[kictanet] Fwd: [ke-internetusers] User Privacy (deliberately?) Compromised

Alex Gakuru alex.gakuru at yahoo.com
Fri Apr 13 11:18:38 EAT 2007 

I need user opinion on this issue. Could you kindly spare some time and comment either on or off line?  

TIA

Alex Gakuru <gakuru at gmail.com> wrote: Date: Fri, 13 Apr 2007 09:27:47 +0300
From: "Alex Gakuru" <gakuru at gmail.com>
To: ke-internetusers at bdix.net
Subject: [ke-internetusers] User Privacy (deliberately?) Compromised

 *** Any comments***

Identity Management Systems invade individual's privacy. Interception
of communication,
lawful or otherwise, is primarily used to gain "informed advantage"
and fore-warn law enforcement agencies to protect everyone, commercial
espionage, Intellectual property thefts, or sheer mischief, such as
embarrassing an online user, among others.

"Private censorship" is a far bigger and real problem that government
censorship considering technology users served by state-owned Telkom.
Privacy has never been a bigger issue that it is today.

For example, with 8 million subscribers but only 2.7 million internet
users in Kenya, how, if, when, and where did 7 million pre-paid
subscribers ever read website-posted terms of service? These terms are
repeated in broadcast advertisements as "terms and conditions apply"

Celtel  appears not to bother
posting their terms of service but several interesting clauses can be
read at Safaricom's pre-paid "contract" at
.



[Safaricom Pre-paid users "contract"]

f) Please note that the confidentiality of your communications via our
Network is not guaranteed. You are advised that for reasons beyond our
control, there is a risk that your communications may be unlawfully
intercepted or accessed by those other than the intended recipient. We
cannot accept any liability for any loss, injury or damage whether
direct or consequential arising out of any such compromise of
confidentiality;

g) You accept that we may disclose and/or receive and/or record any
details of your use of the Services including but not limited to your
calls, emails, SMS's, data, your personal information or documents
obtained from you for the purposes below:

i. Fraud prevention and law enforcement;

ii. For reasonable commercial purposes connected to your use of the
mobile service, such as marketing and research related activities;

iii. Use in our telephone directory enquiry service in printed or
electronic format;

iv. To comply with any legal, governmental or regulatory requirement;

v. Our lawyers in connection with any legal proceedings;

vi. In business practices including but not limited to quality
control, training and ensuring effective systems operation.

h) You must comply with any instructions that we may give you from
time to time about the use of the Services;

i) The maximum call duration for any one single call made using the
Services is approximately sixty (60) minutes.

j) With the exception of calls made to our Customer Service Hotline
numbers and to any other designated toll free numbers, a variable
minimum network access credit requirement shall be applied and shall
depend on the Tariff used by the Customer. 2 .

3. ACCEPTANCE AND COMMENCEMENT OF CONDITIONS OF USE

You are deemed to have accepted these Conditions of Use as amended
from time to time and which take effect:-

(a) Upon the Re-charge of your account at any time with any amount
using the designated recharge voucher or using any other approved
means of Re-charge ; or

(b) Upon your use of our Services or upon you accessing our Network at
any time; or

(c) Upon the initial activation of your SIM Card.3



The EU has perhaps more protection for privacy than in the U.S. The
Data Protection Directive of 1995 prohibits sharing of information
with any nation that does provide
adequate protection for personal data. In 1999 the U.S. Dept. of
Commerce worked
out a safe harbor regulation that has so far satisfied the EU.

FTC (US) has led govt. action to protect consumer privacy. FTC thinks
that web sites should adhere to the Five Fair Information Principles:

1. Notice/Awareness—right to be notified if someone is collecting
information about you
2. Choice/Consent—right to opt out of having information about you collected
3. Access/Participation—right to see files collected about you and
right to offer corrections
4. Integrity/Security—right to have personal files collected about you be secure
5. Enforcement/Redress—right to sue if any of the first four FIPs are violated

-------

[How Stuff Works] 
by Jeff Tyson

Carnivorous Evolution

Carnivore was the third generation of online-detection software used
by the FBI. While information about the first version has never been
disclosed, many believe that it was actually a readily available
commercial program called Etherpeek.

In 1997, the FBI deployed the second generation program, Omnivore.
According to information released by the FBI, Omnivore was designed to
look through e-mail traffic travelling over a specific Internet
service provider (ISP) and capture the e-mail from a targeted source,
saving it to a tape-backup drive or printing it in real-time. Omnivore
was retired in late 1999 in favor of a more comprehensive system, the
DragonWare Suite, which allowed the FBI to reconstruct e-mail
messages, downloaded files or even Web pages.

DragonWare contained three parts:

    * Carnivore - A Windows NT/2000-based system that captures the information
    * Packeteer - No official information released, but presumably an
application for reassembling packets into cohesive messages or Web
pages
    * Coolminer - No official information released, but presumably an
application for extrapolating and analyzing data found in the messages

As you can see, officials never released much information about the
DragonWare Suite, nothing about Packeteer and Coolminer and very
little detailed information about Carnivore. But we do know that
Carnivore was basically a packet sniffer, a technology that is quite
common and has been around for a while.

Packet Sniffing
Computer network administrators have used packet sniffers for years to
monitor their networks and perform diagnostic tests or troubleshoot
problems. Essentially, a packet sniffer is a program that can see all
of the information passing over the network it is connected to. As
data streams back and forth on the network, the program looks at, or
"sniffs," each packet.

Normally, a computer only looks at packets addressed to it and ignores
the rest of the traffic on the network. When a packet sniffer is set
up on a computer, the sniffer's network interface is set to
promiscuous mode. This means that it is looking at everything that
comes through. The amount of traffic largely depends on the location
of the computer in the network. A client system out on an isolated
branch of the network sees only a small segment of the network
traffic, while the main domain server sees almost all of it.

A packet sniffer can usually be set up in one of two ways:

    * Unfiltered - Captures all of the packets
    * Filtered - Captures only those packets containing specific data elements

Packets that contain targeted data are copied as they pass through.
The program stores the copies in memory or on a hard drive, depending
on the program's configuration. These copies can then be analyzed
carefully for specific information or patterns.

When you connect to the Internet, you are joining a network maintained
by your ISP. The ISP's network communicates with other networks
maintained by other ISPs to form the foundation of the Internet. A
packet sniffer located at one of the servers of your ISP would
potentially be able to monitor all of your online activities, such as:

    * Which Web sites you visit
    * What you look at on the site
    * Whom you send e-mail to
    * What's in the e-mail you send
    * What you download from a site
    * What streaming events you use, such as audio, video and Internet telephony
    * Who visits your site (if you have a Web site)

In fact, many ISPs use packet sniffers as diagnostic tools. Also, a
lot of ISPs maintain copies of data, such as e-mail, as part of their
back-up systems. Carnivore and its sister programs were a
controversial step forward for the FBI, but they were not new
technology.


----

Alex Gakuru

_______________________________________________
ke-internetusers mailing list
ke-internetusers at bdix.net
http://www.bdix.net/mailman/listinfo/ke-internetusers


       
---------------------------------
Ahhh...imagining that irresistible "new car" smell?
 Check outnew cars at Yahoo! Autos.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20070413/1739bcca/attachment.htm>

More information about the KICTANet mailing list