[Infowarrior] - More on...Senator: Let's monitor all P2P for illegal files

Richard Forno rforno at infowarrior.org
Thu Apr 17 20:20:55 UTC 2008


------ Forwarded Message

From: Rich K

This is a disaster-in-the-making.  Estimates of how many compromised
systems are out there vary (recently, Rick Wesson of Support Intelligence
posited 40%, which is about 320M, and I think that's on the high side)
but I think there's rough consensus that it's on the order of 100M.

The new owners of those systems are quite capable of causing them
to engage in P2P traffic explicity designed to trip these proposed
sensors.  They're also capable of making sure that when the doors
of innocent people are kicked down in pre-dawn raids by heavily
armed law enforcement agents, that the evidence they're looking for
will be waiting for them on the disk drives of those systems.

Do you think that any judge or jury anywhere in the United States
is savvy enough about malware, botnets, etc. to understand all
this and see that it creates much more than reasonable doubt?
It sure didn't turn out well for Julie Amero, and that was a
slam-dunk obvious case of ordinary porn adware infesting a system
that was crawling with all kinds of malware.

This is also why the FBI's entrapment strategy:

 FBI posts fake hyperlinks to snare child porn suspects
 http://www.news.com/8301-13578_3-9899151-38.html?tag=nefd.pop

is fatally flawed: the new owners of all those hijacked systems can
quite easily trip that sensor as well, in fact that one's REALLY easy:
it's probably only a matter of time until some Windows virus du jour
includes a hardcoded list of those and hits them.

On the other hand, it's reasonable to surmise that actual child
pornographers out there are careful enough, savvy enough, and paranoid
enough to avoid making obvious mistakes in file naming, to use
encryption, and to take considerable pains to ensure that their
systems aren't infested by malware.

Which means that the most likely outcome of this project will be
the arrest and conviction of any number of completely innocent
people, while the actual targets are unlikely to be caught.

And arrest alone is enough to destroy someone's life:

 I was falsely branded a paedophile
 http://news.bbc.co.uk/2/hi/uk_news/magazine/7326736.stm

This just isn't going to work, it will piss away a billion dollars,
and it will put innocent people in prison.




More information about the Infowarrior mailing list