AOL Allows Dept. of Homeland Security to Spy On Millions of AOL Customers

http://www.freemarketnews.com/Feedback.asp?nid=361

HOMELAND SEC. SURVEIL ALL AOL FILES

Saturday, October 15, 2005 - FreeMarketNews.com

by staff reports
The U.S. Department of Commerce (DOC) claims America OnLine is providing the U.S. Department of Homeland Security (DHS) "unlimited surveillance" of their members, according to the London-based Financial Reporter newspaper. According to a recently released DOC report, "AOL works 'closely' with the DHS to supply information on any AOL customer. It reportedly allows agents from these entities 'free and unfettered' access to AOL Hq. at Dulles, Va. for the purpose of 'watching over and keeping surveillance' … on the millions of AOL customers."

The recent approval by Congress, of the Patriot Act extensions permitting "warrantless searches of persons and property," have apparently provided legal cover for this cooperation. And the Reporter notes, "hile information gleaned from delving into personal computer messages is supposed to be kept confidential, it appears that the DHS has exceeded their brief and obtained what appears to be strictly personal information which is then circulated to entities outside the DHS."

It also quotes the DOC report as stating that since "news of this surveillance has leaked out" it is "causing serious concern in the American and European business communities." However, the DHS has downplayed privacy concerns and claims companies are merely worried that their information will end up in the hands of competitors.

for quite a while.

Anybody who uses AOL is nuts.

My brother told me that AIM conversations can be viewed if they seem necessary. I'm just glad my family doesn't have Aol anymore. But there is no excuse for this though. Spying on people is just ridiculous. And of course we know they're probably spying on "left wing" people and such.

LICK ME AOL!

Does this include AIM!? If so, FUKU AIM!

I need to cancel Aol, ASAP! However, where do I go? I'm thinking Comcast, do they spy on their customers as well?

But a while back Comcast deleted Emails dealing with an anti-war ordeal going on. Rally or something. It was posted on BradBlog when it happened. I use Comcast but I use webbased Email with yahoo. I've never had any problems with them and for my internet explorer I use Mozilla.

Book a connection from phone company.
Book bandwidth from a local ISP.
Register a domain
Host your own mail server
Host your own DNS server
Use open source software

Freedom is available.

. . . do you host your own mail server and DNS server?

Sendmail takes five minutes to configure and zero maintenance, BIND, a little longer, and next to zero maintenance.

And there are alternatives to these. There's even alternatives to Linux (but not Windows--would you trust it?).

As long as you're using the internet for traffic, it can be intercepted regardless of whose mail server you use. They just dial your IP address (available from your ISP at any time, so a dynamic address provides no protection) into their giant packet sniffer (Eschelon) and, voila! They receive all the traffic you do.

Encryption that even they can't easily break.

Do you have any idea how many Terabytes the NSA has in its Sigint processors?

Why draw attention to yourself? Just assume that Michael Chertoff is in the room with you, and proceed accordingly.

that the NSA isn't going to be wasting their computer horsepower to read my encrypted e-mails. If they are, then they are wasting their money.

Also, GnuPG is not "commercial" encryption. It is a peer-reviewed open source product which is cutting edge encryption.

I work for a company developing information which is proprietary. Encryption is required to keep that info out of the general public's hands. I can't do my job without it.

If the NSA wants to waste time and money decrypting technical certification exams, let them do it. Maybe it'll end up being my way of throwing a small monkey wrench into their system.

it is just that they have super duper filters to ignore the stuff they deem as pointless. or not damaging. But do they store it just in case? sure. Memory's cheap.

If you think our PC or MAC based AI programs are nifty, imagine what 20 years, and 50 Brazilian dollars can do for your technology.

Their biggest problem is not that, but how to sort the terabytes of stuff they gather. we are talking entire libaries of material each day. Finding the thread that is key is the hard part.

Now as for encryption, yeah the commercial programs are great for, say, commercial issues, or keeping your child, your girlfriend's husband or your wife from finding out something. But NSA? yeah. right. hardly.

If you want true security, you meet in person, exchange one copy of a diagram, (a more advanced version of one time use keypad) and decide on which day which book or volume you will use. From there, sending an unbreakable message is easy, just timeconsuming and it must be done WITHOUT YOUR COMPUTER. (Heck, they now have a listening device that can read what is on your screen by its EM signature AND have programs that can figure out what you typed by the distinctive differences in the sounds your individual keys make. )

That diagram is your one time pad. You determine the frequency and a few other elements ahead of time. Then, you find the message you wish to send in a novel, dictionary, encyclopedia or even a cook book, and select the necessary words. then, assign - never mind. however, the beauty is that the message you send by email will not contain the actual message you wish to transmit. Instead, it provides your reader with a message which must be looked at as a vehicle transporting a series of letters to the recipient, and from those letters, it becomes the template for your fairly easy reconstruction of the message.
Although it can be done easier on computer, the minute you store that message or the template or the source, you risk losing all privacy.
There are some more sophisticated methods using JPG, HTLM and other methods that hide the template in the open, but totally unreadable to the feds.

NSA BACKDOOR IN EVERY MICROSOFT OPERATING SYSTEM

How NSA access was built into Windows
Careless mistake reveals subversion of Windows by NSA.

By Duncan Campbell

A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled. The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.

ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run crypographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do. Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.

A second key

Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY". Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without
users' knowledge. A third key?!

But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.

Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.

<snip>

That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers". "How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a 'back door' for NSA - making it orders of magnitude easier for the US government to access your computer?" he asked.

Can the loophole be turned round against the snoopers?

Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.

Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's _website_ (http://www.cryptonym.com/hottopics/msft-nsa/ReplaceNsaKey.zip) . According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."
http://www.heise.de/tp/r4/artikel/5/5263/1.html

There's no backdoors in any of the software I run. I can know that because source code is available for all of it and it is all peer-reviewed by the best in the business.

I knew this back in '84 when my first bill showed up and it was $150.

Spawn of Satan!

are senior citizens still getting used to the new-fangled innernets, barely sentient Bush supporters, and folks who are unable to cancel their accounts because AOL deliberately makes getting out of their sucky-ass service an escape trick worthy of Houdini himself.

No, AOL sucks.

I've been on AOL for ten years. While it is true that a lot of people have left AOL over the years as alternatives proliferated, it is also true that many professionals retain the service simply because they don't want to change e-mail addies. Some of our favorite liberal journalists, for example, retain AOL addresses.

And political polls on AOL generally reflect a left-leaning membership these days, whereas five years ago they were overwhelmingly skewed to the right. AOL's message boards used to be the playground of angry white young conservative men. Now one is more likely to see lefties smashing the right.

And gawd almighty, the place has a huge share of teenagers and college kids populating its chat rooms.

I'm not nutty about AOL. I just don't think it's what you say it is.

Until we needed to be able to get a VPN connection through AOL's "lightning fast" DSL service. Then, surprise! No can do. So I got an alternate DSL provider, and lo and behold, the speed is easily three times as fast- over the EXACT SAME lines, etc. And the cost was less.

So I go to cancel my AOL account over the phone, and after trying for an hour to cancel, they wouldn't let me- literally. I've had relationships with obsessive stalker women that were easier to end than my AOL account. Nuts.

I just think their service blows, from my experience.

...plus DSL from the phone company. The AOL BYO is fifteen bucks. The only reason I continue with an AOL account is because I've made a lot of friends there over the years. I use IE for browsing, usually.

AOL took money from my credit card illegally and now I'm involved in a class action lawsuit against them. I wouldn't use AOL if they gave me free service for the rest of my life because they would find a way to double charge me.

I'm sure other companies have similar deals with the government, but honestly, haven't we always known AOL blows?

It wasn't that great, anyway. Very overrated. But Michael Moore has an AOL e-mail address. Does he know about the HS spying?

Tammy

Ever since I got online back in '95 I've heard dozens of stories and complaints from users about lack of privacy that aol provides. I used them for the first couple of months and was horrifed by their service, and lack of customer support. I vowed never to use them again.