Proceeds of images, videos and the website itself will be used in fabricating customized bike racks. We initially plan to make 100 of these, so we can donate it to places where every biker needs it.

Wednesday, October 3, 2012

More Cybercrime Prevention Act FAQ

This is an article written by Rad Basa in Facebook. 

(http://www.facebook.com/photo.php?fbid=4657935295955&set=p.4657935295955)



Although much emphasis is placed on the inclusion of libel in RA 10175, I am more concerned with Chapter 4, in particular Sec 12 which says:

"
SEC. 12. Real-Time Collection of Traffic Data. — Law enforcement authorities, with due cause, shall be authorized to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means

of a computer system.

Traffic data refer only to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities.

All other data to be collected or seized or disclosed will require a court warrant.

Service providers are required to cooperate and assist law enforcement authorities in the collection or recording of the above-stated information.
"

To the layperson this may seem benign and, even, justifiable. However, to someone from within the industry such as myself, this is very scary. First, because Sec 12 cannot be implemented. I say this because you cannot gather communication data without getting the content as well.

This very broad and loose clause is very open to abuse by the government. A simple "suspicion of malice" has the potential to intrude upon your rights to privacy. They can do fishing expeditions listening in to your data, and when they find something, they ask the courts for a warrant.

Let me explain. Upon order by the DOJ, law enforcement authorities can and will listen in to your data communications without need for a warrant. The law says they cannot look at the content. But this is not entirely accurate. They will be using a packet sniffer to do this. A packet sniffer will reveal all, including the content. The photo I attached is a screen capture of a packet sniffing tool.

(I will be trying to explain this to laypeople, and so will be leaving out many technical things. I acknowledge the danger of oversimplification.)

Data transmission is done in packets. A packet will contain: origin, destination, message type, message length, and content, among others. Although to us humans, a packet may seem like a discrete unit of communications, to the computer it isn't. It is one continuous stream of data, one packet after another. The only way of separating one packet from another is looking at the packet information which will tell you how long the packet is. You then measure the length of the packet to get to the start of the next packet. And to be able to measure something, you need to have it with you. In other words, you will need the entire packet, including the contents, to do this.

In the photo, the upper pane is a list of all the packets my computer has received and transmitted.

The left pane describes, in human readable format, all the contents of the packet. In this case, this is a web page, or part of one. The source, destination, and message information is listed in easy to an read format. The highlighted "Hypertext Transfer Protocol" and the "Line-based text data: text/html" is the content. The authorities are not supposed to look inside these. But a simple mouse click, expands those entries and reveals all the content.

The right pane is the packet in raw computer format. To the far right is, again, a human-readable format of this raw data. I have arbitrarily scrolled down to illustrate that it is easy to see what I have been reading. And as I have said earlier, a packet sniffer gathers sent and received data. My transmissions can just as easily be read by law enforcement authorities who have been given orders by the DOJ.

This particular packet sniffer also has "Find" capabilities which will make looking into your data comms easier.

I will leave it to your imagination what a government can do with this power.

No comments:

Post a Comment