[NZLUG] Privacy server

Jim Cheetham jim at gonzul.net
Tue Jun 18 17:51:27 NZST 2013

On Jun 18, 2013 5:12 PM, "Volker Kuhlmann" <hidden at paradise.net.nz> wrote:
> On Tue 18 Jun 2013 16:09:31 NZST +1200, Jim Cheetham wrote:
> > > One major thought is that one should *expect to* receive subpoenas
> > > Police and GCSB within a day of the site going live, and be forced to
> > > install arbitrary backdoor logging and MITM software.
> >
> > And with a careful setup procedure and a reasonable level of
> > cross-checking, such an activity should be difficult to keep secret.
> Hmm, I expect those requests to come with a clause "you will keep quiet
> about this or we send you straight to jail". How do you plan to address
> that?

I am not aware of any such clause under NZ law; of course moving the
paranoia-meter to the far side is possible when formulating scenarios, but
the group needs to decide what practical response is needed.
There is currently a technical hack to the US gag-orders; just tweet every
day that you have not received any gag order; the moment you receive such
an order, you cease being able to make the tweet.
Of course 'they' would change their gag orders to clarify that you must
lie, instead of asking that you remain silent. But it's all a big unknown,
isn't it?

Trust has to be assigned to the people and suppliers involved in the
system; a good definition of exactly how much and how little trust is being
assigned is needed. At some point you have to trust that the motherboard
you purchased actually has the firmware/BIOS in it that you expected,
because you don't have the tools to verify it anyway (actually there are
some nice proof-of-concept attack BIOSs out there at the moment that
subvert the whole machine silently).

> Not keeping log files was permitted in the EU until relatively recently,

I'm not aware of any such legal requirement to keep log files, I'm not an
ISP or a communications provider and neither will this proposed server
group be; it will be a private service for a tightly-defined set of people.

> If NZ
> doesn't have rules about it (yet?) it would be a bonus for staying
> on-shore.

Being on-shore (either of them) means that we have a chance of finding out
when the rules change :-) before they bite anyone too hard. Shutting down
the service might be a valid approach some day, but not trying, now?

> In principle I am interested in such a service, and would support
> establishing the feasibility of it.

That's mostly what I'm asking at the moment, so thanks :-)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nzoss.org.nz/pipermail/nzlug/attachments/20130618/f9f28599/attachment-0001.html>

More information about the NZLUG mailing list