Does anyone think this will really help catch "criminals"? If a person is using a computer in the libarary, most of the time it will not last more than 20 or 30 minutes (other people want to use it). Lets say the person does do somethign "naughty" on it, by the time the feds arrive (20 or 30 min) and track down which machine it is (thinking of the Boston Public Libaray at Copley Square) using the IP addy (5 minutes) and bring their fat sorry asses to the exact location (5 minutes), the person is long gone. After the 40 minutes all they have is the terminal that was used. What they going to do, check the history file of which websites were used? Even if they have a packet logger, they only whill have the things he has done.
Granted the person might access their own email and the feds could get the person's where abouts that way. But will criminals be that stupid? Some might say yes. So there are two sides here.
Who says that "criminal" needs to even be at the terminal to do his evil deeds? They could run a process in the background and exploit the machine's internet connection remotely.
Most library machines I have come across have not been well secured, many are easy leaping points for doing "naughty" things. They even give media access to use material on CDs.
As I understand it, the idea here is to keep records of who uses terminals and what websites are visited by them (as well as monitoring borrowing). The point is not to catch them in the act of something illegal (eg. downloading kiddy pr0n), but to retroactively examine the past surfing habits of somebody already under suspicion/surveillance. At the only public library I've ever used a terminal in (Kingston, ON) they recorded who used which terminals when by making you sign the sheet, and holding your library card while you surfed. This was presumably for the purpose of banning you if they caught you looking at nekkid pictures or something.
Does anyone think this will really help catch "criminals"?
No. Of course not. 95% of the stuff implemented in the name of 9/11 is useless. Most people (polititians are included in that group) are fucking stupid, they live lives unexamined, they pass stupid laws, infringing on peoples rights. All the more reason for adhering to a philosophy of a drastically limited government, to keep these idiots from boning us.
Your missing the point. They want to find any info on future plans, not catch you launching your DDOS on playboy.com. They want your cached hotmail email about when and where you are going to meet the other bad guys or blow up whatever.
What would be a "trusted" system for a criminal? Dialing from home? From the hideout? If you wanted to plan a "job" and had to coordinate with others, where would you do it? Would you completely rely on encryption and thus use systems that could be tied back to you? Fact is that a publically accessable internet terminal makes a very convenient tool for doing things anonymously.
And again, why not a hotmail account. They can be created easily and anonymously. If your message is : "lets meet at the usual place at 6:00" : then who is going to catch onto this?
Other than statements that "most criminals aren't that stupid", I've yet to see anyone give any real good logical reasons, let alone any evidence of criminals really being that smart (I know, I know, there are bound to be a few that are that smart, but your statement claims the opposite).
Does anyone think this will really help catch "criminals"? If a person is using a computer in the libarary, most of the time it will not last more than 20 or 30 minutes (other people want to use it). Lets say the person does do somethign "naughty" on it, by the time the feds arrive (20 or 30 min) and track down which machine it is (thinking of the Boston Public Libaray at Copley Square) using the IP addy (5 minutes) and bring their fat sorry asses to the exact location (5 minutes), the person is long gone.
Hate to nit, but...
Firstly, they can track the machine to its switchport, and with a simple table of switchport network drop, and/or a map of the physical layout they can easily find the exact machine in a matter of 30 seconds (or less). I administered a school with three wings, two floors and I could nail network traffic (IP or IPX) to its specific chair in under a minute.
Couple this with strategically placed surveillance cameras (which many public institutions have installed already) and they can get a video image of the "perp" for facial recognition at a more convenient time.
So we take a few stills from the video feed, add them to the TCP dump log / keystroke log / screen capture, and file it away for a later date.
There's a lot more than just a history file for the feds to pour over. A keylogger installed at every terminal would allow the feds to read the e-mails of a user, grab their hotmail or hushmail password, and if the library has some sort of public key system, grabbing the password for that as well.
Then there's the other end where a packet sniffer is storing (not monitoring, just storing) all the traffic. The feds know when the user was at the terminal so pull up that time in the stored packets and see what the user was doing at that particular time.
And what if a criminal uses the same lab for several weeks. After the first week or two the feds start to expect the person to return and can setup a sting to nab him or her when they walk in the door.
There is plenty of help for the feds in doing this.
Lets say the person does do somethign "naughty" on it, by the time the feds arrive (20 or 30 min) and track down which machine it is (thinking of the Boston Public Libaray at Copley Square) using the IP addy (5 minutes) and bring their fat sorry asses to the exact location (5 minutes), the person is long gone.
Most of the libraries I've been to make you sign up to go online. Sometimes they even check your driver's license to make sure you put down your real name and are a resident.
We actually had the FBI come knocking, so to speak, at my library's door a few weeks back. They wanted to take a particular machine as evidence (of what, they never said). However, the IP address they had was useless...we changed our IP addressing scheme about 2-3 MONTHS before they bothered to contact us. (Besides the fact that we use dynamic addressing internally anyways.) We all breathed a sigh of relief. I don't know of any public libraries in our state using static addressing...so I wonder how often the FBI really gets anything?
If all the world's economists were laid end to end, we wouldn't reach a
conclusion.
-- William Baumol
Will it really help? (Score:4, Insightful)
Granted the person might access their own email and the feds could get the person's where abouts that way. But will criminals be that stupid? Some might say yes. So there are two sides here.
Re:Will it really help? (Score:3, Interesting)
Most library machines I have come across have not been well secured, many are easy leaping points for doing "naughty" things. They even give media access to use material on CDs.
Missing the point (Score:2)
Re:Will it really help? (Score:1)
No. Of course not. 95% of the stuff implemented in the name of 9/11 is useless. Most people (polititians are included in that group) are fucking stupid, they live lives unexamined, they pass stupid laws, infringing on peoples rights. All the more reason for adhering to a philosophy of a drastically limited government, to keep these idiots from boning us.
Re:Will it really help? (Score:2)
Re:Will it really help? (Score:2)
And again, why not a hotmail account. They can be created easily and anonymously. If your message is : "lets meet at the usual place at 6:00" : then who is going to catch onto this?
Other than statements that "most criminals aren't that stupid", I've yet to see anyone give any real good logical reasons, let alone any evidence of criminals really being that smart (I know, I know, there are bound to be a few that are that smart, but your statement claims the opposite).
Re:Will it really help? (Score:4, Insightful)
Firstly, they can track the machine to its switchport, and with a simple table of switchport network drop, and/or a map of the physical layout they can easily find the exact machine in a matter of 30 seconds (or less). I administered a school with three wings, two floors and I could nail network traffic (IP or IPX) to its specific chair in under a minute.
Couple this with strategically placed surveillance cameras (which many public institutions have installed already) and they can get a video image of the "perp" for facial recognition at a more convenient time.
So we take a few stills from the video feed, add them to the TCP dump log / keystroke log / screen capture, and file it away for a later date.
So easy, a child of five could do it.
Someone fetch me a child of five! ;)
Re:Will it really help? (Score:1)
There's a lot more than just a history file for the feds to pour over. A keylogger installed at every terminal would allow the feds to read the e-mails of a user, grab their hotmail or hushmail password, and if the library has some sort of public key system, grabbing the password for that as well.
Then there's the other end where a packet sniffer is storing (not monitoring, just storing) all the traffic. The feds know when the user was at the terminal so pull up that time in the stored packets and see what the user was doing at that particular time.
And what if a criminal uses the same lab for several weeks. After the first week or two the feds start to expect the person to return and can setup a sting to nab him or her when they walk in the door.
There is plenty of help for the feds in doing this.
There's more hurt though, IMO.
Re:Will it really help? (Score:2, Interesting)
Most of the libraries I've been to make you sign up to go online. Sometimes they even check your driver's license to make sure you put down your real name and are a resident.
Re:Will it really help? (Score:1)
Re:Will it really help? (Score:1)