http://biz.yahoo.com/bw/991019/il_1on1mai_1.html

Tuesday October 19, 4:59 pm Eastern Time

Company Press Release

Online Privacy Expert Rips New Clinton Internet Security Policy

CHICAGO--(BUSINESS WIRE)--Oct. 19, 1999--

1on1Mail.com CEO Leo Scheiner Warns Pending Cyberspace Electronic

Security Act Allows FBI Unlimited Access to Private E-mails, Circumventing Fourth Amendment Search and Seizure Standards; Recommends Avoiding Systems With Third Party Keys Which Under the Legislation Would be Made Available to Law Enforcement Agencies

Be afraid. Be very afraid.

The line may remind you of a horror film from the recent past, but if online privacy expert Leo Scheiner is correct it may also apply to online horrors in the not-so-distant future.

``How would you like the FBI to have a key to unlock any of your e-mails to read at their discretion?'' Scheiner is referring to the pending Cyberspace Electronic Security Act, which he warns would give the FBI the keys to unlock private, encrypted e-mails at will and without having first to obtain a search warrant. The Act is written so as to circumvent fourth amendment search and seizure standards, he explains. ``This is 1984 `Big Brother is watching you' stuff. It isn't just the FBI I am concerned about. You can be sure that once this loophole is in place, others will find ways to abuse this back door into e-mail.''

The new legislation has attracted controversy in high-tech encryption circles, according to Scheiner, but he fears that the e-mail-using population at large is unaware of the privacy breach that is about to occur: ``The Clinton Administration has been trumpeting their plans to end the ban on the overseas sale and distribution of strong encryption products by Dec. 15th, which makes them appear suddenly as privacy champions, but this is largely a smokescreen. Simultaneously, and for the first time ever, third party keys to unlock private e-mails will be made available to law enforcement agencies for unlimited use in surveillance.''

Scheiner has a vested interest in awareness of the danger of these third party keys, of course. His UK-based 1on1Mail.com free e-mail software was designed with this day in mind. The 1on1Mail.com system operates so that any two users generate their own shared keys for a particular transmission, making third party break-in keys an impossibility. 1on1Mail.com made headlines last month with the unveiling of its ``self-destructing e-mail'' technology, which allows a sender to set a time period after which an e-mail will disappear from the recipient's hard drive without a trace, but Clinton's new policy is helping to highlight the less snazzy, but more privacy-crucial, feature of user-only keys.

Not surprisingly, corporations have been quick to look for methods to assure e-mail privacy in light of the pending legislation. 1on1Mail.com recently announced a strategic alliance with NetNames.com, the industry leading global domain name registry, calling for 1on1Mail.com to create a custom NetNames version of the technology which encrypts e-mail and all attachments with user-only keys at an unbreakable Military level of 4096 bits. This will provide NetNames' clients free encrypted e-mail transmission over a secure NetNames Channel which cannot be reached by the third party keys soon to be used by law enforcement agencies. NetNames will also bundle the technology as added value to its global domain name registry package.

1on1Mail.com CEO Leo Scheiner believes the new partnering strategy will position 1on1Mail.com technology as the antidote not only to the FBI holding third party keys but also to free web-based e-mail privacy vulnerabilities highlighted by the recent Hotmail hacking: ``After the Hotmail fiasco, the hundreds of millions who regularly use web-based e-mail want to know if their messages are safe, and what their options are to assure privacy in the future. Our strategic partners are able to guarantee their visitors that anything they send over their secure channel will only be able to be read by the intended recipient precisely because it is a stand-alone, custom channel, not a repository on the web that anyone can hack into.''

-- Helium (Heliumavid@yahoo.com), October 20, 1999

Answers

Just "assume" anyone can and then forget about it. (At the personal communications level).

That said... it's all pretty weasel-like.

*Grrr*

Diane

-- Diane J. Squire (sacredspaces@yahoo.com), October 20, 1999.

Who wants to read my email? Who wants to read your email? Yawn.

-- Lars (lars@indy.net), October 20, 1999.

Big Brother *ucks his mother. (Substitute "s" or "f" for "*")

-- A (A@AisA.com), October 20, 1999.

Enslavement of a population proceeds by increments.

The noose is tightening.

Will we wake up in time to save our necks?

This is the question of the millennium.

Liberty

-- Liberty (liberty@theready.now), October 20, 1999.

As I recall, the phone companies have had easedropping abilities similair to this for years. This is just an expanded version since we have entered the digital age... Anybody have a problem with the phone company??

-- y2k dave (xsdaa111@hotmail.com), October 20, 1999.

y2k dave says:

"Yeah, we're watchin' ya. Youse gotta problem wid dat?"

Liberty

-- Liberty (liberty@theready.now), October 20, 1999.

In a letter to me from the USDJ Public
Affairs Director:

"We understand that electronic surveillance
in anathema to a significant number of people.
In a perfect world, it would not be necessary.
But, so long as our democratic society has
elected to employ approprately limited electronic
surveillance, it is imperative that the capability
remain intact."

PGP rules!

-- spider (spider0@usa.net), October 20, 1999.

Spider,

Be sure to use the INTERNATIONAL version of PGP, the 2.0 (or 2.3?) - it's the earlier version. Subsequent versions, available in the U.S., are engineered to be crackable.

Another thanks and tip o' the hat to Evil Bastards, Inc..

Liberty

-- Liberty (liberty@theready.now), October 20, 1999.

Lars, Lars...you missed the whole point! Our e-mails may be boring - yawn - but they are OUR E-MAILS, just like the USPS mail we send is OUR MAIL. There is a federal law against tampering with the US Mail. You ask who wants to read it? Apparently Big Brother does...especially if it has any of those "naughty words" we've been asked to type out tomorrow to thwart intruders from Eschelon. Whoops! That's one of the words....

-- Elaine Seavey (Gods1sheep@aol.com), October 20, 1999.

Liberty,

according to Phil Zimmerman, author of PGP, the latest version of PGP (6.5.1) is as secure as the previous ones. I cut/pasted this quote from the doc titled "Phil Zimmerman on PGP" in the manual that comes with PGP Freeware.

"One more point about my commitment to cryptographic quality in PGP: Since I first developed and released PGP for free in 1991, I spent three years under criminal investigation by U.S. Customs for PGPs spread overseas, with risk of criminal prosecution and years of imprisonment. By the way, you didnt see the government getting upset about other cryptographic softwareits PGP that really set them off. What does that tell you about the strength of PGP? I have earned my reputation on the cryptographic integrity of my products. I will not betray my commitment to our right to privacy, for which I have risked my freedom. Im not about to allow a product with my name on it to have any secret back doors."

The entire document is a must read for all PGP users.

-- (not@now.com), October 20, 1999.

Correction, I should have said: The entire document is a must read for all ENCRYPTION software users.

-- (not@now.com), October 20, 1999.

H-bomb plutonium suitcase bomb Iran Iraq agent target Washington subversive pay-off money dollars assassination code trigger components Moscow Bagdad secret drop safe house revolutionary guard oil line world trade center new york key mole $ million dollars bio- agent ebola virus vials bug bio-warfare great satan capitalist running pigs imperialists vince foster Allah moslem russian sales arms highest bidder nuclear warheads clinton spy secrets cia nsa for sale rubles gold $100 bills drug cocaine columbian crack kilo shipment boat plane dealer customs dea launder cash off shore accounts numbered swiss bank account transaction central bank gold usa president prime minister congress death threat industrial espionage vital trade secrets...............................................

-- anon because the fbi will burn my house (inthedark@bunker.net), October 20, 1999.

Don't blame me. I voted Libertarian.

-- Berry Picker (BerryPicking@yahoo.com), October 20, 1999.

Why not just use the earlier version? I don't know anything about Phil Zimmerman, or what his relationship with the NSA might be, and I never will, with certainty. Why risk your data if there's any doubt?

I thank him - I honor him - for his contribution to personal privacy, and simply choose to use the safer version, despite his assurances, which may, somehow, be genuine. I've just been warned away from later versions on good authority.

Liberty

-- Liberty (liberty@theready.now), October 20, 1999.

Liberty,

I'm just poor folk and I don't care if the gov watches me. i'm as clean as the day I was born and it took most of my life to get this way. If they want to come over and talk awhile, I'll let them in and offer them something to drink.

-- y2k dave (xsdaa111@hotmail.com), October 20, 1999.

Any techies out there?

I am admittedly the opposite of a tech head when it comes to computers, so I wonder if anyone could enlighten me about what is probably a very stupid question.

Is it possible that if you segment your hard drive, or use 2 seperate hard drives that you could effectively limit this type of intrusion?

In other words, if I install my browser and perform all Internet activity on say, the default hard drive "C", would they still be able to look at stuff that is stored on a completely seperate hard drive "D"?

-- @ (@@@.@), October 20, 1999.

I've been an advocate of PGP since the beginning. (Even contributed to Phil Zimmerman's defense fund once.) PGP might not be the best, but it's Pretty Good. [snicker]

At any rate, the most recent freeware international version of PGPi's download page is here so pick a suitable locale and grab it. It's about 6 megs so make sure you're prepared for the download if on a slow connection.

Since this is being imported into the U.S., I wonder if they can legally fuss about sending it back out of the U.S. I expect they probably can, but since one can download it oneself who cares?

If everybody wants to REALLY annoy the goobermunt, someone shoudl form a grassroots privacy push and try to get every E-mail user in the U.S. to download and use PGP to encrypt -all- E-mail, regardless of its significance. Use the needle in a haystack approach to the intrusion idea.

-- OddOne (mocklamer_1999@yahoo.com), October 20, 1999.

@...

A decent intrusion system would by virtue of necessity have to be able to access all hard drives on the system being targeted. Drive letters are irrelevant. Case in point: Back Orifice, which could be planted on a machine and give a remote user total control over the machine, including access to all drives and all data on them.

Encryption is starting to look better and better...

-- OddOne (mocklamer_1999@yahoo.com), October 20, 1999.

Thanks Odd One,

So there is no way to boot up only one hard drive at a time and let the other lie inactive, or in essence have two computers in one?

-- @ (@@@.@), October 20, 1999.

Buy a ZIP drive, install it, and then generate a CLEAN OS on the zip drive (CLEAN copy WIN, DOS, etc.) then boot to the ZIP drive and run from there, removing the cartridge when you are done, saving everything to either the ZIP or a removable Super Floppy (the 108Meg ones).

Night train

-- jes a slippery ol footballer (nighttr@in.lane), October 21, 1999.

Thanks footballer, I have a zip drive so I could do it that way. So the intrusive system actually incorporates right into the OS unless you have an OS on an external drive? Very sneaky. Thanks for the help.

-- @ (@@@.@), October 21, 1999.