Interesting People mailing list archives
IP: ROOTS & PRIVACY ISSUES
From: Dave Farber <dave () farber net>
Date: Sat, 13 Apr 2002 15:06:13 -0400
This is sent with some trepidation since I have no way of verifying the claims. However I have felt that there are serious security concerns in our current structure. This is not easily cured and is not a reflection on any current organization. It will not be fixed by simply changing who controls what or which country controls what . So read with care. Dave ------ Forwarded Message From: Joe Baptista <baptista () dot-god COM> Date: Sat, 13 Apr 2002 09:58:36 -0700 (PDT) To: Dave Farber <dave () farber net> Subject: Dave FYI - ROOTS & PRIVACY ISSUES - Release Date: April 13, 2002 PRIVACY AND SECURITY ISSUES WITH RESPECT TO THE CONTINUED OPERATION OF THE LEGACY ROOTS BY THE UNITED STATES GOVERNMENT. This past January 21st the dot.GOD Registry released a copy of a letter sent to the U.S. Department of Commerce. http://www.dot-god.com/information/doc/doc-jan-21-2002.html Our correspondence was shared with members of the European Parliament. Our intent was to draw attention to paragraph 7 of our letter which said: "We have also identified potential risks to anyone who uses the legacy roots. The continued operation of these roots by Commerce can be subject to abuse. It is technically possible to use root servers to redirect traffic to a single point where it can be monitored. This gives your department the unprecedented power to violate the privacy of any individual, group, or government using the U.S. root system to navigate the Internet. Recent changes to U.S. law encourage the interception of Internet traffic. This in our opinion poses a serious threat to the integrity, security and privacy of Internet users." We were successful. As a result of our correspondence a number of queries were made of the U.S. DOC resulting in a meeting between Joe Simms (ICANN) and Chrisopher Wilkinson of the European Commission - Department for Information Society. http://www.icannwatch.org/article.php?sid=554 Mr. Simms attempted to satisfy the european concerns by offering them a board seat at ICANN. It is our opinion that this offer will fail. ICANN is unable to provide the necessary technical gurantees to the EU that the USG legacy root is free from tampering. To that end it is our intention to disclose evidence of a root interception conducted by us on a root system formerly operated by Diebold Inc. (NYSE - DBD) http://www.diebold.com/ on arpa infrastructure owned by Planet Communications & Computing Facility, a division of The dot.GOD Registry, Limited. Diebold Inc. operated two root servers on behalf of the Open Root Server Confederation. Unfortunately they failed to get our permission and when our contractual obligations to Diebold ended we intentionally redirected their traffic to our site by collapsing the root to a single point. As a result of this action a number of internet users were unable to surf the web until such time as they changed their dns pointers. Our logs show some of the organizations affected by our action included the Ministry of Education for the Grand-Duchy of Luxembourg, the University of California, and a large ISP also located in California - zNET Internet Services. It is our position that the USG is in a position to use the same tools and proceedures deployed by us. This means the U.S. Government has the power to redirect internet traffic using the legacy roots to proxy servers in order to effect surveillance against approximately 70% of the internets user population. It is our position that governments, business and individuals world wide can have their privacy rights violated without due process. This of course violates a number of EU privacy regulations and directives. To prove our point we will be releasing the logs of this interception to members of the european, canadian and australian parliament. We are also making these logs available to the press and other members of the public. Unfortunately the logs contain user activity such as user names, passwords and potential credit card transactions. If you are interested in getting a copy we will require a signed non-disclosure agreement which is indexed at: http://www.dot-god.com/communications/Diebold_Inc/ndc.html I can also be reached at 1-705-741-3414 to answer your questions. regards Joe Baptista, Managing Director The dot.GOD Registry, Limited http://www.dot-god.com/ ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: ROOTS & PRIVACY ISSUES Dave Farber (Apr 13)