Roy Schestowitz wrote:
> How NSA access was built into Windows
>
> ,----[ Quote ]
> | A careless mistake by Microsoft programmers has revealed that
> | special access codes prepared by the US National Security Agency
> | have been secretly built into Windows.
> | [...]
> | The first discovery of the new NSA access system was made two years
> | ago by British researcher Dr Nicko van Someren. But it was only a
> | few weeks ago when a second researcher rediscovered the access
> | system. With it, he found the evidence linking it to NSA.
> `----
> http://www.heise.de/tp/r4/artikel/5/5263/1.html
Keep in mind that during the mid 1990s, the NSA was very concerned
about the use of encryption, especially after the truck-bombing of the
World Trade Center in 1993. The were so concerned that the went after
the creators of PGP encryption. As a comprimize the PGP encryption
was modified to enable the NSA to more easily decrypt the story.
> With Windows, the user does not own the operating system (just a license to
> use it). Moreover, the US Government is free to access the system whenever
> it desires to do so.
Oh, let's be fair. With all of the back doors and alleyways Microsoft
has built into Windows, almost anybody is free to access the system
whenever they desire to do so. There are about 275,000 viruses known
to have infected at least some computers, some have infected hundreds
of millions of computers. Heck, even 12 year-old script kiddies can
break into Windows. I'm surprised the NSA still thinks they need that
magic key.
Just kidding of course. But remember that the Clinton Administration
was trying to legislate and mandate the clipper chip, which had the
little back door in it. Shortly after it was introduced to the public,
it was cracked and found to be completely ineffective for security
purposes. The fact that Microsoft has the key should be enough to
worry most people.
> Related:
>
> Data Protection Commissioner criticizes search of private PCs online
>
> ,----[ Quote ]
> | "In the case of a search via the Internet a police officer covertly,
> | without the person knowing about it, accesses a person's computer."
> | During such an operation he or she might copy data and obtain all
> | kinds of personal documents; the police officer was acting as a "state
> | hacker," so to speak. Mr. Schaar observed. "Such an approach is in
> | conflict with the legal obligation to protect the core of
> | individuals' privacy," Mr. Schaar stated emphatically.
> `----
> http://www.heise.de/english/newsticker/news/82529/from/rss09
Actually, your Microsoft EULA grants permission for such access, with
Microsoft's permission.
Normally, electronic wiretapping cannot be done by law enforcement
officials for the purpose of prosecution without a court ordered search
warrant. On the other hand, such information can be used to prevent
certain crimes such as acts of terrorism. With a proper court order,
the information provided can be used as evidence. Without a court
order, it can only be used to thwart a planned deed. For example, one
of the 9/11 crews who was planning to take another plane was thwarted
when the police stopped one of the would-be perpetrators for a "tail
light problem" and simply detained them for a short period (messing up
the timing required to make the rest of the plan work).
There has always been a strange constitutional wall between the
intelligence community and the law enforcement community. They can
often suggest that someone be interviewed, but can't tell what they
know. The problem is the "poison fruit" doctrine, which basically says
that unless discovery is eminant, the evidence of an illegal search or
interrogation cannot be used in court, furthermore, all information
gained as a result of the illegal search or interrogation, including
follow-up interrogations, secondary discoveries resulting from the
primary discovery, and so on, also cannot be used in court.
> Could Hollywood hack your PC?
The answer is, if you are running Windows - Yes!. In fact, some some
programs such as Windows media manager, roxio player, and ipods
actually keep a record of what you play, and provide that information
to the publishers. The royalties are apportioned based on the
playlist. In exchange, the user gets information about the song, the
artist, and possibly even some backgound information.
> ,----[ Quote ]
> | Congress is about to consider an entertainment industry proposal
> | that would authorize copyright holders to disable PCs used for
> | illicit file trading.
> `----
> http://news.com.com/2100-1023-945923.html
Actually, congress doesn't need to authorize it. It's in the Windows
Vista EULA. If Microsoft believes that the user is illegally copying
ANY copyrighted works, that is a violation of the EULA, and Microsoft
can disable the PC until they are satisfied that the PC is not being
used for intellectual property theft.
Keep in mind that the players themselves also have this option. Most
of the download services have agreements to police the use of their
software. If you illegally download shared software, there are ways to
find out how you got it, and the player can be disabled. Furthermore,
there is a "pedegree" which indicates which sites were used in the
piracy.
Ironically, Linux servers provide even better auditing, and if software
is pirated, the audit history can be combined with court ordered
searches of the Linux workstations and/or servers which provides a
pretty robust evidence trail.
Ironically, the hardest link to trace is the Windows PCs involved in
the piracy. DHCP can assign temporary IP addresses, making it very
difficult to know who had which address at what time. Fortunately,
most POPs use UNIX or Linux based connection servers, which makes it
much easier to at least know which intefrace had which address at what
time. There are still ways to thwart detection, including changing the
MAC address manually.
And then there is the lack of audit history on the Windows box. Is
this really a crime committed by the assigned user of the machine, or
just someone who has managed to aquire access to his machine using
remote access or similar override technology? It might even be that
the ActiveX control you read when you previewed that HTML encoded
e-mail on Outlook - posted pirated music or videos on your behalf, but
Windows has completely forgotten all about it. In fact, the ActiveX
control might even disable itself. You might even delete it yourself
when you realize that it was just a phishing expedition. The problem
is that you didn't have to do anything but you'll now get blamed, and
you just deleted the evidence that could have cleared you.
Remember, the penalty for copyright violation is normally 5 years
and/or $15,000 per offense. The penalty for video piracy, especially
of full length movies, is 10 years and/or $25,000 per offense. The
good news is that a good lawyer can get you a plea bargan and you can
serve the time concurrently. If you fight, you could serve the time
consecutively. Upload 5 songs to someone's web site, and then play
hardball with the police, and you could be facing the same penalty as
for murder.
Help the cops, give them your computer, and be really nice, and you
might even get a reccomendation. You could be doing your time in
minimum security prison, and get out in as little as 2 years.
Suddenly having your computer shut down doesn't seem so bad, does it?
Do you have shareware? Have you registered it within the permitted
time frame? Do you have a copy of windows you copied from one computer
to another? Do you have ANY software that you have moved from one
machine to another? The irony is that in some audits, they have found
piracy in as much as 85% of the computers, but each incident has an
average value of only about $50. Yet with Microsoft's ability to turn
your computer over to the cops, even if they can't prosecute you for
terrorism, they can prosecuter you for copyright violations.
It's a bit like the sodomy laws. When the prosecution can't prove
Rape/Sexual Assault beyond a reasonable doubt, they can usually prove
the sodomy. The jury can dismiss the rape, convict the sodomy, and the
judge can impose almost the same sentence.
> http://schestowitz.com/Weblog/archives/2006/08/14/microsoft-us-spy/
> http://schestowitz.com/Weblog/archives/2006/03/04/vista-encrypted-filesystem/
Like it or not, big brother is watching you. If you are logged into a
computer, they can tell when you were active based on your browser logs
and posting activities. Use your cell phone, they have your GPS
coordinates, use a credit card, they can find out what you bought, all
you have to do is walk within the field of view of an ATM, speeder cam,
security camera, or other monitoring devices, and they can verify your
activities. Use an EZ-Pass or SpeedPass and they know where your car
has been. Check into a hotel, they have your picture, just walk into a
bank, they have your picture.
Of course, you're not that interesting. There are 300 million people
in the united states, including about 100 million adults, and another
100 million children/teenagers who are capable of knowingly committing
a major crime. The problem is that even though your images are
recorded, if nothing interesting happens, it will be overwritten within
a week or so anyway.
But we get much more sensitive when someone tells us that the
government can look at our PCs. Partly because these are PERSONAL
computers. We don't entirely trust our government officials, partly
because they are politicians, or their activities are guided by elected
officials. Could a politically motivated effort result in a false
positive? Could an election be influenced by sharing information?
Unfortunately the answer is yes!
Those chats to interns by Tom Foley were on his PERSONAL computer. Ted
Kennedy made the TSA "No Fly List" and missed critical political
rallies in Ohio, Pennsylvania, and other "undecided" states, just a few
weeks before the election. Cat Stevens was sent back to England
because he was raising money for an organization that the DHS decided
was a "terrorist organization", Stevens thought he was raising money
for kids orphaned by the wars in Afghanistan and Iraq.
It's amazing how easy it is to become "Interesting". Actively oppose
politicians. Actively expose crimes of major corporations. Actively
report the criminal activities of high ranking politicians, high
ranking corporate officers, or high ranking government officials, and
you could find yourself the target of a "PC Raid", to see what you
might be up to. The information could be publicly disclosed, the
letter to your mistress could be sent to your wife, the kinky letter
from your wife could be sent to your boss, or every single item on your
credit card could be audited by the IRS.
The only way to "drop off the radar" is to give up the credit cards,
driver's licenses, and only use public telephones. Avoid public
places, especially shopping malls and other areas frequented by "Middle
Class" Americans. Don't get married (if you get divorced you become
"Interesting" as a dead-beat dad). Don't vote, don't work for anything
other than pure cash payments (or work for minimum wage and get
cash-only tips and bonuses). Live in hotels that accept cash payments,
and avoid airports, ATM machines, and franchise convenience stores.
Become what George Orwell called a "non person".
The other alternative is to be a "completely open book". Make your
innermost thoughts, desires, and hopes public, eliminate any personal
secrets that could be used to influence you, by being totally open
about it. It's ironic that Bill and Hillary Clinton were elected even
though they said "our sex lives are between me and Bill, and of people
don't like that, they should vote for someone else". And get Bill
Clinton was Impeached because he denied having "Sexual Relations". The
big lie was that "the underwear slipped". And even this was only on
the basis of a 14 hour interrogation of Monica Lewinski, after she was
denied a lawyer. Perhaps if she had gotten a lawyer when she was
filling out her deposition in the Paula Jones case, she wouldn't have
needed to worry then.
Remember, the Lewinski thing blew up in the first place because of
e-mail. And information that could only have been on Ken Starr's
computer were leaked to the press. Which seems to mean that even the
computers used by government officials are safe from the press and
other politically motivated investigators - when they are running
Windows.
Keep in mind, using Linux doesn't completely protect you from a court
ordered wire-tap. If you use public key exchange, authorized law
enforcement agencies can get those keys, with a court order.
But there is one other arena which makes computer privacy a joke. It's
the ability of a corporation to act as a "snitch", an unpaid informant.
A company like Microsoft could, for whatever reasons, decide to
provide "tips" or other "information" to government agencies, based on
their requests, without a search warrant. In the law, it's the same as
when a police officer asks the local hookers or drug dealers to find
out about some criminal activity, or about a particular individual.
They keep their eyes and ears open, and when they find something, they
can provide the information. The "compensation" is usually a "get out
of jail free" card.
Remember though, that if the informant is paid, he is acting on behalf
of the police and warrant and probable cause laws apply.
Could Microsoft have provided information about terrorists and
terrorist organizations in exchange for leniency in the antitrust case?
Could they have provided information about drug dealers and pedophiles
in exchange for lenient treatment by the states? If so, there would
probably be no record of it, other than some reference to "a reliable
informant who wishes to remain unnamed".
There's a pretty good chance that IF you did something to give yourself
a really high profile, like hang around with known terrorists, high
volume drug dealers, and start whistle blowing on public officials.
George Orwell wasn't so far off. Bill Gates had this vision of a
"Microsoft controlled paradise" and announced it as early as 1994.
Most people didn't take it seriously. But it was an interesting usenet
topic and led to the creation of the GNU Manefesto, the equivalent of
Martin Luther's little note on the church door. Bill Gates felt that
information was power, and that information could be used to prevent,
and even end wars. Ironically, he was probably right. Because both
sides could read each other's mail, the cold war, which was essentially
a war of information, did prevent a number of shooting wars, and almost
certainly prevented several potential nuclear exchanges. Ironically,
Ronald Reagan used this knowledge that he was being monitored, to
ultimately end the cold war. He convinced even his closest aids that
he was crazy enough to launch first-strike, and that he was willing to
use "Star Wars" technology (actually, laser guided missles, sattellite
positioning, and remotely piloted aircraft) to trigger armageddon. It
worked beautifully, and with George H.W. Bush and his tight
intelligence connections, the 12 year effort ultimately led to the fall
of the Berlin Wall, and later the democratization of the Soviet Union
(we would be hard pressed to call it freedom or democracy, but compared
to what they had had since Stalin, it was a level of freedom they
hadn't had since about 1917.).
|
|
