Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: ROOTS & PRIVACY ISSUES

From: Dave Farber <dave () farber net>
Date: Sat, 13 Apr 2002 15:06:13 -0400
This is sent with some trepidation since I have no way of verifying the
claims. However I have felt that there are serious security concerns in our
current structure. This is not easily cured and is not a reflection on any
current organization. It will not be fixed by simply changing who controls
what or which country controls what .

So read with care.

Dave


------ Forwarded Message
From: Joe Baptista <baptista () dot-god COM>
Date: Sat, 13 Apr 2002 09:58:36 -0700 (PDT)
To: Dave Farber <dave () farber net>
Subject: Dave FYI - ROOTS & PRIVACY ISSUES

- 

Release Date: April 13, 2002

PRIVACY AND SECURITY ISSUES WITH RESPECT TO THE CONTINUED
OPERATION OF THE LEGACY ROOTS BY THE UNITED STATES GOVERNMENT.

This past January 21st the dot.GOD Registry released a copy of
a letter sent to the U.S. Department of Commerce.

http://www.dot-god.com/information/doc/doc-jan-21-2002.html

Our correspondence was shared with members of the European
Parliament.  Our intent was to draw attention to paragraph 7
of our letter which said:

  "We have also identified potential risks to anyone who
  uses the legacy roots. The continued operation of these
  roots by Commerce can be subject to abuse. It is
  technically possible to use root servers to redirect
  traffic to a single point where it can be monitored.
  This gives your department the unprecedented power to
  violate the privacy of any individual, group, or
  government using the U.S. root system to navigate the
  Internet. Recent changes to U.S. law encourage the
  interception of Internet traffic. This in our opinion
  poses a serious threat to the integrity, security and
  privacy of Internet users."

We were successful.  As a result of our correspondence a
number of queries were made of the U.S. DOC resulting in a
meeting between Joe Simms (ICANN) and Chrisopher Wilkinson of
the European Commission - Department for Information Society.

http://www.icannwatch.org/article.php?sid=554

Mr. Simms attempted to satisfy the european concerns by
offering them a board seat at ICANN.  It is our opinion that
this offer will fail.  ICANN is unable to provide the necessary
technical gurantees to the EU that the USG legacy root is free
from tampering.

To that end it is our intention to disclose evidence of a root
interception conducted by us on a root system formerly operated
by Diebold Inc. (NYSE - DBD) http://www.diebold.com/ on arpa
infrastructure owned by Planet Communications & Computing
Facility, a division of The dot.GOD Registry, Limited.

Diebold Inc. operated two root servers on behalf of the Open
Root Server Confederation.  Unfortunately they failed to get
our permission and when our contractual obligations to Diebold
ended we intentionally redirected their traffic to our site by
collapsing the root to a single point.

As a result of this action a number of internet users were
unable to surf the web until such time as they changed their
dns pointers.  Our logs show some of the organizations affected
by our action included the Ministry of Education for the
Grand-Duchy of Luxembourg, the University of California, and a
large ISP also located in California - zNET Internet Services.

It is our position that the USG is in a position to use the
same tools and proceedures deployed by us.  This means the
U.S. Government has the power to redirect internet traffic
using the legacy roots to proxy servers in order to effect
surveillance against approximately 70% of the internets user
population.

It is our position that governments, business and individuals
world wide can have their privacy rights violated without due
process.  This of course violates a number of EU privacy
regulations and directives.

To prove our point we will be releasing the logs of this
interception to members of the european, canadian and
australian parliament.  We are also making these logs available
to the press and other members of the public.

Unfortunately the logs contain user activity such as user names,
passwords and potential credit card transactions.  If you are
interested in getting a copy we will require a signed
non-disclosure agreement which is indexed at:

http://www.dot-god.com/communications/Diebold_Inc/ndc.html

I can also be reached at 1-705-741-3414 to answer your questions.

regards
Joe Baptista, Managing Director
The dot.GOD Registry, Limited
http://www.dot-god.com/


------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: