[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cypherpunks
Subject:    Europaen Cybercrime Convention
From:       Eugen Leitl <eugen () leitl ! org>
Date:       2007-11-25 11:49:28
Message-ID: 20071125114927.GL4005 () leitl ! org
[Download RAW message or body]

----- Forwarded message from "TOR Admin (gpfTOR1)" <tor-admin@privacyfoundation.de> -----

From: "TOR Admin (gpfTOR1)" <tor-admin@privacyfoundation.de>
Date: Sun, 25 Nov 2007 12:47:01 +0100
To: or-talk@freehaven.net
Subject: Europaen Cybercrime Convention
User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728)
Reply-To: or-talk@freehaven.net

Hi onion guys,

we want to write about a few points of the European Cybercrime
Convention, which became real by law in Germany last time.

Sorry - we didnt read the or-talk very carefully last time. May be, it
was always discussed here.

By the European Cybercrime Convention anon servers are something like
telephone providers. The following is important because of this fact:

 1: data retention (was discussed here, in Germany real by '113 StPO)

 2: Realtime surveillance by European Cybercrime Convention (article 20)
    The traffic data (not the traffic itself) has to be provided for the
    governments and secret services in REALTIME by a defined interface.
    Anon servers have to provide all data, which have to be logged in
    realtime too! Admins of anon servers have to cooperate.

    (In Germany this is real by the new ' 100g StPO, the realtime
     surveillance can run for up to 3 days without asking a judge.)

 3: Online-searching of servers by European Cybercrime Convention:
    An online searching (Online-Durchsuchung) of an anon server may be
    run before investigation to save relevant data, which may be not
    accessible after investigation. This online searching depends not on
    the cooperation of the admins and may be reached by repressions.

    (In Germany this is real by the new ' 110 (3) StPO.)

Thanks to K. Raven for feature out this new laws.

For point 3 we recommend to be prepared. It may be possible to create a
high secured account with only read access to relevant data and no read
access to any important key. If someone login with this account, it may
be possible to run several actions.

If the situation appears, you may decide, what you want to do (give them
the account data or take the repressions). But you will not have the
time to create such an account carefully.

Can anyone write a shot tutorial for creation of a high secured
only-read-account?

Greetings

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
[prev in list] [next in list] [prev in thread] [next in thread]