Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

“Bills S.436 and H.R. 1076, Their to protect the children!” No, it’s not and we know it fucktard

with 4 comments

Two bills have been introduced so far–S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled “Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act,” or Internet Safety Act.

Each contains the same language:

“A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.

” Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.) “Everyone has to keep such information,” says Albert Gidari, a partner at the Perkins Coie law firm in Seattle who specializes in this area of electronic privacy law.

The full story here

How many times must they try to pass this type of bill and language in it before they realize that it just won’t work? When also, will they really admit the truth about this as being not a method to prevent or prosecute “child porn” surfers, but to clamp down on EVERYONE’s privacy? This is just bogus and again shows just how little the Senate and House understands the technology and the processes around it.

First, lets talk about the fallacy of “protecting the children” This bill will not affect the saving of children from predators online whatsoever. Why?

1) Logging is reactive and not proactive.. You are just taking notes. Unless the system warns you that a child crime is being committed, then it’s too late and it’s already happened. Looking at a log only “may” help you in finding them, that is IF the user is not using a spoofed address or on a TOR router etc.

2) Logging must be audited.. Anyone in the senate going to sit and audit all those logs?… Didn’t think so.

3) The logging is only as good as the security of the AP or the internet provider. If the security processes and implementations are the suck, then the data from any logging is suspect. A log can be turned off, futzed with, or outright deleted by an attacker. This is not a foolproof solution.

4) The VAST majority of child porn cases that I have seen do not rely on router logs from home AP’s to track their targets. As well, if there is a DHCP pool that they are tracking, they get a warrant and the providers work with them to trap and trace the IP address. THAT is how they track these pervs and lock it down to a physical address.

5) I have only heard of ONE case where a perv had driven along in his car and performed “War Driving” to get on unencypted AP’s to surf his child porn needs

6) The WIFI encryption protocols are all subject to attack and compromise. To force all home users to save 2 years of log files is just ridiculous. WIFI is ephemeral and not the main point of ingress for the “child predator” You can today, knock off a mac address on an AP and assume that IP (mac spoof) and unless you find that physical wireless card, you have no fucking idea who the perp was and I doubt that we will have teams of feds out there DF’ing perps as they surf my WIFI sig.

7) Recently there have been a spate of AP vulnerabilities, unless you make the routers completely secure, any logs are suspect and not admissible in court. It’s a fallacy to think that this is a real fix to the issue of child porn or predatory behavior.

So, you also gonna try and enforce this on TOR routers? Seems to me a way to try and knock down the security and privacy of this type of system eh? Someone else perhaps involved in this bill? Putting the bug in their ears? Ya know, a three letter agency perhaps? This law would pretty much put the TOR routers in the US into an “illegal” space right? I mean after all the TOR routers deliberately don’t capture logs… Interesting no? You start making the world log their traffic, those pesky TOR routers will break that whole theory huh?

This is total NANNY STATE mentality to attack a problem that they really should try to attack in a smarter fashion rather than use the usual lazy drifnet approach. Just how do they intend on enforcing this too? Roving bands of newly minted federal employees with NETSTUMBLER? Or perhaps something more 1984? Say a system that ties into the internet providers that seeks out the end point routers and checks their security and logging? Perhaps a nice back door into the routers?

No, just fucking no.

I am so sick and tired of the gubment trying to get a lock on the technology problems without actually consulting the security folks out in the world. I am also tired of them thinking that they can just create bills that will “protect” us and it’ll all be good through legislation. It’s not and it never will be. You can’t protect us you shitheads, at least not without destroying our personal privacy altogether. So just stop now. You are wasting my money and your time.

Oh, and by the way, you can also give up any thoughts of taxing downloads or emails like you also have been talking about. Take the crack pipe out of your mouths and start really working on the problems that you can. Not this bullshit, you collectively aren’t qualified.


Written by Krypt3ia

2009/02/21 at 13:20

4 Responses

Subscribe to comments with RSS.

  1. They want to catch kids ‘sexting’. That’s what it’s really all about.

    My wifi is locked to outsiders.

    Sunfell

    2009/02/21 at 17:49

  2. Much to my chagrin I have to say that I agree with most of what you have written on Senate bill 436 and House Resolution 1076. But what you need to understand is that laws are NOT written to STOP crime. They are meant to curtail the amount of violators; in essence to keep the honest people honest, well mostly honest. I am a firm believer in the reality that a society/people ALLOW themselves to be governed and subject to the law. After all, with all of the laws out there saying it’s against the law to kill someone AND there being a Biblical 10 commandments thing against it, it hasn’t stopped.
    As a computer crimes investigator, not child porn, I whole heartedly believe that while these resolutions are not going to stop those who are intent on breaking the law they will make it a bit easier to follow up. They are a step in the right direction; we need some help and the ISPs are not giving it to us. Often times when I catch an identity theft case it is several months after the fact and the information that is needed is either non-existent or has been dumped.
    And unless you have been asleep in a cave in Siberia for the past several years you know that some silly little law or constitution is not going to stop a government that is intent on playing Big Brother and collecting every tiny bit of information on you. Anyway, I won’t get into how much I am against the governments intrusion into a person’s personal life, especially after the past several years.
    Cheers, Phenix

    Phenix Wanderlust

    2009/02/23 at 17:25

  3. Phenix,
    These laws aren’t going to stop crimes, and as you say, they’re a heavy-handed attempt by non-technical folk to put controls on a complex system they just don’t understand.

    Laws – by their nature – are supposed to provide a set of guidelines for members of a society to live together with a minimum of social friction, and to provide a consistent framework describing how that society will respond to violations of the guidelines. These don’t do anything to achieve that goal. These measures are all about control. They’re about ruling

    The problem here arises from the philosophy behind it. There comes a point in many societies where the xxxx-archs at the top (in our case, the oligarchs*) lose their grip and start making more, and more draconian rules in order to maintain that grip.

    It is clear that the oligarchs are feeling way out of their depth. The intarweb has gone out of their control, and they’re desperate to get it back. They don’t realize that these measures won’t help, and in fact probably aren’t even possible and they are going to claw, desperately, at this thing that they want a grip on until they either mangle it or choke it into unusability.

    And both parties will probably sign on with great enthusiasm.

    *from oli- meaning “fat” as in “fat b@$%@rd’s”

    Xaetognath

    2009/02/24 at 01:10

  4. Unfortunately, as Xaeto points out, these laws will mean nothing except to create a means to control that which they have no control over now. It will not prevent any crime, nor I think, will it actually lead to consistent means to track and capture the criminals who dare to break the “law”

    Having also performed digital forensics, I know how important a log can be, but, it is just untenable to think that end users will keep their logs at all. Never mind the idea that it will be mandated by a “law” to do so for the general populace.

    ISP’s I can see the desire and need for logging of traffic. However, this is another issue and perhaps legislation on that should be their only focus. If they want to make the ISP’s the locus for auditing and keeping logs, then they should make it a law or sweeten the pot for them to want to do it. Otherwise, it’s too big a proposition to keep and back up all those logs.

    Of course then it goes back to the open AP’s or popped networks as being the ingress for “interlopers” and all the logging in the world will mean dick.

    It’s a losing proposition and only really affects the non technical in infringing on their rights as they surf whatever they desire on the internet. But, gee, as I see it the NSA already has that all sewn up eh?

    crabbyolbastard

    2009/02/24 at 01:26


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: