Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Popular Net anonymity service back-doored
From: Richard Stevens <mail () richardstevens de>
Date: Fri, 22 Aug 2003 00:35:13 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

first, let me make one thing clear, I think what happened is very bad. They 
should have done anything else but secretly bug their system. But your logic 
is seriously flawed.

German police have no jurisdiction in the US, for instance, just as the
US police have no jurisdiction in Germany -- apart from whatever
agreement Germany has made with the US regarding post-WWII treaties or
whatever.

Very unpleasant for sure but also higlhly irrelevant. The people running AN.ON 
are German entities operating under German laws being situated in Germany. 
They were the ones that received the court order so they had to do something. 
If there are international users or not is really highly irrelevant in this 
case. Nobody claimed that German police or courts had juristiction in the US. 

Still, I do not think anyone would be pleased if it was found that the
NSA backdoored a US product. How much moreso of a problem would this be
if local police backdoored a system such as this anonymity system?

Well, you can be sure, people are not pleased here, either. But do you really 
think if american police or better yet the FBI would demand some kind of 
tracking for an anonymizer in the US, they'd care about international users? 
Maybe the individuals operating the anonymizer would react better but I'd be 
surprised if american law enforcement agencies wouldn't use similar measures 
if they could by law (not sure about american laws). 

This kind of crime sends a message to would be hackers. It says that it
is okay to hack if the end is justified. Hackers, you may not have
jurisdiction in Germany, but if you are hacking pedophiles or Neo-Nazis,
they are law breakers, so your means must be okay. Do people really want
this? Can anyone really be trusted with this? Wouldn't they hit the
wrong people and make all sorts of bad mistakes for which they would not
be held accountable for?

Not really. It's not a crime. You can argue about the correctness of their 
decision to secretly implement this backdoor in an *anonymizer* instead of 
standing up and tearing the service down. But following a valid court order 
is not a crime. Even though I really don't like those laws but spying on 
people seems to be hip after the events of Septembre 11th. 

Regards,

Richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/RUkkCfA4EwqVdIQRAh7JAJ9Tgt7ZqhaQAuJ7eWt+bp0AlStjaACg7Hrc
W0PYxdAfEnCot0ORC2LlS+s=
=25Si
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]