Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
News Your Rights Online

Cryptome Log Subpoenaed 536

PaulBu writes "Stopped by on Cryptome tonight... It seems that their logs have been subpoenaed by Massachusetts Assistant Attorney General Chief, Corruption, Fruad (sic) & Computer Crime Division. Cryptome's answer was that "logs of Cryptome are deleted daily, or more often during heavy traffic, to protect the privacy of visitors to the site." (Good job!) See here"
This discussion has been archived. No new comments can be posted.

Cryptome Log Subpoenaed

Comments Filter:
  • by Qzukk ( 229616 ) on Tuesday January 07, 2003 @10:17AM (#5032537) Journal
    Looks like they're going to be doing a lot of deleting now ;)
  • Prediction (Score:5, Insightful)

    by lightspawn ( 155347 ) on Tuesday January 07, 2003 @10:18AM (#5032541) Homepage
    Coming soon: legislation requiring access to any U.S. hosted site to be logged and stored for at least 72 hours.
    • by Anonymous Coward on Tuesday January 07, 2003 @10:37AM (#5032665)
      You mean like this [slashdot.org]?
    • I wouldn't be surprised to see that in the US.
      • The government would like to do that, and have tried to get the ability into law for some time. Such powers as they have come from the Regulation of Investigatory Powers Act and its brethren. However, in spite of widespread worry when that particular Act was passed, nothing much has come of it, mostly because the ISPs turned around en masse and told the government where to go and just how practical it was(n't) to keep all the records they were supposed to have on the terms they were supposed to have them.

        We do have problems with Internet-related law in this country, with ISPs being in danger of having no tenable legal position one way or another, but fortunately, thus far the sort of harm we're talking about here has yet to materialise.

    • I'm cool with the government letting me write off the 2400 bucks for logging disks :D
    • Re:Prediction (Score:5, Interesting)

      by Tackhead ( 54550 ) on Tuesday January 07, 2003 @12:51PM (#5033813)
      > Coming soon: legislation requiring access to any U.S. hosted site to be logged and stored for at least 72 hours.

      Why bother? Pass legislation that requires ISPs log all traffic instead. They're more likely to comply with such a law (and unlike most laws, such as the anti-spamming and anti-telemarketing laws, this is a law where the Government does want compliance!) than end users.

      Better yet - why burden the ISP with the added expenses (and bad PR!) of logkeeping at all? This solution would require no new laws; it'd merely have HomeSec allocate a portion of its budget to install a packet sniffer with a hella-fast RAID array at the chokepoints - and log the URLs (and SMTP headers, and USENET headers, and P2P requests, and Freenet requests) themselves.

      China's doing it all wrong - the way to deal with threats to internal security isn't to block citizens' access to information, it's to allow access to information - and log the hell out of it! I mean, knowing that Xin Sixpack typed "Falun Gong" at google.com and got blocked when he tried to visit the front page of some website isn't nearly as useful as letting him go to the site, and then watching every click he makes, to find out what (specifically) he's interested in.

  • by torpor ( 458 ) <ibisum&gmail,com> on Tuesday January 07, 2003 @10:20AM (#5032562) Homepage Journal
    *full* pretty soon! :)

    (Agent-Referer: slashdot.org, etc)

    Cool! Hi Attorney General, Sir! I'm a good little consumer!
  • by Sean Clifford ( 322444 ) on Tuesday January 07, 2003 @10:26AM (#5032597) Journal
    Good move, though I hope they don't get in trouble for making the subpoena public. As I read the subpoena, they were specifically instructed not to make the subpoena public to as not to alert the subject(s) of the investigation to the existence of the investigation.

    Not that I support the government's position on this: "It's secret - national security, you know. Nothing to see here, move along."

    I'm glad that Cryptome deletes log files. Though most here probably support Cryptome's stance, I doubt that today's slashdotting is going to be welcome.

    • by xyzzy ( 10685 ) on Tuesday January 07, 2003 @10:38AM (#5032675) Homepage
      I don't get it. What amount of mojo does the Attorney General for Mass. have in NY? Can't he just tell them to go pound sand?
      • He probably could, but then how do you know what relationship the Attourneys General of Massachussetts and New York have with each other? Or the Federal Justice Department, for that matter. Remember, the Governor of Massachussetts has been Republican since Dukakis.
      • by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Tuesday January 07, 2003 @11:36AM (#5033107) Homepage
        Oh they can be bastards.

        He can tell the Attourney general of MA to pound sand. However, if a warrent for his arrest is issued in MA, then he can be arrested if he comes here and is caught (which never happens)

        Or... if he is ever arrested for any reason in NY, then even after being bailed out, the NY police will alert MA (since states share info on who they have warrent for) and the NY police will hold him for the MA police to come pick him up (I think for up to 90 days)

        This happened to a friend of mine about 2 years ago. He had a warrent for his arrest in Waltham, MA (missed a court date) and lived in RI. RI police picked him up for something unrelated (long story). After a month he was bailed out, but wasn't released. After being bailed out, the RI police informed him that they were holding him for up to 90 days because MA has a warrent out for his arrest and they are holding him for the MA police to come pick him up.
        (amusingly he missed his court date and had a warrent issued for his arrest because he was in a RI holding cell and thus couldn't come up to MA for his hearing).

        In short, yea he can tell the AG to pound sand, he can even come into MA with little to no fear of ever being caught (police here have better things to do than pull people over, and we don't play that dangerous game of letting the cities patrol the highways so they have more incentive to pull people over than keep traffic moving safely). But... he better be sure not to get arrested anywhere else in the US.

        -Steve
    • From the site:

      Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order will be published here or elsewhere if gagged by order. Bluffs will be published if comical but otherwise ignored.

      It'll be intresting to see what happens.
    • by Anonymous Custard ( 587661 ) on Tuesday January 07, 2003 @12:55PM (#5033839) Homepage Journal
      The exact statement was "As this subpoena is related to an ongoing criminal investigation, please do not reveal this request to any individual not necessary to comply with the supoena or to the subcriber." It is written in the cover letter, and not in the actual subpoena itself, because in public trials without a specific gag order, a piece of mail is still a piece of mail and you can show it to whomever you like. The cover letter was not marked "confidential" and the only reason cryptome would have had to comply with this friendly request to keep it on the down low would be to appease the Attorney General.
  • by gimpboy ( 34912 ) <.moc.liamg. .ta. .dlorrah.m.nhoj.> on Tuesday January 07, 2003 @10:28AM (#5032614) Homepage
    i work with the local indypendent media center and our solution was to not log the ip addresses. the logs are still useful for diagnosing problems, but without the ip addresses they are useless for finding people.

    • A good way to do this (which the above guys might be using) is to translucently log critical information, much like the techniques in the Translucent Databases book. In this case, information like the client IP address can be md5 hashed before being logged. In this way, if you need to investigate a particular IP address because of a court order or an attack, you can md5 the neccesary address and know what to search for. And if you're just analyzing patterns in your logfiles, the md5's will still uniquely identify client IPs so that you can see the real flow of events. You can also store the logs a while and not have privacy concerns. The md5'd addresses prevent the logs from being used as a wholesale database of private information, since you'd have to reverse md5 (computationally infeasible) seperately for every customer IP to get the original data back.

      Of course I'll play devil's advocate to myself here. There's only 2^32 IP addresses (less than that because of private space and whatnot, but it's good to overestimate anyways), and each takes 4 bytes to store. If you stored the full md5 hashes with offsets as IPs, you'd be looking at a 64GB fool-proof solution. 64G of disk space in a database is not a hefty requirement by any means. Pre-computing 4 billion md5 hashes of 4 byte strings and writing them all to disk would take some time, but not an excessive amount. If I had the free space at home I could probably build this pre-cache of IP md5's in a few weeks tops. So the government could definitely do it.

      A potential stop to this sort of precaching would be to mix in more data before hashing. For instance, store the current datestamp down to 1-hour resolution into the hash as well as the IP. You'll then need to know the horu you're looking for to index a specific IP address, and they'd have to do all the same computation and storage once per hour forever to keep the ability to index your hashes back to IPs. While you're at it, each site could also through their own primary IP address into the hash, so that several sites using this same scheme would have to be indexed seperately by the government. Toss in a random tidbit that nobody knows, like the programmer's dog's name or something, and you're set.
    • without the ip addresses they are useless for finding people

      Not necessarily. If you are logging referrers or other information, that can be used to track down some people. For instance, what about people clicking on links in their webmail? Some of those webmail urls contain a lot of information, and all you'd have to do is subpoena the webmail provider to get the ip/personal information of those people.

  • by Anand_S ( 638598 ) on Tuesday January 07, 2003 @10:30AM (#5032622)
    How does one subpoena a log file? I imagine the conversation went something like this:

    "We have a summons for your log file."

    "Uh, would you like us to send an admin to court with the log files?"

    "No, just tell the log file to show up in court on the date indicated on the summons."
  • by nautical9 ( 469723 ) on Tuesday January 07, 2003 @10:31AM (#5032624) Homepage
    ... why not just change the log format to not include any personally trackable data (IP address, username, any cookie info, etc). Using Apache, this is very simple with the CustomLog directive.

    Then you still have proper log files so you can create reports on traffic, bandwidth, and all the other goodies logs are intended for.

  • If no such log exists for the specific page in question, please provide any logs that would cover the domain together with an explanation of what the log covers.
    So upon receiving this subpoena, I'd expect that they are legally bound to provide whatever logs they have on their system that have not yet been deleted. They could claim that it arrived during a heavy traffic period...
  • Mirror (Score:5, Informative)

    by Anonymous Coward on Tuesday January 07, 2003 @10:34AM (#5032648)
    This will be interesting...

    http://130.236.229.26/cryptome-log.htm
  • Simple Fake Email (Score:5, Informative)

    by Deton8 ( 522248 ) on Tuesday January 07, 2003 @10:45AM (#5032713)
    I read this story on Cryptome before the /. effect took hold -- what happened is some jerkoff is sending around fake emails with forged headers which purport to come from a legit company essentially trying to extort money from people to keep their personal data private. Obviously, the DA has a suspect and a grand jury has been empaneled to try to indict the guy behind the joe job, and they are hoping that the perp has been accessing the cryptome site (less likely, but possible, is that it's a fishing expedition and they will simply check everybody who surfed that page during the timeframe in question). The story has almost nothing to do with the true mission of the cryptome site. As far as posting the subpoena, there is a clear notice on the cryptome site declaring their intention to post the contents of all such legal notices unless it is illegal for John Young (a resident of New York IIRC) to post them.
  • by defile ( 1059 ) on Tuesday January 07, 2003 @10:46AM (#5032719) Homepage Journal

    When I used to work at an ISP, whenever we were summonsed for log files they'd always be for records that were weeks or months old. Most of them were from the "CyberSmuggling" division of US Customs.

    Right now I maintain a high traffic site that doesn't store more than 4 days worth of logs on each web server (each day is about 2GB). One time they subpeona'd us for logs that were literally 3 months old. Hah.

  • by imag0 ( 605684 ) on Tuesday January 07, 2003 @10:47AM (#5032729) Homepage
    about 1/2 way down the page you get the gist they were looking for anyone who visited the page http://cryptome.org/sec-con.htm [cryptome.org]

    Of course, the page was taken down / slashdotted, I guess. Google to the rescue! [216.239.57.100]
  • Huh!? (Score:4, Funny)

    by giel ( 554962 ) on Tuesday January 07, 2003 @10:50AM (#5032745) Journal

    ... bring with him/her all logs recording the I.P. addresses and/or users who visited "http://cryptome.org/sec-con.htm" between 11/7/02 00:00:00 GMT and 11/14/02 23:59:59 GMT. If no such log exists for the specific page in question, please provide any logs that would cover the domain together with an explanation of what the log covers.

    vi /var/log/httpd/smokinggun.log[ENTER]
    256iwww.ago.state.ma.us[ENTER]
    [ESC]
    [SHIFT+z]z[SHIFT+z]

    Ahh, Sir! Here I've got it, see? '/var/log/httpd/smokinggun.log'!
    Eh, ahum...

  • by smack_attack ( 171144 ) on Tuesday January 07, 2003 @11:03AM (#5032845) Homepage
    CustomLog | /bin/mail subpoena@ago.state.ma.us

    this could take a while :)
  • by cygnus ( 17101 ) on Tuesday January 07, 2003 @11:13AM (#5032924) Homepage
    i know i'm coming in way late here, but JYA pays for cryptome traffic out of pocket. it's his hobby (or mission, the point is that he doesn't get recompensated for it).

    so don't lay waste to his site if you don't have an interest. it's coming straight out of his wallet.
    • oh well. If you don't wanna pay don't be on the web. I'm sick of hearing about the poor webmaster paying out of his pocket.
      • by SuperDuG ( 134989 ) <be&eclec,tk> on Tuesday January 07, 2003 @02:39PM (#5034731) Homepage Journal
        oh well. If you don't wanna pay don't be on the web. I'm sick of hearing about the poor webmaster paying out of his pocket.

        Then quit reading comments if you're so sick of it.

        Wait was that an obvious answer? Of course it was. The statement is quite true because there are many people who host websites out of their own pocket by a personal server. Here's the problem though. Slashdot and similar sites with high traffic link to the page in order to keep their visitors interested and to sell ads. Why is it okay for Slashdot to make money on someone elses misfortune, but stealing oil from a middle eastern country isn't? Slashdot makes money from people who come to their site (they show their access logs to companies and say "look at how many people come to out site, your ads will be seen billions of times", don't believe me, look at the top of this page) and there are many web hosters that provide a monthly allotment that then charge for bandwidth after that limit is reached or will simply disable the site.

        So because slashdot wanted to make more money someone who has a personal webpage has to suffer. The argument of "don't want to pay for it, don't put it on the web" is moot. I've had a personal webpage hosted on a personal server for nearly 6 years and I know damn well that my site is not high traffic. So why should I expect at all to ever have a million billion hits in a 5 day period? I shouldn't unless someone from slashdot wants to make sure they look original and want to bash the hell out of my server when I know damn well that google has a cache of mysite. Google being a server that is used to high traffic already and has their own way of recouping the costs.

        How are the personal websites supposed to recoup the costs? HOW? So why don't we just start robbing banks for slashdot, if the banks didn't want to be robbed they wouldn't have unlocked their front doors for business. Or how about anyone who owns a business, since they let ANYONE in their store it should be their fault if someone comes in and breaks everything, right?

        You know what I'm sick of? Morons like you who think it's cool to be a heartless asshole.

  • by jhines ( 82154 ) <john@jhines.org> on Tuesday January 07, 2003 @11:32AM (#5033051) Homepage
    We store our logs on /dev/null, about 2Gb per day. You interested in how many days worth?
  • Perspective needed (Score:4, Insightful)

    by dpilot ( 134227 ) on Tuesday January 07, 2003 @11:45AM (#5033195) Homepage Journal
    First off, this appears to be "due process" to me. It's a subpoena coming from a grand jury. If they feel they need to search your home for evidence, that's the path they'd take. They appear to be treating electronic evidence with the same process they'd use for physical evidence. Cryptome has responded with a statement that their standard records deletion process.

    As long as these are all of the facts, then everything is as it should be, and this avenue of investigation has unfortunately (for those being extorted) been a dead end.

    If there is an attempted reprisal against Cryptome, that's bad.
    If the request against Cryptome was generated as a result of some Carnivore-style sniffing, that's bad.
    If incidents like this mandate some sort of necessary electronic records retention, that *may be* (but may not be) bad.

    I don't think anyone truly proposes that the Internet be utterly lawless. The very real fear is that extensive silent monitoring is possible, and an electronic police state could be built under our noses. Some guidance and provisions need to be made to help catch people who do criminal things over the Internet. Some crimes may be entirely virtual, with no physical evidence at all, only bad effects on innocent people. It's right to fear the slippery slope, but AFAIK only the NRA has the sheer clout to veto virtually any legislation. I'm sure we don't.

    IMHO it's better to participate and make sure proper safeguards are built-in rather than to fight a retreating veto battle.
    • The big problem is that they want ALL of Cryptome's logs relating to a specific page. This is grabbing logs of the activity of many people, not just one person.

      It's like saying "I'd like a wiretap on everybody who lives in South Minneapolis because I think some of them are drug dealers.". That just doesn't fly.

      If they narrowed down their request to one or two class C IP blocks, that would be a lot better and less worrisome, though it still has the same problem, just on a smaller scale. Then you're just tapping the phone of everybody on a particular street because you think one of them is a drug dealer.

  • by jea6 ( 117959 ) on Tuesday January 07, 2003 @11:47AM (#5033213)
    Two thoughts, semi-related...
    1) if I have a client request a restore of backed-up data, I bill them T&M for the procedure (especially if tapes have to be retrieved from off-site storage). Does the government ever pay for such a service?

    2) If I'm subpoenaed, to what effort do I have to go to make the data usable to the prosecutor? Can I hand over a DLT? Can I print out the log files and hand over multiple reams of paper? Can I provide them the data on media without an obligation to provide them hardware to read that media (say, a really old syquest)?

    This subpoena says "bring with him/her all logs recording the I.P. addresses and/or users who visited" but makes no mention of an obligation to provide them in the format most usable to the AG.

    And a third thought, I'm curious as to how a Facsimile was delivered to a voice number :-)

  • Clues (Score:4, Interesting)

    by Euphonious Coward ( 189818 ) on Tuesday January 07, 2003 @12:44PM (#5033768)
    1. Verio is happy to hand over all the Cryptome traffic to the feds in realtime, and probably does it already. MA should subpoena the feds' logs.

    2. What is Cryptome doing on Verio anyway? It's a filthy spammer host.

    • Re:Clues (Score:3, Insightful)

      by Royster ( 16042 )
      2. What is Cryptome doing on Verio anyway? It's a filthy spammer host.

      The same thing that any client is doing on Verio -- not getting thrown off.

      John hosts a lot of data which is unpopular to lot of people. An ISP which was any less reluctant to dispose of a paying customer would have tossed John some time ago.
  • Cryptome logs (Score:5, Informative)

    by ssimpson ( 133662 ) <slashdot@samsimp s o n . c om> on Tuesday January 07, 2003 @01:12PM (#5034001) Homepage

    John Young has posted quite a lot of information about his log policy before....It's pretty widely known that he deletes them very regularly to prevent this kind of thing.

    People have asked why logs aren't just sent to /dev/null - that's because John does scan the logs for "interesting" visitors - see e.g. his previous stories about catching various US departments and agencies (FBI, Whitehouse) looking at his site.

    The site is currently down I wonder if it has been slashdotted, or.......

  • by shutton ( 4725 ) on Tuesday January 07, 2003 @01:18PM (#5034038) Homepage
    ...when I used to deal with this stuff (and I was usually on the "serving" end of the subpoena), entities in other states were under no obligation to honor a subpoena from our state. Only subpoenas issued from federal courts are valid across state boundaries.

    This subpoena was issued from Massachusetts for an agency in New York. Not far, but far enough.

On the Internet, nobody knows you're a dog. -- Cartoon caption

Working...