First of all I have no idea if VSNL does what 'Saswata Banerjee & Associates' pointed out in his last email to this list.
But I think its not legal to do that(even if email has virus). Because I think email should not be scanned(even if by a 'DUMB' program) without permission of sender or receiver. As most of emails do not have virus and may be official emails and it would be considered as intrusion to someones privacy. Would like others opinion. Thanks.
Amish.
Saswata Banerjee & Associates wrote:
An interesting thing I have noticed recently is that vsnl servers are
scanning outgoing emails for virus affected attachement and deleting them. I
Amish,
I am not an expert on such things, but I have sent along another mail, which contains virus affected emails I have received through / from vsnl servers and if you look at the text file, you will see that vsnl has written that there was a virus in the file and so they have deleted the "login file" (whatever that means).
Please let me know if my analysis the email headers is correct.
Regards Saswata ----- Original Message ----- From: "Amish Mehta" amish@ownmail.com To: linuxers@mm.ilug-bom.org.in Sent: Thursday, October 10, 2002 9:24 PM Subject: [ILUG-BOM] [OT] vsnl & virus scan
First of all I have no idea if VSNL does what 'Saswata Banerjee & Associates' pointed out in his last email to this list.
But I think its not legal to do that(even if email has virus). Because I think email should not be scanned(even if by a 'DUMB' program) without permission of sender or receiver. As most of emails do not have virus and may be official emails and it would be considered as intrusion to someones privacy. Would like others opinion. Thanks.
Amish.
Saswata Banerjee & Associates wrote:
An interesting thing I have noticed recently is that vsnl servers are
scanning outgoing emails for virus affected attachement and deleting
them. I
Legality issue : Not only is it legal for vsnl to run dumb or intellegent antivirus scanner software at the sever, but the current law also allows them and the government agencies to read any email comming through the sever, as a part of "security" measures.
Remeber, even in a privacy concerned place like usa, the government runs software like carnivore, which scanns every email going through the usa internet backbone and use it for intellegency and counter-intellegency matters. So, if, for example, you have your emial server in USA, every one of your emails, to whoever they may be addressed, is scanned by a highly intellegent softwaere, and if considered of interest, a copy of the same is forwarded to CIA / FBI for reading and analysing.
(I dont know where ilug server is, but if it is in usa, with the word carnivore in it, it will be picked up by the software for detailed reading)
Regards Saswata ----- Original Message ----- From: "Amish Mehta" amish@ownmail.com To: linuxers@mm.ilug-bom.org.in Sent: Thursday, October 10, 2002 9:24 PM Subject: [ILUG-BOM] [OT] vsnl & virus scan
First of all I have no idea if VSNL does what 'Saswata Banerjee & Associates' pointed out in his last email to this list.
But I think its not legal to do that(even if email has virus). Because I think email should not be scanned(even if by a 'DUMB' program) without permission of sender or receiver. As most of emails do not have virus and may be official emails and it would be considered as intrusion to someones privacy. Would like others opinion. Thanks.
Amish.
Saswata Banerjee & Associates wrote:
An interesting thing I have noticed recently is that vsnl servers are
scanning outgoing emails for virus affected attachement and deleting
them. I
On Fri, 11 Oct 2002, Saswata Banerjee & Associates wrote:
intellegent softwaere, and if considered of interest, a copy of the same is forwarded to CIA / FBI for reading and analysing.
Probably the NSA.
(I dont know where ilug server is, but if it is in usa, with the word carnivore in it, it will be picked up by the software for detailed
the .in part of the domain says that it *must* be in India.
for those who want to get more specific, it's in Mankhurd.
----- Original Message ----- From: "Philip S Tellis" philip@konark.ncst.ernet.in To: linuxers@mm.ilug-bom.org.in Sent: Friday, October 11, 2002 10:19 AM Subject: Re: [ILUG-BOM] [OT] vsnl & virus scan
On Fri, 11 Oct 2002, Saswata Banerjee & Associates wrote:
intellegent softwaere, and if considered of interest, a copy of the same is forwarded to CIA / FBI for reading and analysing.
Probably the NSA.
(I dont know where ilug server is, but if it is in usa, with the word carnivore in it, it will be picked up by the software for detailed
the .in part of the domain says that it *must* be in India.
Oops !!! Sorry, it was stupid of me to miss that
SB
for those who want to get more specific, it's in Mankhurd.
-- History books which contain no lies are extremely dull.
Carnivore is the software being used by the FBI in usa, which goes through all emails going through each and every gateway on the usa internet backbone. The software is designed to scan the details of the email and based on specific words and phases, identify emails which may contain information regarding any possible threat to "national security", etc.
Somehow the existance of such a software has now become public knowlege in usa and has been the source of a lot of critisism there.
Since we have some ilug members in usa, all our emails go through the same system.
And for those of you who have been harping on crypto tools, please remember that the govt of usa is given a key for every crypto system that is developed and sold in usa and abroad by US companies. So, the can very easily read even your so called encrypted emails. Futher, the strongest crypto available is a 128 bit key, which given the amount of computing power available with US Govt agencies, cracking the code even by brute force methods is not difficult.
For more details of carnivore : http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2663323,00.html http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2657115,00.html http://www.usdoj.gov/jmd/publications/carniv_entry.htm
Regards Saswata ----- Original Message ----- From: "Amol Hatwar" rollacosta@phreaker.net To: linuxers@mm.ilug-bom.org.in Sent: Friday, October 11, 2002 9:00 PM Subject: Re: [ILUG-BOM] [OT] vsnl & virus scan
carnivore in it, it will be picked up by the software for detailed
carnivore...? what carnivore... its DC1000 :).
Regards,
Amol Hatwar.
Carnivore is the software being used by the FBI in usa, which goes through all emails going through each and every gateway on the usa internet backbone. The software is designed to scan the details of the email and based on specific words and phases, identify emails which may contain information regarding any possible threat to "national security", etc.
*snip*
The word Carnivore is slang... the software and the boxes that handle this is now called DCS1000.
Again, one can always debate about the capabilities of the NSA and other agencies that deal with security enforcement... but I think what counts is the ability to handle volumes, and pin-point threats in real-time.
Trust me, such capabilities are a long way off even now.
Regards,
Amol Hatwar.
On 12/10/02 08:39 +0530, Saswata Banerjee & Associates wrote:
And for those of you who have been harping on crypto tools, please remember that the govt of usa is given a key for every crypto system that is developed and sold in usa and abroad by US companies. So, the can very
Proof? The really good tools provide you with your own source. Of course, you need to then trust the compiler, and the hardware. Decide on what is acceptable to you.
easily read even your so called encrypted emails. Futher, the strongest crypto available is a 128 bit key, which given the amount of computing power available with US Govt agencies, cracking the code even by brute force methods is not difficult.
Ummm, I'll wait for this. Symmetric crypto is strong, and I'll believe someone with a reputation in the cryptographic field rather than you. if you are referring to asymmetric crypto (as in https), then the 128 bit refers to the strength of the session key. Earlier this used to be 56 bits, but is now allowed to be 128 bits. How long this will take to crack, even with quantum computers is pretty much a FAQ.
Yes, carnivore like technologies exist, and are deployed in India as well. The government requires that all international access be tapped. If you don't like this, use strong crypto. Setup TLS on your SMTP systems and use GPG/PGP for backup security. Run ipsec all over the place. This is expensive on the CPU, but modern processors should be able to handle it.
Devdas Bhagat
At 07:23 morn 10/11/02 +0530, SSB wrote:
Legality issue : Not only is it legal for vsnl to run dumb or intellegent antivirus scanner software at the sever, but the current law also allows them and the government agencies to read any email comming through the sever, as a part of "security" measures.
The govt. agencies, I have not doubt, will scan/tap/eavesdrop with or without permission. But I would like to know how VSNL gets the legal right. If they do have a legal right then this is an issue which we have to bring up. It is absolutely unethical to scan private messages. The virus is the problem of the users, not VSNL.
Remeber, even in a privacy concerned place like usa, the government runs software like carnivore, which scanns every email going through the usa internet backbone and use it for intellegency and counter-intellegency matters.
Please! The FBI & NSA & the CIA and for that matter all "agencies" worldwide to a /lot/ of cloak & dagger stuff. "Legal" issues, I am convinced, do not matter to them. VSNL does /not/ fall into that category. What you are talking about is analogous to MTNL taping phones. MTNL does not tap phones - it facilitates the "agencies" in doing so.
quasi
On Fri, 11 Oct 2002, q u a s i wrote:
without permission. But I would like to know how VSNL gets the legal right. If they do have a legal right then this is an issue which we have
VSNL owns the network. You need to read the service agreement a little closer.
On 11/10/02 07:23 +0530, Saswata Banerjee & Associates wrote:
Legality issue : Not only is it legal for vsnl to run dumb or intellegent antivirus scanner software at the sever, but the current law also allows them and the government agencies to read any email comming through the sever, as a part of "security" measures.
Ummm, think of virus scanning and spam filtering as defensive issues. Also, the VSNL servers are their property and they can do what they want on those servers. Given that spam can really be fought effectively at the ISP level, and not at the individual level, you have to fight it there. [Spam costs the ISP in network bandwidth, in storage space and administratve overhead. Dropping spam before it gets to the mail server is the right thing(tm) to do (1). Allowing mail to come in and then tagging it as spam is just administrative and system overhead. Virus filtering is required for all those idiots who allow their systems to be infected (2) by the viruses because they are too cheap to update their antivirus subscriptions. Saves bandwidth for the end user, and prevents others from getting infected. (1)]
Remeber, even in a privacy concerned place like usa, the government runs software like carnivore, which scanns every email going through the usa
All the more reason to use crypto. Use gpg and/or TLS.
Devdas Bhagat
(1) It can be upto 5% of bandwidth that gets saved for a small ISP, so VSNL wil probably get a much bigger saving, even upto 10%. (2) You can get upto 1000 mails/day from an infected machine, each of about 50-100 kb. Multiply by the number of infected machines. (3) If you don't like what your ISP does, get yourself a domain and run your own server. Don't use your ISPs SMTP/POP/IMAP server at all.
On Fri, 11 Oct 2002, Devdas Bhagat wrote:
[Spam costs the ISP in network bandwidth, in storage space and administratve overhead. Dropping spam before it gets to the mail server
well said, except...
is the right thing(tm) to do (1). Allowing mail to come in and then
That would be the "Right Thing (TM)"
On Thu, 10 Oct 2002, Amish Mehta wrote:
But I think its not legal to do that(even if email has virus). Because I think email should not be scanned(even if by a 'DUMB' program) without permission of sender or receiver.
Well, just because you think it shouldn't, does not make it illegal.
VSNL (and all ESPs for that matter) has no legal obligation to *not* look at your email. They are well with their rights to do anything they want with your email, including modifying the contents completely.
If you don't like that, encrypt and sign your mail.
Philip
-
Amish Mehta -
Amol Hatwar -
Devdas Bhagat -
Philip S Tellis -
q u a s i -
Saswata Banerjee & Associates