> expired, 99 percent of people out there DO NOT check CRL's.  I myself am 
> guilty of this.  I.e. once the government HAS your key, they've got it for 
> the lifetime of your cert -- and while you can certainly retire that cert 
> from use, there's no way to prevent the now-compromised cert and key from 
> being used creatively for the remainder of the validity period.
> 
> Or am I wrong here?

Yes, you're being a good German here. Facilitating the totalitarian
takover, by cooperating instead of being difficult.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060519/77b2f961/attachment.pgp>

More information about the tor-talk mailing list