Corante

About this Author
Ernest Miller Ernest Miller pursues research and writing on cyberlaw, intellectual property, and First Amendment issues. Mr. Miller attended the U.S. Naval Academy before attending Yale Law School, where he was president and co-founder of the Law and Technology Society, and founded the technology law and policy news site LawMeme. He is a fellow of the Information Society Project at Yale Law School. Ernest Miller's blog postings can also be found @
Copyfight
LawMeme

Listen to the weekly audio edition on IT Conversations:
The Importance Of ... Law and IT.

Feel free to contact me about articles, websites and etc. you think I may find of interest. I'm also available for consulting work and speaking engagements. Email: ernest.miller 8T gmail.com

Amazon Honor System Click Here to Pay Learn More

The Importance of...

Category Archives

July 04, 2005

May 16, 2005

June 02, 2004

Organized Crime to Take Over Spam?

Email This Entry

Posted by Ernest Miller

Brother Dana has a post worthy of much consideration this morning arguing that the anti-spam laws will drive spammers into the arms of organized crime (Spammer In A Can):

Within a year, I predict, the days of the individual spammer will be over. The days of the corporate spammer will be here. And the volumes of hard-to-trace spam that will result will dwarf anything we have seen to date.

This is worrisome not simply because the spam problem will continue but, because once organized crime has taken root, other opportunities for socially detrimental activities will increase. For example, I've often compared those who would game alternative compensations systems to spammers. The problem becomes worse if the spammers are part of organized crime. Of course, that is a single example ... there are many more nasty things that become possible with organized criminals manipulating our network.

For those interested in SPAM laws world wide, be sure to check out LawMeme's comprehensive coverage: LawMeme's Spam Archive.

Comments (2) + TrackBacks (0) | Category: Cybercrime

March 15, 2004

A Race the FBI Can't Win: The Increasingly Asymmetric Costs of Wiretap Surveillance vs. Wiretap Avoidance

Email This Entry

Posted by Ernest Miller

LawMeme briefly summarizes and collects a number of articles on several law enforcement agencies' (FBI, DOJ and DEA) recent petition to the FCC to expand government wiretap capability (FBI seek to expand the system-formerly-known-as-Carnivore).

C|Net News reports that the petition "aims to give police ready access to any form of Internet-based communications" (FBI adds to wiretap wish list):

Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.

That's just wonderful. And I suppose only the US government will have access to these backdoors?

The Washington Post (reg. req.) talks to one of the leading experts on wiretapping, CDT's James X. Dempsey (Easier Internet Wiretaps Sought):

But privacy and technology experts said the proposal is overly broad and raises serious privacy and business concerns. James X. Dempsey, executive director of the Center for Democracy & Technology, a public interest group, said the FBI is attempting to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary.
"The breadth of what they are asking for is a little breathtaking," Dempsey said. "The question is, how deeply should the government be able to control the design of the Internet? . . . If you want to bring the economy to a halt, put the FBI in charge of deploying new Internet and communications services."

Dempsey is right. The amount of intervention in technology development necessary for the FBI and DOJ to accomplish what they want with regard to wiretapping is enormous. The costs will be both direct (money out of consumer's pockets) and indirect (loss of innovation). However, that is only half the picture. Unfortunately for the FBI, the costs to defeat the wiretapping are relatively small and will continue to decrease. We have here an asymmetric situation that will only grow more asymmetric as time goes on.

The problem is with the underlying architecture of the internet. Advances in technology along with the end-to-end/layers principle mean that it will always be cheaper to add encryption to the edges of the network than to increase the amount of surveillance at the center of the network. How much does it cost to write an encrypted VoIP app? Not much. How much does it cost to build the surveillance mechanism and conduct the surveillance across all possible ISPs? A heck of a lot more.

Ok. Now that the first encrypted VoIP app is compromised ... how much will it cost to build another encrypted layer on top of the first one? How much will it cost to conduct surveillance on this new layer? Hmmmm, if this progression continues, as we add additional layers of encryption and surveillance, the costs will increasingly diverge. Not a game you can win ultimately. In fact, it doesn't make much sense to even start. The FBI should be happy with what they've got.

Nor should we forget how darn cheap computing is getting. I wish my first computer had the power of a Treo 600. How hard is it to write voice encryption software for Treos and all the follow-on smart phones? How hard will be to add additional layers to the communications stack especially given all the various options for communication being made available through ubiquitous grid-network wireless?

If I were the FBI, I wouldn't waste my time on a battle I ultimately couldn't win and instead would concentrate my efforts on the place where I could still achieve my goals - the ends. You want to know what someone is up to online? I would recommend, for example, key loggers, "real" spyware, and social engineering. It ain't gonna be easy, but you have a chance of winning in the long term. The sooner you quit a race you can't win, the faster you can enter a race where you have a chance.

Bonus FBI Inanity: Sunday, March 14th was the 54th birthday of the FBI's "Top Ten Most Wanted Fugitive List." What better way to celebrate than with a humorous quiz? For example,

5. What Bible-carrying female impersonator was captured in 1964 while working as "Bobo the Clown" with a traveling carnival?
ANSWER: Leslie Douglas Ashley. And for extra credit, Isaie Aldy Beausoleil [apparently another man] was arrested in 1953 dressed as a woman...acting v-e-r-y suspiciously in a Chicago ladies' restroom.
7. Who was arrested in Japan, extradited to the U.S., and in Honolulu presented FBI Agents--in all seriousness--with [sic] a Monopoly "Get Out of Jail Free" card?
ANSWER: James Robert Ringrose, arrested in 1967.
And this one is really a laugh riot, har-d-har-har:
4. What Top Ten terrorist who was apprehended in 1995 said at his trial in New York City, "I am a terrorist, and I am proud of it"?
ANSWER: Ramzi Ahmed Yousef, who masterminded the 1993 World Trade Center bombing in New York and planned the bombing of an American airplane in the Far East, an act that was prevented. Judge Kevin Thomas Duffy of Manhattan's Federal District Court called him "an apostle of evil [who] wanted to kill for the thrill of killing human beings."

Bonus FBI Inanity 2: A Strengthened Partnership to Protect Children: Name that Sexual Predator! - That's the real name for the page - no foolin'. Frankly, I am somewhat disturbed when law enforcement agencies turn child abuse into a game.

UPDATE

Brother Dana has some observations here: Following The Chinese Way

Comments (3) + TrackBacks (0) | Category: Civil Liberties | Cryptography | Cybercrime | Internet | Privacy | Security | WiFi

January 14, 2004

Bad Boys, Bad Boys, Watcha Gonna Do?

Email This Entry

Posted by Ernest Miller

If you are interested in digital crime, you are going to participate in or attend Yale Law School's Information Society Project's conference on cybercrime: Digital Cops in Virtual Environment - CyberCrime and Digital Law Enforcement Conference.

The Information Society Project at Yale Law School is pleased to announce its upcoming conference on Cybercrime and Digital Law Enforcement entitled: "Digital Cops in Virtual Environment," which will take place on March 26-28, 2004 at Yale Law School.
This ground-breaking conference will bring together policy makers, security experts, law enforcement personnel, social activists and academics to discuss the emerging phenomena of cybercrime and law enforcement. The conference will question both the efficacy of fighting cybercrime and the civil liberties implications arising from innovations in law enforcement methods of operation.
During this weekend-long conference, a distinguished group of experts will discuss how a shift to a digital environment: (1) changes the crime scene; (2) facilitates the commission of new types of crimes; (3) leads to radical changes in law enforcement methods; (4) equips law enforcement with new tools of surveillance, technological design and risk sorting systems; (5) presents challenges for the legal process; and (6) introduces new forms of social resistance through hacktivism and counter-surveillance.

Comments (0) + TrackBacks (0) | Category: Cybercrime | News