[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Covert Access to Data and ID

To: [email protected]
Subject: Covert Access to Data and ID
From: John Young <[email protected]>
Date: Wed, 08 Jul 1998 11:42:39 -0400
Cc: Dave emery <[email protected]>
Sender: [email protected]

Dave Emery's remarks on government access to
keystrokes (proposed by the NYT as an alternative
to GAK) points to the probable increase of intrusive
devices to counter increasing use of encryption
and other privacy and anonymity measures.

This topic comes up here now and then, with
mentions of a slew of methods to protect privacy of 
data during transmission or storage. But the possibility
of logging the initial creation or manipulation of data is
not as often discussed, nor how to tie a person to
the data, as now being asked in legal and law
enforcement fora to identify, catch, convict and
jail computer culprits.

That the NYT floated the idea surely means someone
is testing public response to an idea that seems to
be more intrusive than GAK: the logging of initial
data and any manipulation of it, prior to encrypting,
and maybe including a means to link the actions to
the user.

If this is logging (and related retrieval) is done covertly, 
encryption could thereby become a falsely reassuring 
cloak of privacy.

Dave thinks devices like these are surely in the works,
and he can say more about their sponsors, technologies 
and implementations.

One driving force, as he previously noted, is the desire
for devices to assure copyright protection, backed by the 
WIPO treaty, which now being considered for approval. 
See the House report on it at:

   http://jya.com/hr105-551.txt  (141K)

And the EFF and ACLU opposition to it:

   hr2281-opp.htm

Other forces, though, are employers who want to snoop,
law enforcement, government, marketers, actually the
same groups who dislike privacy protection measures,
but often prefer to snoop covertly while loudly proclaiming
support for privacy.

Thus, the more general question Dave has raised is how
widespread is the development and implementation of
technolgies for covert surveillance on the Web and in 
desktop boxes -- happily spreading quietly while attention 
is focussed on the very encryption which it will circumvent?

And what are these devices, or what might they be, what 
might be countermeasures and who might be working for 
and against them. SDA must have insights to share.

Over to Dave Emery and those more knowledgeable. 

For those who missed his earlier message we've put it, with a 
follow-up at:

   http://jya.com/gaks-de.htm

Follow-Ups:
- Re: Covert Access to Data and ID
  - From: Adam Shostack <[email protected]>
- Re: Covert Access to Data and ID
  - From: Mok-Kong Shen <[email protected]>
- Re: Covert Access to Data and ID
  - From: attila <[email protected]>

Prev by Date: Re: IP: "CyberCash can't oust credit cards"
Next by Date: U.S. relaxes licensing grip on encryption
Prev by thread: Re: Covert Access to Data and ID
Next by thread: Re: Covert Access to Data and ID
Index(es):
- Date
- Thread