Update: Some have all ready expressed disgust with my posting, that too much about recent events have been posted, that this is too off-topic for the Monastary, that this is in bad taste. Perhaps this is true. Reap away if this is the will of the monks. I mean no ill will, and value everyone's opinion on this matter. For those who are offended, I offer my most sincere apologies and regrets. Yet my motivation behind posting this is not blunted as I believe the pending legislation will impact us all if passed without careful consideration.
NOTE: This node is a "call-to-arms" regarding current legislation passing through Congress. These I perceive as knee-jerk reactions to 11 September. As always, YMMV. Regardless of an individual's stand on these issues, all I ask of anyone ( especially those residing in the US ) is to remain aware ... consequences can come back to bite in the most unpredictable ways ... Some of the content herein is fact, other is opinion. I admit I am emotional about this topic - wanting justice on one hand and protecting liberties on the other.
For the non-US monks, this legislation can impact you, too. International espianage will increase, and the resources you access in the US will fall under this legislation. Not to mention what your local governments and th EU may propose. We're citizens of the world, and what happens in one country likely impacts all the others - and don't forget the Monastary resides in the US.
UPDATE: I will be adding links and useful quotes as time passes. Please check back periodically. Also, whether or not you agree with my opinion, please post replies on your point of view. If I'm wrong or misinformed on a point, call me on it. Don't just ++ or --, please.
"We know that when countries give up liberties, they make sacrifices,
not trade-offs, and what is lost may never be recovered. In the days
ahead, let us move forward together to safeguard that which is most
precious -- a system of government, the rule of law, and the principle
of freedom that seeks to protect the rights of each person and the
security of us all."
-- Marc Rotenberg
Electronic Privacy Information Center
Abstract
In response to the terrorist attacks on 11 September, the United States Government is considering legislation to combat terrorism and the foreign states that may provide resources to such groups. Some of the pending legislation contains riders which may impact personal liberties within the United States.
The Meat, as it were
At the end of this, you'll find lot's 'o fine links to additional information regarding this topic of anti-terrorism. I'm just gonna add a few $0.02 USD ...
As if we fine monks did not have enough stuff to rally against, what with the
SSSCA
and
Dmitry Sklyarov, etc.,
and the obvious attacks on 11 September, the US government has given us the ATA ( see the link below ), the Anti-Terrorism Act of 2001. While I believe the government is acting in what it considers "America's best interests", the ramifications of this bill are far reaching.
Wiretaps will be far easier for the government to acquire. The govt will be able to intercept private emails; conduct secret searches; access banking, credit, and other records - much of this without judicial review or review after the fact ( in some cases 48 hours after the fact ); & indefinite detention of foreign nationals without trial.
Potential other consequences are government key escrow/encryption back-door capabilities, national identification system with such personal information as fingerprints, photos, and DNA samples ( though I do not believe the ID system has been brought before committee ... a big raspberry to
Larry Ellison
), video survelliance and face recognition, expansion of Carnivore and similar mechanisms, and racial profiling.
The most absurd thing I've heard yet, tho, is the idea of making "hackers, virus writers, and web-site defacers" terrorists. This status change would mean possible sentencing of life in prison without the possibility of parole.
"The ATA includes provisions that dramatically increase the penalties for acts that have no apparent relationship to terrorism. For instance, the bill would add low-level computer intrusion, already a crime under other laws, to the list of "federal terrorism offenses," creating penalties of up to life imprisonment, adding broad pre-conviction asset seizure powers and serious criminal threats to those who "materially assist" or "harbor" individuals suspected of causing minimal damage to networked computers."
--
EFF press release
I have three basic problems with this:
-
The punishment for such graffiti and damaging annoyances is vastly improportional ( or is it inproportional? Anti-? Non-? ) to the act itself. A man I went to school with died trying to save a family of four in an arson-caused fire ( he was a volunteer fire-fighter ). The individual convicted in the five deaths was released from prison only four months ago after serving eight years of a 25 year sentence. Yet a script kiddie who jacks with some html can go away for the remainder of his or her life. This is ridiculous.
-
I work in information security. Running "hacking" tools like
nmap,
Pinger,
SATAN,
or devising/testing exploits against my own devices ( or those of companies wishing to connect to my employer's network for business purposes ) to evaluate their relative security would, as I read it under the pending legislation, make my actions criminal and subject to this law. This would take my role from a pro-active one to a reactive model, leaving the door open for Nimda-like trojans/viruses to get a leg up on me and the rest of the information security world within and/or subject to United States law. This would seem counter to the intention of the legislation, leaving US IT resources more vulnerable to data terrorism, as it were.
-
In theory, as I read the legislation and imagine it's possible application in the read world, were a terrorist ( including the folks listed above ) to approach the Monastary unbeknownst to the monks herein, asking for and receiving technical assistance with code ultimately used in what the government considers "a terrorist act", monks could be considered accessories, albeit unknowing accessories. While this may seem far-fetched, please note
the application of Oregon's Computer Crime Law. While actually being arrested and prosecuted is unlikely, it could, at least, cause substantial legal fees simply by subpoena. Yet ...
Maybe I'm overly paranoid. Maybe I'm over reacting. Maybe I'm even wrong. But I am certainly amazed by the number of people who have no idea of what is occurring in Washington right now. Luckily, I'm in Michigan with a Congressional delegation kind of keen on personal liberties and so far seem to have resisted the prevailing tide from the White House (
Representative John Conyers, Jr, Democrat from Michigan's 14th District, being an outspoken critic of the current pending legislation ).
For those who think this is a worst case scenario, let us not forget the Japanese internment camps during WWII, the McCarthy hearings, and other less-than-savory actions the US government has perpetrated in the past. If this and similar legislation comes into play, we may never get them reversed.
"Just as this horrendous act can destroy us from without, it can also
destroy us from within. Pearl Harbor led to internment camps of
Japanese-Americans, and today there is a very real danger that this
tragedy could result in prejudice, discrimination, and crimes of hate
against Arab-Americans and others. The lesson Oklahoma City taught us
was the perpetrators of these acts of terror can be evil men of every
race, nationality and religion as are the victims. We must ensure that
these acts of terror do not slowly and subversively destroy the
foundation of our democracy: a commitment to equal rights and equal
protection."
--Congressman John Conyers (D-MI)
http://www.house.gov/conyers/pr091201.htm
The moral of the story is _BE_ _AWARE_!. Contact your Congress-people and let them know your feelings, pro- or anti-. The worst thing any of us can be, now especially, is ignorant. Read the news. Ask questions. Make your opinion known. Vote.
Several news sources have sited government officials admitting the proposed measures, including the increased airport and border security, would not necessarily have prevented the attacks on New York, Washington, and Pennsylvania. I'm having dificulty finding the aricles, but when I do I'll post them.
UPDATE:
Aside from the legal questions, it is unclear how effective these forms of electronic surveillance may prove to be. For example, while some electronic information about the Sept. 11 terrorists has come to light via computer searches and video records, it is not known whether increased digital tracking would have helped head off the plot, since so few of the terrorists had come to the attention of the Central Intelligence Agency before the attacks. --
New York Times, Living Under an Electronic Eye, By LISA GUERNSEY, September 27, 2001
If this is indeed the case, then why are we running headlong down this road? It's like my father says, "If someone wants to do something bad enough, they will find a way". And, please note that I have yet to hear a credible reason from the Federal Government as to the causes of this. Geo. W. Bush's canned attack on freedom sounds weak to me, some patriotic propaganda perhaps. Ah, well ...
Some of my friends have accused me of not supporting the administration regarding all of this, of being unpatriotic. But I have two children. The last thing I want is something to happen to them. And I live just two blocks outside of Detroit proper, a fine target if there ever was one. We have three access points to Canada within an hour of each other. The Big Three automakers are all here, as are a majority of their suppliers. We have a large portion of America's manufacturing capability. We possess a large IT community as a result. If the terrorists are actually of Arab descent ( of which I have yet so see hard evidence - remember Oklahoma City? I lived there, too ... at Council and the Northwest Expressway ) , we have one of the largest ( though I want to point out HIGHLY PATRIOTIC ) Arab-American and Muslim-American communities in the US for them to hide among. If the US and it's allies actually do launch a "sustained effort" or war against terrorism, Detroit becomes a prime target for terrorist attack. I _want_ to be and feel safe. But not at any cost. Our children will live with the legacy we leave them. I just want it to be measured and thoughful.
For More Information
YMMV
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.
|
Re: (OT) Pending Anti-Terrorism Legislation in the US could impact us all
by Dragonfly (Priest) on Oct 01, 2001 at 02:32 UTC
|
First of all, idnopheq, thank you for the post. I know some people are probably telling you that it wasn't appropriate, but I believe you raised some points that are important to consider.
I personally believe that, here in the USA as well as in other nations, civil liberties will be greatly affected by legislation, and the frightening part is that this act is probably going to take effect quite quickly due to the current groundswell of bipartisan "Anti-Terrorist" support.
While I certainly do think that there is a need for significant change in our domestic and international policy, this particular act is far-overreaching, and as you say, I agree that it will affect us here at PerlMonks.
We all saw what happened with Merlyn's case, and how easy it is for large corporations to misinterpret roles and responsibilities, and to lie in court to make themselves appear vigilant; imagine if this power is extended to large branches of national government. While I agree that virus authors, credit-card hackers, and 15-year-old stock market manipulators are committing crimes when they wreak havoc upon our networks, I personally think that the punishment should match the crime, and that life in prison without possibility of parole is a high price to pay for the majority of these acts.
The Anti-Terrorism Act is a high price to pay, as well; and we're going to pay with our civil liberties. If we can't get strong encryption without a backdoor, or test our networks for security problems without fear of being prosecuted, we are going to have serious trouble meeting our responsibilities as systems architects and administrators. Please, before the reflexive patriotic downvoting of idnopheq's post, think about how these things might affect you, and affect your ability to continue working in your chosen field. | [reply] |
Re: (OT) Pending Anti-Terrorism Legislation in the US could impact us all
by Masem (Monsignor) on Oct 01, 2001 at 04:10 UTC
|
I do agree that if you haven't contacted your congresspeople, now is the time; the ACLU makes it very easy to do this with this link.
That said, it should be pointed out that numerous congresspeople have pointed out that the White House's proposed legislation is way over the top. Leahy has introduced a second bill that basically is more reasonable; it updates such issues such as wiretapping on a person, not just a specific device, but does not include many of the questionable suggestions, such as deterring immigrates indefinitely. I very much doubt the WH version will pass without significant changes.
The other issue is the computer acts as terrorism part. You need to refer to Section 1030 of the US Code, and specifically look at parts (a)(1), (a)(4), (a)(5)(A), and (a)(7). While IANAL, the only one that the occasional 'nmap' or similar tool could be considered as a terrorist weapon is (a)(4), and that's only if the nmap or other tool is used further to suck data off the end computer. Most of those specific parts of the code are , IMO, true 'cracker' crimes, and deserve any increase in punishment (eg, this could easily apply to people like script kiddies or virus writers). Mind you, if I was to use nmap on a system that I don't directly control, or other similar tools, I would check with the the end user and make sure that they are ok to be simply scanned.
-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com
||
"You've left the lens cap of your mind on again, Pinky" - The Brain
It's not what you know, but knowing how to find it if you don't know that's important
| [reply] |
|
|
THX for pointing these out ... for the nmap section, I did not mean to imply I perform such actions without the knowledge of the external entities. Yet my interpretation of the law makes no distinction between using such tools in a professional capacity versus in a terrorist capacity. But I'll re-read it when I get into work this morning EDT.
Who was that guy in Tulsa (?) who found a hole in someone's web server, nabbed some data to prove the problem, notified the site of their security issue, and was arrested? While I do not agree with the data theft or having performed such actions without the knowledge of the site itself, could one argue that finding open ports, software versions, etc. on a remote machine acquiring "data"? I'm no legal eagle, and I've asked my employer's legal department read the legislation and tell me how it may impact my day-to-day activities.
I guess my concern here is having to prove one adhered to the law. It seems easy under this section to have a "Salem Witch Hunt" kind of scenario, moving the burden of proof back to the defendent. And, only time will tell how policing agencies enforce it and how the judicial interprets it.
THX
YMMV
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.
| [reply] |
|
|
I believe you're thinking of Brian West vs a newspaper. Slashdot has a followup here and here. The end result was that while he did find a hole, he did a lot more than he claimed based on server and ISP logs than just confirm it; he grabbed info from their servers, modified several pages, etc. Most agree that when West told his story to various online outlets, he was trying to drum up sympathy akin to other cases (DeCSS, Adobe). However, it failed miserably once the details were released.
What should be pointed out is that Section 1030 as pertaining to computer crime is still valid; if there *are* problems with using a tool like nmap on a system to begin with, then theorhetically, that's already illegal, but I've yet to hear anyone prosecuted for just doing an nmap or the like. It's just that the more 'cracker'-like crimes are going to get stiffer penalities, including up to the same terms as terrorists acts.
-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com
||
"You've left the lens cap of your mind on again, Pinky" - The Brain
It's not what you know, but knowing how to find it if you don't know that's important
| [reply] |
Re: (OT) Pending Anti-Terrorism Legislation in the US could impact us all
by srawls (Friar) on Oct 01, 2001 at 03:29 UTC
|
Before I begin, let me state that I am very patriotic, and it is because of that I write what I do:
Maybe I'm overly paranoid. Maybe I'm over reacting. Maybe I'm even wrong. But I am certainly amazed by the number of people who have no idea of what is occurring in Washington right now.
Over reacting ... of course not. It was Benjamin Franklin (one of our founding fathers) who said: "He who would give up essential liberty for some temperary safety deserves niether liberty nor safety." This is why I am very wary of any piece of law that would somehow allow the government to conduct themselves without evidence that would withstand in court. Also, about the computer crimes: When I saw on slashdot that this was true, I almost didn't believe it. I think this is wrong and the punishment certainly does not fit the crime ... indeed, we already have laws against such acts of 'cracking,' why change them now?
I have yet to hear a credible reason from the Federal Government as to the causes of this. Geo. W. Bush's canned attack on freedom sounds weak to me, some patriotic propaganda. Ah, well ...
Patriotic propaganda? No, mabey overly idealistic, but I like it. Certainly, the reason these terrorist hate us so much is not because of us, but our ideals, our beliefs ... our freedoms. So, in a sense, it was an attack on freedom.
The 15 year old, sophmore programmer,
Stephen Rawls | [reply] |
Re: (OT) Pending Anti-Terrorism Legislation in the US could impact us all
by Nitsuj (Hermit) on Oct 01, 2001 at 10:02 UTC
|
My bad
I should not have put it up for consideration since it is well written and all, perhaps, but I've just read SOO MUCH about the WTC attack lately... much of which isn't really pertainent to the board on which it is posted.
I feel EXACTLY as you do on this subject, and I enjoyed the post and your points of view... I just would rather have seen it on a board like k5 than perlmonks though. It's nothing personal against you or your opinions... as I have said, I agree. I'm just really interested in being able to read about perl at perlmonks again, tech at /., and tech n culture at k5 (and everybody complains when a post isn't about the WTC at k5 these days, so it seems best there).
In other perl related news, I'm thinking of putting up a site JUST for this sort of discussion on free web space I have. Not because I'm ESPECIALLY interested in it, but because while I would like to see postings about it, I would REALLY like to be able to return to normalcy elsewhere.
Again, just a suggestion, please don't take it harshly.
Just Another Perl Backpacker | [reply] |
| A reply falls below the community's threshold of quality. You may see it by logging in. |
|
|
