[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [atlarge-discuss] Pay Attention! Patriot Act and how it may effect you..

I hope George Orwell is turning over in his grave....

Sincerely,
 
Jeff Holt
Jefftttt@txucom.net
www.tejas-info-services.com
 
 
-----Original Message-----
From: Jeff Williams [mailto:jwkckid1@ix.netcom.com] 
Sent: Sunday, July 13, 2003 1:06 AM
To: atlarge discuss list
Subject: [atlarge-discuss] Pay Attention! Patriot Act and how it may
effect you..

All fellow members,

  As a duty to all members here US and non-US citizens alike,
the following will likely be effecting each of you.

==================================================

 M. E. KABAY ON SECURITY
07/10/03
Focus:  USA PATRIOT Act and you, Part 1

* How the USA PATRIOT Act may affect you
* Links related to Security
* Featured ecitizen resource

_______________________________________________________________

Attend the Black Hat Briefings & Training, July 28 - 31 in Las
Vegas, the world's premier technical IT security event! 10
tracks, 15 training sessions, 1,800 delegates from 30 nations
including all of the top experts, from CSOs to "underground"
security specialists.  See for yourself what the buzz is all
about!
http://www.fattail.com/redir/redirect.asp?CID=30511
_______________________________________________________________

Today's focus:  USA PATRIOT Act and you, Part 1

By M. E. Kabay

In this short series of articles, I will look at some of the
implications of the "Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct
Terrorism Act of 2001" (USA PATRIOT Act, or USAPA) for network
administrators.

The bulk of this brief summary is based on the excellent,
detailed analysis of the law provided by the Electronic Privacy
Information Center (EPIC) in its extensive report on specific
issues in this unprecedented set of changes in the powers of
search and seizure granted to law enforcement agencies (LEA) in
the U.S.

The USAPA consists largely of amendments to existing laws. In
particular, network administrators should be aware that the
basis for granting judicial warrants authorizing LEAs to
intercept voice and data communications - including electronic
mail and Internet usage data - has been greatly expanded.

Specifically, existing legislation (the Wiretap Statute, Title
III) already allowed easy authorization of "tap and trace"
installations on voice and data networks to intercept phone
numbers (the numbers, note - not the conversations or data
transfers) helpful in determining the physical location of
suspects. I write "easy authorization" because such warrants do
not require showing probable cause that an individual or group
of people were involved in specific named crimes. An officer of
a LEA simply affirms under oath that such a wiretap would be
useful in an investigation.

The low standard of proof made perfect sense when Title III
governed disclosure of phone numbers and only phone numbers.
However, USAPA has changed the nature of the information that
can be gathered without changing the nature of the process
through which a warrant is obtained. Specifically, the changes
to Title III authorized by USAPA now include all forms of data
related to Internet communications. EPIC writes, "The full
impact of this expansion of coverage is difficult to assess, as
the statutory definitions are vague with respect to the types of
information that can be captured and are subject to broad
interpretations. The fact that the provision prohibits the
capture of "content" does not adequately take into account the
unique nature of information captured electronically, which
contains data far more revealing than phone numbers, such as
URLs generated while using the Web (which often contain a great
deal of information that cannot in any way be analogized to a
telephone number)."

Network administrators will have to think about the implications
of this change. Under the simple assertion of interest because
of an investigation and entirely without having to show any
evidence whatsoever that there is a substantive basis for
probable cause to grant this breach of privacy, a representative
of a LEA can demand access to the full flow of information
moving through your Internet equipment. I suggest that you
discuss this issue with your corporate attorneys to be sure that
you understand exactly how you will have to respond to LEA
officials if they show up at your door with a warrant issued as
a result of Title III changes authorized by the USAPA.

RELATED EDITORIAL LINKS

Full text of the USAPA
http://www.epic.org/privacy/terrorism/hr3162.html

Full text of the USAPA (PDF version)
http://www.epic.org/privacy/terrorism/hr3162.pdf

EPIC Analysis of USAPA
http://www.epic.org/privacy/terrorism/usapatriot/

EFF Analysis Of The Provisions Of The USA PATRIOT Act That
Relate To Online Activities
http://www.nwfusion.com/go2/0170sec2a.html


Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
    Pierre Abelard
===============================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801

---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de




---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de