lix blog

I occasionally found out that, zooming with Google maps in Zurich, the view suddenly switches from a bird eye’s view to a 45° view. So it looks like “Google map’s 45 degree” option has been enabled just a few days ago for another 26 cities.
This new feature (or bug?) might raise new privacy related questions…

Zoom factor 17 (bird eye’s view):

Zoom factor 18 (three quarter’s view):

Berne: 31st of May 2012
Zurich: 25th of May 2012

It’s a feature, not a bug!! 😛
Skeip IP finder (See Screenshot)

For further reading: Skype divulges user IP addresses

(See German, French and Italian versions below)

Fernmeldeüberwachung: Technisches Konzept zur Datenübermittlung

Der Dienst Überwachung Post- und Fernmeldeverkehr (Dienst ÜPF) hat am
28.03.2012 ein Dokument mit technischen Angaben veröffentlicht, die
sicherstellen, dass die Fernmeldedienstanbieterinnen (FDA) ihre Daten dem
Dienst ÜPF übermitteln können. Der Dienst ÜPF fordert bei den FDA
solche Daten im Auftrag von Strafverfolgungsbehörden zur Aufklärung
schwerer Straftaten an.

Sehr geehrte Damen und Herren

Das so genannte Ausleitungskonzept, das am 28.03.2012 veröffentlicht
wurde, ergänzt die revidierte Verordnung über die Überwachung des Post-
und Fernmeldeverkehrs (VÜPF) und die technischen Richtlinien für die
Telekommunikationsüberwachung TR TS (Version 3.0). Der Dienst ÜPF hat das
Konzept in intensiver Zusammenarbeit mit den FDA erarbeitet. Es beschreibt
die allgemein gültigen Rahmenbedingungen und neue mögliche
Ausleitungsnetze in IP-Technologie. Gestützt auf das Ausleitungskonzept
schliesst der Dienst ÜPF mit jeder einzelnen FDA Anbindungsvereinbarungen
ab. Diese regeln alle technischen Einzelheiten, wie z.B. physikalische
Übergabepunkte, Netzadressen, Zuständigkeiten oder Kontaktstellen.

Das Ausleitungskonzept richtet sich ausschliesslich an FDA, die dem
Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs
(BÜPF) unterstellt sind. Das BÜPF verpflichtet die FDA, dem Dienst ÜPF
Daten aus Überwachungsmassnahmen zuzuleiten, die von Staatsanwaltschaften
zur Aufklärung schwerer Straftaten angeordnet und vom zuständigen
Zwangsmassnahmengericht genehmigt wurden.

Das Ausleitungskonzept ist zu finden auf: www.uepf.admin.ch

Zum Verfahren der Post- und Fernmeldeüberwachung
Zur Aufklärung schwerer Straftaten können die Schweizer
Strafverfolgungsbehörden, gestützt auf die Schweizerische
Strafprozessordnung (StPO; SR 312.0) Massnahmen zur Überwachung des Post-
und Fernmeldeverkehrs anordnen. Jede Überwachungsanordnung einer
Staatsanwaltschaft muss von der zuständigen richterlichen
Genehmigungsbehörde (Zwangsmassnahmengericht) der Kantone oder des Bundes
geprüft und genehmigt werden. Der Dienst ÜPF nimmt zuletzt eine formelle
Prüfung vor. Dabei prüft er, ob die anordnende Behörde tatsächlich
zuständig ist und ob sich die Überwachungsanordnung auf eine strafbare
Handlung gemäss Deliktkatalog (Art. 269 StPO) bezieht. Der Dienst ÜPF
weist die Fernmeldedienstanbieterinnen anschliessend an, die fraglichen
Daten dem Dienst ÜPF zu übermitteln. Er stellt die Daten dann den
auswertenden Strafverfolgungsbehörden zur Verfügung. Vom Inhalt der Daten
und der betreffenden Ermittlungen erhält der Dienst ÜPF keine Kenntnis.

Die Pflichten der Fernmeldedienstanbieterinnen
Wer eine Fernmeldedienstleistung erbringt, muss dies dem Bundesamt für
Kommunikation (BAKOM) melden. Auf der Website des Dienstes ÜPF finden Sie
den Link zu den entsprechenden Meldeformularen.
Jede FDA ist verpflichtet, Überwachungsaufträge gemäss den Richtlinien
und Verfügungen des Dienstes ÜPF auszuführen. Um Überwachungen
vornehmen zu können, muss jede FDA eine geeignete Anlage bereithalten.
Alle FDA müssen jederzeit in der Lage sein, Überwachungsmassnahmen
durchzuführen. Um die Überwachungsbereitschaft der FDA sicherzustellen,
führt der Dienst ÜPF bei diesen ein Compliance-Verfahren durch. Die FDA
sind gemäss VÜPF verpflichtet, dem Dienst ÜPF die Namen ihrer
Kontaktpersonen (Lawful Interception Officer bzw. LI Officer) zu nennen
(Art. 18 Abs. 3 und 26 Abs. 3 VÜPF). Alle noch nicht beim Dienst ÜPF
registrierten FDA sind verpflichtet, sich unverzüglich zu melden.

Für allfällige Fragen stehen wir Ihnen gerne zur Verfügung unter
folgendem Link: https://www.li.admin.ch/de/ptss/contact.html

Mit freundlichen Grüssen

Eidgenössisches Justiz- und Polizeidepartement EJPD
Informatik Service Center ISC-EJPD
Dienst Überwachung Post- und Fernmeldeverkehr

Jean-Louis Biberstein
Leiter Providermanagement

Surveillance des télécommunications : prescriptions techniques pour la
transmission des données

Le Service de surveillance de la correspondance par poste et
télécommunication (Service SCPT) a publié, le 28 mars 2012, un document
avec des prescriptions techniques pour garantir que les fournisseurs de
services de télécommunication puissent lui transmettre les renseignements
demandés. Sur mandat des autorités de poursuite pénale, le Service SCPT
demande en effet aux fournisseurs de services de télécommunication de lui
transmettre des données en vue d’élucider des infractions pénales
graves.

Mesdames, Messieurs,

Le schéma directeur réglant les modalités de la transmission de données
publié ce mercredi complète l’ordonnance révisée sur la surveillance
de la correspondance par poste et télécommunication (OSCPT) et les
directives techniques relatives à la surveillance des télécommunications
(Technical Requirements for Telecommunication Surveillance, TR TS, version
3.0). Fruit d’une collaboration intense avec les fournisseurs de services
de télécommunication, ce document définit les conditions cadres
généralement applicables et décrit de nouveaux réseaux de transmission
potentiels, fondés sur la technologie internet. C’est aussi sur la base
de ce schéma directeur que le Service SCPT conclut une convention de
raccordement avec chaque fournisseur de services de télécommunication
afin de régler tous les détails techniques, comme le point de
transmission physique, les adresses réseau, les attributions respectives
et les services et interlocuteurs compétents.

Ce schéma directeur s’adresse exclusivement aux fournisseurs de services
de télécommunication, lesquels sont tenus, conformément aux dispositions
de la loi fédérale sur la surveillance de la correspondance par poste et
télécommunication (LSCPT), de livrer au Service SCPT les données
recueillies en exécution de mesures de surveillance ordonnées par les
ministères publics pour élucider des crimes graves et autorisées par le
tribunal des mesures de contrainte compétent.

Le schéma directeur relatif à la transmission de données est disponible
sur le site www.scpt.admin.ch

Déroulement de la surveillance
Le code de procédure pénale suisse (CPP ; RS 312.0) permet aux autorités
de poursuite pénale d’ordonner des mesures de surveillance de la
correspondance par poste et télécommunication en vue d’élucider des
infractions graves. Tout ordre de surveillance édicté par un ministère
public doit être approuvé par l’instance judiciaire compétente
(tribunal des mesures de contrainte) au niveau cantonal ou fédéral. Avant
la mise en oeuvre proprement dite, le Service SCPT effectue encore un
dernier contrôle formel afin de s’assurer de la compétence de l’autorité
à l’origine de la mesure et de vérifier que la surveillance vise
effectivement la poursuite d’une infraction figurant dans la liste des
infractions pertinentes (cf. art. 269 CPP). Le Service SCPT ordonne alors
au fournisseur de services de télécommunication de lui faire parvenir les
informations demandées, avant de les transmettre à son tour aux
autorités de poursuite pénale chargées de les exploiter. Le service n’a
accès, à aucun moment, ni au contenu des données transmises, ni aux
détails des investigations.

Obligations des fournisseurs de services de télécommunication
Quiconque fournit un service de télécommunication doit l’annoncer à
l’Office fédéral de la communication (OFCOM). Toutes les informations
utiles et les formulaires établis à cet effet sont disponibles sur le
site internet du Service SCPT.
Les fournisseurs de services de télécommunication sont tenus d’exécuter
les mandats de surveillance selon les directives et les instructions du
Service SCPT. Ils doivent être en mesure de mettre en oeuvre, en tout
temps, des mesures de surveillance. Aussi chaque fournisseur doit-il
disposer, à cet effet, d’une infrastructure appropriée, prête à
fonctionner. Le service effectue des contrôles de conformité auprès des
fournisseurs afin de s’assurer qu’ils sont bien en mesure de procéder aux
surveillances ordonnées. Conformément aux dispositions de l’OSCPT (cf.
art. 18, al. 3, et art. 26, al. 3, OSCPT), les fournisseurs de services de
télécommunication ont l’obligation de communiquer au Service SCPT le nom
des collaborateurs compétents pour les questions en lien avec
l’interception légale des télécommunications (Lawful Interception
Officers ou LI Officers). S’ils ne l’ont pas encore fait, les fournisseurs
de services de télécommunication doivent s’annoncer sans délai au
service.

Nous demeurons à votre disposition pour d’éventuelles questions sous le
lien suivant : https://www.li.admin.ch/fr/ptss/contact.html

Nous vous prions de croire, Mesdames, Messieurs, à l’assurance de nos
sentiments distingués.

Département fédéral de justice et police DFJP
Centre de services informatiques CSI-DFJP
Service Surveillance de la correspondance par poste et télécommunication

Jean-Louis Biberstein
Chef Providermanagement

Sorveglianza delle telecomunicazioni: specifiche tecniche per la
trasmissione dei dati

Il 28 marzo 2012 il Servizio di sorveglianza della corrispondenza postale e
del traffico delle telecomunicazioni (Servizio SCPT) ha pubblicato un
documento contenente le specifiche tecniche che garantiscono la
trasmissione dei dati da parte dei fornitori di servizi di
telecomunicazione (fornitori). Il Servizio SCPT richiede tali dati su
incarico delle autorità inquirenti al fine di far luce su reati gravi.

Distinte signore, egregi signori,

Le specifiche di trasferimento pubblicate mercoledì vanno a integrare
l’ordinanza riveduta sulla sorveglianza della corrispondenza postale e
del traffico delle telecomunicazioni (OSCPT) e le direttive tecniche per la
sorveglianza delle telecomunicazioni TR TS (versione 3.0). Le specifiche,
messe a punto in stretta cooperazione con i fornitori, definiscono le
condizioni applicabili in termini generali e le nuove possibili reti di
trasferimento in tecnologia IP. Fondandosi su tali specifiche, il Servizio
SCPT firma, con ogni singolo fornitore, un accordo di allacciamento che
definisce tutti i particolari tecnici, quali i punti di consegna fisici,
gli indirizzi di rete, le competenze e le persone di riferimento.

Destinatari esclusivi delle specifiche di trasferimento sono i fornitori
soggetti alla legge federale sulla sorveglianza della corrispondenza
postale e del traffico delle telecomunicazioni (LSCPT), che impone loro di
trasmettere al Servizio SCPT i dati risultanti dalle misure di sorveglianza
disposte dai pubblici ministeri e confermati dal competente giudice dei
provvedimenti coercitivi per far luce su reati gravi.

Le specifiche sono consultabili all’indirizzo www.li.admin.ch/it

Procedura di sorveglianza
In virtù del Codice di procedura penale (CPP; RS 312.0), le autorità
inquirenti svizzere possono disporre misure di sorveglianza della
corrispondenza postale e del traffico delle telecomunicazioni al fine di
far luce su reati gravi. Ogni ordine di sorveglianza spiccato da un
pubblico ministero va esaminato nel merito e approvato dalla competente
autorità giudiziaria cantonale o federale (giudice dei provvedimenti
coercitivi). Il Servizio SCPT procede infine a un esame formale
controllando se l’autorità disponente è effettivamente competente e se
la sorveglianza ordinata è connessa a un reato figurante nell’elenco
dell’articolo 269 CPP. Il Servizio SCPT ordina quindi ai fornitori di
trasmettergli i dati richiesti, consegnandoli a sua volta alle autorità
inquirenti incaricate di trattarli. Il Servizio SCPT non viene a conoscenza
né del contenuto dei dati trasmessi né dei dettagli investigativi.

Obblighi dei fornitori
Chi fornisce un servizio di telecomunicazione deve annunciarlo
all’Ufficio federale delle comunicazioni (UFCOM). Il link ai moduli di
notifica figura sul sito del Servizio SCPT.
Ogni fornitore è tenuto a compiere i mandati di sorveglianza seguendo le
direttive e le decisioni del Servizio SCPT. A tal fine deve dotarsi di
un’infrastruttura adeguata allo scopo ed essere pronto a procedere alla
sorveglianza in ogni momento. Il Servizio SCPT sottopone ogni fornitore a
controlli di conformità per assicurarsi che sia effettivamente in grado di
garantire la sorveglianza disposta. L’OSCPT (art. 18 cpv. 3 e 26 cpv. 3)
impone ai fornitori di comunicare al Servizio SCPT i nominativi delle
persone di riferimento (lawful interception officer o LI officer). Tutti i
fornitori non ancora registrati presso il Servizio SCPT sono tenuti a farlo
senza indugio.

Per ulteriori informazioni rimaniamo volentieri a vostra disposizione
all’indirizzo seguente: https://www.li.admin.ch/it/ptss/contact.html

Distinti saluti,

Dipartimento federale di giustizia e polizia DFGP
Centro servizi informatici CSI-DFGP
Servizio Sorveglianza della corrispondenza postale e del traffico delle
telecomunicazioni

Jean-Louis Biberstein
Capo Providermanagement

External Link: Post and Telecommunication Surveillance Service CH

Fuck surveillance! – Fuck Skeip!

If you are not paying for it, you are not the customer. You are the product.

(English translation of the original german version)

Lately the Chaos Computer Club (CCC) has recently received a newer version of the “Staatstrojaner”. The comparison with the older version, already analysed by the CCC with the actual Sniffer-code from December 2010, revealed new evidence. Despite the claims of the responsible parties, the trojan can still be captured, loaded with any code and also the allegedly “audit trail” can be manipulated. The CCC is calling for a complete waiver of Trojans in pre-trial applications.

On October 8th 2011, the CCC published the documentation and binary data regarding a german “Staatstrojaner”. [0] This was used for the officially called computer infiltrations, trivially called “source-telecommunication surveillance”. Its application in pre-trials and law enforcement meanwhile was admitted by many states.

Despite the CCC has published solid technical evidence, the authorities responsible for internal affairs, as well as the manufacturer DigiTask, denied the existence of any illegal functionalities [1],[2],[10], and pleaded that the analysed Trojan was allegedly an outdated software version.

The excuses vary from “trial” to “prototype”, DigiTask still insisted on October 11th 2011 to its governmental customers, that almost all problems are being solved in newer versions. The manufacturer DigiTask and the authorities view the functionality of code-reloading as a “natural need”, for which the implication of fundamental rights violation is relative in any way. It serves a purpose, and therefore the aim justifies the means.

Therefore, the CCC now presents a more detailed technical documentation of a newer version of the “Staatstrojaner” from the year 2010.[3] The testimony of DigiTask[11] is the basis of a detailed report that serves as a euphemistic attempt to conceal its illegal nature. At the same time, both disassembled versions of the Trojan, commented by the CCC, were made publicly available in order to ensure the traceability of the findings and to facilitate further research by interested parties. [4]

„Even during the last three years, the authorities and their providers were clearly not capable of developing a “Staatstrojaner” ehich would meet the minimum of requirements for juridical evidence, basic law compliance and security against manipulation”, a CCC spokesman summed up about the new findings. “By these concrete and principal reasons, it is logical not to expected that this would succeed in the future.”

The diagnosis of the new CCC report presents a strong contrast to the claims by the Interior Secretary Ole Schröder, who was the one who apparently had drawn the short straw and be the one to justify and answer questions of the parliament. There, he claimed: “The software is designed for each individual case and previously checked, so that it can’t do more than it is allowed to.” [8] Under the previously mentioned conditions, it is evident that the test wasn’t very intense – how could it, without available source code.

[0] The first press release regarding the “Staatstrojaner”
[1] http://netzpolitik.org/wp-upload/174366-Bericht-BKA-Prasident-Ziercke_TOP-24a-24c_53.-InnenA-Sitzug.pdf
[2] http://www.bundestag.de/dokumente/protokolle/plenarprotokolle/17132.pdf
[3] Technical report
[4] commented disassemblance of both versions of the trojan and here both binaries
[5] Videos: http://haha.kaputte.li/0zapftis-2_lowres-final.mov
http://haha.kaputte.li/0zapftis-2_922x578-final.mov (medium resolution)
http://haha.kaputte.li/0zapftis-2_1230x770-final.mov (high resolution)
[6] Frank Braun: „0zapftis – (Un)Zulässigkeit von ,Staatstrojanern‘“. In: Kommunikation & Recht 11/2011, S. 681-686
[7] FAQ zum Staatstrojaner
[8] Plenarprotokoll 17/132 des Deutschen Bundestages, 19. Oktober 2011, S. 15604,
[9] Ulf Buermeyer, Matthias Bäcker: Zur Rechtswidrigkeit der Quellen-Telekommunikationsüberwachung auf Grundlage des § 100a StPO, HRRS
[10] Dem CCC zugespielte Stellungnahme der Firma DigiTask an ihre Behördenkunden

This evening Richard Stallman was giving a talk at the ETHZ. It was nice to see how the lecture hall was filled with young ICT students and hackers. Richard started his talk by saying that if anybody wants to record the talk or take pictures should publish it only by using free formats, such as ogg. – Well he’s substantially right by saying this. I was just wondering why it has to be said, as I think it’s self-evident.

It appears that even one of the most respected education institutes, such as the ETHZ, does not take Freedom for granted. And there lies the socio-political deception: Governments and regulation authorities have pushed surveillance and media control as far as we’re accepting debates about freedom to be discussed in mediocre circles. People using GNU/Linux are seen as outcast, rebels and extremists. – Though freedom ought to be one of the most basic principles of humankind!

There’s a massive lack of intellectuals and authors, interfering into the public political and cultural debates, as it has become difficult to avoid the mass media and, – therefore, – disinformation. The economical thirst for growth managed to incorporate writers and readers to subordinate their belief for the sake of media-control. Academics and brains subordinated with self-absorbed researches, funded by lobbyists and obscure organisations, to abandon their principles of liberty and freedom.

At the shift from information society to knowledge society, it’s not enough to just present the four freedoms of Free Software to the tomorrows system administrators and technoly adepts. Richard might be substantially right in his exposure of the principles of free software, while “Big Brother“, – as he calls it, – has ever since found new means of control. (Which are implemented into the todays information technology structures, without letting users know. Whereafter a large part of society argues “I’ve nothing to hide”!)
Richard seems to have become “commensurable” to a large audience, without being contradicted, without disruptive moments and “Etat de Siege“, which are needed to shake the public. – Literally!

Humankind has to understand that the dialectic rapidly has to change and that we’re not willing to be instrumentalised by capitalism. Culture is defined by self-determination, innovation, transparency, freedom and human rights. Richard, the whole free software and civil liberty society have to take the step to the next level and start to take back, 0wn and rule this planet!

[Update]

Recordig

This week Cory Doctorow gave a great talk about this (*sigh*) boring old issue of Freedom and Human Rights in the age of the knowledge society at the ACM Siggraph Conference in Vancouver.

For further reading:
EFF
Cory’s Blog

Anticensorship in the Network Infrastructure: Watch out for Telex.

Telex is a new approach to circumventing Internet censorship that is intended to help citizens of repressive governments freely access online services and information. The main idea behind Telex is to place anticensorship technology into the Internet’s core network infrastructure, through cooperation from large ISPs. Telex is markedly different from past anticensorship systems, making it easy to distribute and very difficult to detect and block.

What makes Telex different from previous approaches:

• Telex operates in the network infrastructure — at any ISP between the censor’s network and non-blocked portions of the Internet — rather than at network end points. This approach, which we call “end-to-middle” proxying, can make the system robust against countermeasures (such as blocking) by the censor.
• Telex focuses on avoiding detection by the censor. That is, it allows a user to circumvent a censor without alerting the censor to the act of circumvention. It complements services like Tor (which focus on hiding with whom the user is attempting to communicate instead of that that the user is attempting to have an anonymous conversation) rather than replacing them.
• Telex employs a form of deep-packet inspection — a technology sometimes used to censor communication — and repurposes it to circumvent censorship.
• Other systems require distributing secrets, such as encryption keys or IP addresses, to individual users. If the censor discovers these secrets, it can block the system. With Telex, there are no secrets that need to be communicated to users in advance, only the publicly available client software.
• Telex can provide a state-level response to state-level censorship. We envision that friendly countries would create incentives for ISPs to deploy Telex.