| eon on Mon, 25 Jun 2001 21:24:11 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [Nettime-bold] FBI Subpoena Targets Name.Space "LokMail" Users |
False Sense of Security: Who's Watching the Watchman? FBI Subpoenas Lok Technology over Name.Space "LokMail" Users New York, June 25, 2001 Privacy and security based technology is only as good as those humans who you trust to administer it. With a growing number of web based encrypted email services now available, individuals need to be aware of who's behind the so-called 'secure' or 'private' mail services. Users can easily be lulled into a false sense of security by using encrypted email, not knowing that their traffic may be monitored by the FBI. Even if the contents of messages are encrypted, the sender and recipient are 'in the clear' and recorded in the mail server's transaction logs. Email surveillance is not necessarily about the contents of the messages so much as who sends email to whom, when, how often, etc. Encryption can not mask the exchange of messages between parties, only its contents. ----illustration----- Example of maillog transaction log showing 'traffic' between "someone@somewhere.online" and "someone.else@anotherplace.online": Jun 25 02:19:31 server sendmail[16910]: CAA16910: from=<someone@somewhere.online>, size=265, class=0, pri=30265, nrcpts=1, msgid=<Pine.NEB.4.05.10106250219160.16907-100000@mail.server.somewhere>, proto=ESMTP, relay=localhost [127.0.0.1] Jun 25 02:19:31 server sendmail[16912]: CAA16910: to=<someone.else@anotherplace.online>, ctladdr=<someone@somewhere.online> (1001/1000), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, relay=mail.info.war. [209.48.2.38], stat=Sent (CAA15362 Message accepted for delivery ---------------------- One such provider of an encrypted webmail service is Name.Space, who launched the "LokMail" brand of secure webmail, along with its inventor, Simon Lok, back in 1999, the first web mail solution to use PGP (Pretty Good Privacy) strong encryption. To its users, Name.Space has pledged a strict privacy policy, that logs and data on its servers are not disclosed, sold, or otherwise made available to any third parties, and that law enforcement must use due process to gain access to data. Large corporations such as Disney have come out publicly against Name.Space because of its strict privacy policies. Now, Name.Space is confronted with a situation where it needs to take measures to enforce that policy, which may have been breached several weeks ago by one of its contractors. It has been learned that the FBI has allegedly served a subpoena on LokTechnology, (the owners of the 'lokmail.net' domain, and who provide the "LokMail" technology to a server owned by Name.Space), possibly to monitor the mail traffic on the server. The problem is, Lok Technology does not own the server or the users that are named on the subpoena, Name.Space does. Lok Technology only controlls the domain name 'lokmail.net', that presently directs traffic to the server owned by Name.Space. During the weekend of April 27, 2001 Simon Lok, author of the "LokMail" encrypted web-based email software, dialed in to the Name.Space internal network in order to access the LokMail server owned and operated by Name.Space. He then proceeded to compress selected email traffic logs, and transfer them to his computer at Columbia University. The transfer was discovered in progress by Paul Garrin, when he noticed extremely high bandwidth utilization on the Name.Space network monitor. At first it looked like a 'flood', a typical 'denial of service' attack. Paul opened a control connection to the LokMail server and displayed the active processes, showing that user 'simon' was logged in and an 'sftp' transfer was in progress to an IP address located at Columbia U. Upon closer examination it was discovered that the file consisted of mail traffic logs from the weekend of April 20, 2001, the time of the FTAA demonstrations in Quebec City, Canada. "Strange, I thought" said Paul Garrin when he wondered what the purpose was for downloading such a huge amount of data, which was incidentally clogging up the T1 line and slowing down traffic to other sites hosted on the network. Immediately it seemed that something was wrong, especially since Simon was not scheduled to do any maintenance or emergency repairs to the server, and he was not authorized to download transaction logs that contain the senders and recipients of the mail sent to and from the server. "I took immediate action to stop the transfer" Garrin said, "and proceeded to terminate Simon's login session and change the password". A short while later, as server logs indicate, Simon made several attempts to reconnect to the network but was refused as the password had been changed by Paul. "I expected that if what Simon was doing was important, he would have contacted me about regaining access to the server, but since he never said a word, although as the logs show, he made several attempts to re-establish his connection, I thought it was even more strange" Garrin said. Apparently Simon gave up, accepting only a portion of the download that may have made it to his computer, and walked away quietly, never mentioning anything about his access being terminated. "I was surprised since Simon and I seemingly had mutually strong convictions toward protecting the users' privacy, a passion we shared that led us both to collaborate on building a system that we could trust and that users could trust, the project that became known as 'LokMail'. It baffled me to think or even to imagine that Simon would be capable of violating that trust that we worked so hard to build and to extend to users by offering strong encryption over the web, for free". It especially hit hard because Name.Space, and Lok Technology, a recently funded venture co-founded by Lok and Garrin, were in the process of negotiations for upgrading the users on the Name.Space owned and operated LokMail v1 server, to the new system, owned by Lok Technology. One of the key concerns for Garrin was that the users be notified of the change in policy that would come along with retaining the "@lokmail.net" address, since the "lokmail.net" would transition to the new server owned by Lok Technology, likely under a different privacy policy. The incident with the maillogs from the weekend of April 20 cast a spectre over the deal because it was clear that whatever policy Lok Technology would publish may be dubious at best, especially if Simon had downloaded the mail logs with the intent of ascertaining the traffic on the lokmail server from the April 20th weekend, possibly to hand over to the FBI. On Wednesday, June 22 Jostein Algroy, Name.Space COO presented Lok Technology with Name.Space's business proposal, which contained an outline for the transition of the domain 'lokmail.net' back to Lok Technology, so they could direct the traffic to their new server, once the Name.Space users had been notified of the changes in service and policies that accompanied keeping their "@lokmail.net" email address. It asked that Lok Technology supply a copy of their privacy policy for review by the Name.Space users so they could decide whether to sign on with Lok Technology and keep their "@lokmail.net" addresses, or to stay on the Name.Space operated server under a different domain, with the same strict privacy policy Name.Space offers, under which users originally signed up. The response from Lok Technology's John Miller was: "Lok Technology has no interest in pursuing a business relationship with Name.Space". Following that was a message stating that the DNS mapping for 'lokmail.net' will be re-directed to the new Lok Technology server in a few days, totally cutting off service to the Name.Space owned server that has responded to the "lokmail.net" domain since 1999. Simon Lok then chimed in with an email touting the solution as "just send me the list of usernames on the machine and we'll forward them back to the v1.server". Garrin responded that Simon's solution was unacceptable-- and for good reason: by channeling the v1 usernames through the new servers owned by Lok Technology, the traffic logs are written on the Lok Technology owned servers, giving them ongoing surveillance capabilities on the v1 server's users without having to get them from Name.Space! That's the same type of info that was contained in the mail server logs that Simon attempted to download in April, except in this case he wouldn't NEED the access to the Name.Space owned server because the logs would naturally end up on HIS system if he fowarded the mail for the users on the v1 system. In addition, the full list of usernames would no longer be confidential should they be handed over to Lok. "When I found out that the FBI had served Lok Technology a subpoena, it all began to make sense to me", Garrin said, drawing a parallel to the Seattle Indy Media Center's encounter with the FBI regarding alleged posting of information stolen from a Canadian Police car during the FTAA protests in Quebec City. "The only problem in this case is, they served it to the wrong people, since Name.Space owns the server and the users accounts on it, Not Lok Technology." The Seattle IMC is currently fighting a court order that asks it to turn over server logs for a period during the FTAA protests, the weekend of April 20, 2001. The court order was prompted by the following two posts: http://montreal.indymedia.org/front.php3?article_id=514 http://montreal.indymedia.org/front.php3?article_id=515 Two people were arrested in Quebec charged with mischief and theft, Martin D'anjou and Patrick Blanger, who are set to go to trial in September. It's not known whether or not the subpoena issued to Lok Technology is related to the arrests in Quebec, or if it is meant to find out about any anti-globalization activists who may have accounts on the LokMail server. Paul said that he doesn't blame Simon if he got scared and acted irrationally when the FBI reached out to him, especially because Simon's PhD scholarship depends on the security clearance he holds, with his research work sponsored by the US Navy. Loss of his clearance could mean the end to his PhD, something that Simon is unlikely to risk should that be the case if he didn't help the FBI with what they want. "I really hope for his sake that he didn't do anything improper or illegal", Paul said. When confronted with his attempted download of the mail logs, Simon denied that he was taking the data to hand it to the FBI, and instead claimed that he wanted to analyze it to see how much bandwidth was being consumed by the mail traffic on the server, an explaination that Garrin met with skepticism. Garrin states that Name.Space will comply if served with a subpoena, provided that proper due process is followed, and cause is shown. "What I won't do", Garrin said, "is allow our users to believe that their traffic data is safe when indeed it's in fact being recorded beyond our network and our control, which would be the case if Lok Technology forwards the mail through their system". There's no telling who will get access to our users' email transaction data, or whether Lok Technology will protect that data to the degree that Name.Space does, to the fullest extent of the law. "Recent events call this into question and I'm not prepared to leave anything to chance at this moment" Garrin concluded, "and I will err on the side of caution, until all the facts are in". --end _______________________________________________ Nettime-bold mailing list Nettime-bold@nettime.org http://www.nettime.org/cgi-bin/mailman/listinfo/nettime-bold