Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Standing Up Against German Laws - Project HayNeedle

From: imipak <imipak () gmail com>
Date: Wed, 14 Nov 2007 21:01:19 +0000
Hi Raju,

On Nov 14, 2007 3:20 AM, Raj Mathur <raju () linux-delhi org> wrote:

The mail addresses can only be stored if the server through which the
mail is relayed (or on which it originates) falls under the law.  I'd
presume that's not a significant percentage of all mails sent out from
any country.




(a) (as you say) they can of course be trivially extracted from the
traffic flow at the provider level.  cf the current EFF / NSA / San
Francisco case - that (as I understand it) is probably in breach of
the US Constitution, yet it happened/is happening. The German law, and
similar laws in the UK and other countries, implicitly (at least)
enables such tactics;

(b) most mail users use mail servers at their employers or their local
ISP (ISPs with retail presence in multiple territories will of course
have mail servers in situated locally);

(c) the balance, excluding those weirdos running their own personal
MTA / MSAs, will be using webmail services like Hotmail and Gmail.


Tracerouting from the machine I'm typing this on (in the UK) shows a
route through my ISP, to LINX (the London IX), and then straight into
Google space. The RTT all the way to the final hop is in the 30ms
range:

[...]
 8  209.85.248.80 (209.85.248.80)  25.302 ms   24.348 ms   25.605 ms
   MPLS Label 548800 TTL=1
 9  209.85.248.79 (209.85.248.79)  27.972 ms   36.281 ms   26.562 ms
10  72.14.233.77 (72.14.233.77)  28.266 ms   29.057 ms   27.273 ms
11  66.249.94.146 (66.249.94.146)  29.517 ms   30.668 ms   30.179 ms
12  ik-in-f19.google.com (66.249.91.19)  28.092 ms   27.926 ms   28.564 ms


...which strongly suggests to me that the front-end Gmail webserver my
"mail" hits is probably pretty close to me.  It's certainly not on the
other side of the Atlantic. There's quite a lot of cooperation between
EU member states, would a "UKUSA"-type arrangement in the EU be very
surprising?


=i


On Nov 14, 2007 3:20 AM, Raj Mathur <raju () linux-delhi org> wrote:

On Tuesday 13 November 2007 15:29, Florian Echtler wrote:

[snip]
As a native German speaker, allow me to clarify: with respect to IP
communication, the law mandates saving the following information for
6 months:

- which customer was assigned which IP for what timespan
- sender mail address, receiver mail address and sender IP for each
mail - in case of VOIP: caller and callee phone number and IP address


The mail addresses can only be stored if the server through which the
mail is relayed (or on which it originates) falls under the law.  I'd
presume that's not a significant percentage of all mails sent out from
any country.

Of course, it's also possible to track (snoop) all SMTP traffic on the
network, but that's totally different from just keeping mail and AAA
server logs and from my understanding that's not what this law
mandates.

Regards,

-- Raju
--
Raj Mathur                raju () kandalaya org      http://kandalaya.org/
 Freedom in Technology & Software || February 2008 || http://freed.in/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
PsyTrance & Chill: http://schizoid.in/   ||   It is the mind that moves





-- 
And what exactly is a dream?
And what exactly is a joke?
                                            - Syd Barrett
Previous By Date Next
Previous By Thread Next

Current thread: