Using “evil” dataretention for emergency (e911 and 112) services good

LunaticThought wrote an article “Using “evil” dataretention for emergency (e911 and 112) services good” which suggests that it’d be a good idea to swat two flies in one stroke if the location register is merged with the data retention archives. Personally I think e911 services are not going to benefit from the data retention integration. The other way around is a huge benefit for the Four Horsemen of the InternetApocalypse.

It can be argued that when the information on location for the e911/112 services is properly implemented the EC will jump on that with a ferocity equal to a starved bear in spring. Because one of the most important questions asked in any intelligence question is where was that target at the time? A location register where each registration is maintained will be a goldmine. Especially when more and more GSM/UMTS phones are also Wifi capable and these phones will most happily route their calls through wifi. You don’t see this in ordinary GMS-like networks, because there is almost no roaming inside one country. But roaming through the house I’m visiting (even though I’m not calling) with automatic roaming on the near-by wifi will be a different beast.

Concluding this rather not too clear piece, I think that the proponents of the data retention regulation have a lot to gain with a properly implemented e911/112 service. The other way around not so, it will even drive costs up.

Technorati Tags: , ,

Wiretap laws in the USA

The Bush administration has created some stopgap legislation that enables the NSA to basically wiretap just about anyone anytime. Well, as a European, we’re used to that. But now the US citizens are also under surveillance, which is a bad thing.

Enter the new RESTORE act, and SecurityFocus wrote an article on the matter.

Powered by ScribeFire.

Technorati Tags:

UK Police Can Now Demand Encryption Keys

Bruce Schneier has an entry on his weblog about the UK police that have gotten the legal means to obtain encryption keys. Refusing to hand over the keys results in a maximum five year penalty.

Is this a smart law? I do not think so. There are a number of cases to be observed:

  • Handing over the key can also be described as ‘telling your password/phrase’. In a common situation all digital evidence is seized to be sorted out later. In that case, if they find a cryptocontainer you used twelve months ago on a forgotten USB stick (why, you do encrypt your USB stick, right?) chances are that I have forgotten the passphrase and/or thrown it away. I often use a line from a newspaper clipping or tear-off calendar as a phrase. This is very secure and also a sure-fire way to forget the phrase once it’s no longer needed. Ehm, but I have no way of proving that I used this method and I genuinely do not remember the phrase. This will get interesting in court.
  • What are they going to do with ephemeral keys? For instance, the temporary RSA key used in SSH2? Currently I have no means of retaining that key.
  • Do I have to retain the sessionkey for the HTTPS session to login to paypal, or is that paypal’s obligation?

I have missed other use-cases where it will be difficult for a law-abiding, yet security minded person to adhere to this law, even if I wanted to.

It feels like the bigger case from the compulsory identification law in the Netherlands. In that law it is stated that you are not required to carry an ID, but you have to be able to show one if you are asked for it by the police. In theory this is used to help the cases against the four horsemen of the information apocalypse. In practice it’s used as a ‘fine-doubler’ where the fine for a minor misdemeanor (jaywalking) is effectively doubled with the misdemeanor of not being able to show your ID. Seriously, this is going to catch terrorists?

But, if the law is made in the UK, you can start the counters for it to be implemented in the rest of the EU as well.

GeoIP stuff

Sometimes it can be fun to look at the various countries visitors are coming from. Of course, there are entire industries built on that premise. For my own memory I’d like to mention the two I’ve found so far. This page’ll probably be updated with more sites.

I haven’t compared the results. Did anyone else?

Powered by ScribeFire.

Artificial Intelligence

The Artificial intelligence Lab of the university of Arizona have done quite a lot of research on the topic of recognizing people by the way they write (as in, formulate their sentences, the choice of words, etc). It’s done as part of the Dark Web Terrorism Research projects which:

aim to develop and evaluate scalable techniques for collecting and analyzing terrorism information, modeling terrorist behavior and terrorist networks, and disseminating information to the terrorized (victims and citizens). The various various approaches and methods developed in these projects contribute to advancing the field of intelligence and security informatics.

It’s very interesting research and I wouldn’t mind to see this in various tools which can be used in fraud cases for instance.

Technorati Tags: ,

Technorati Tags: ,