[Cryptography] ISPs caught in STARTTLS downgrade attacks

Fri Nov 14 00:47:33 EST 2014

On Thu, 13 Nov 2014, grarpamp wrote:

> > that can provide the practical privacy of a paper letter in a paper 
> > envelope.
> 
> No!, there is no privacy there whatsoever.
> 1) All addressing/envelope info is recorded/imaged at the processing
> facility, tracked, stored forever, and shared with adversaries.
> 2) Users are similarly imaged and linked via payments at drop off
> and pick up.
> 3) It's not encrypted.
> 4) The user has to trust untrustworthy entities with 1, 2 and 3.

Funny you should say that; it seems Australia Post has come clean:

http://www.smh.com.au/national/australia-post-data-shows-more-mail-being-accessed-by-government-agencies-20141113-11lp0h.html

(You may need to be a subscriber)

Australia Post data shows more mail being accessed by government agencies

Australia Post disclosed confidential information to law enforcement, 
security and other government agencies more than 10,000 times in 2013-14, 
an increase of 25 per cent over the past four years.

According to statistics released by the postal corporation, "specially 
protected" information, which includes information about letters and 
parcels and other private client information was provided to government 
agencies by Australia Post on 5635 occasions – more than twice the number 
four years ago.

Federal government investigators accessing specially protected information 
include the Australian Federal Police, the Australian Crime Commission, 
the Department of Immigration and Border Protection, the Australian 
Customs Service, the Australian Taxation Office, Centrelink, Medicare and 
the Child Support Agency.

Victorian and Queensland police as well as the NSW Crime Commission and 
the Western Australian Corruption and Crime Commission also received such 
private information.

Postal information that is not "specially protected", including names and 
addresses on the outside of letters and parcels, was disclosed by 
Australia Post on another 4367 occasions.

Government agencies accessing this postal "metadata" include the 
Australian Securities and Investments Commission, the Australian 
Communications and Media Authority, and the federal departments of 
agriculture, environment, defence, foreign affairs and trade, health and 
ageing.

State police and anti-corruption agencies, state revenue offices, consumer 
affairs, workplace and environmental regulators as well as the RSPCA also 
accessed the information.

An Australia Post spokesperson said the corporation only discloses 
information to authorised agencies "under a law of the Commonwealth, or 
for the enforcement of criminal law, or for enforcement of a law imposing 
a pecuniary penalty, or the protection of the public revenue".

The spokesperson emphasised information is disclosed "only after the 
'authorised agency' requesting the information from us establishes that 
the information is reasonably required for … lawful purposes".

The total of 10,002 disclosures in 2013-14 was 5 per cent higher than in 
the previous year, despite a 4.8 per cent decline in the volume of letters 
delivered by Australia Post.

Only 19 disclosures of postal information were made to the Australian 
Security Intelligence Organisation.  This figure for 2013-14 is down from 
31 disclosures in the previous year and is the lowest in a decade.

Australia Post's statistics show ASIO's access to postal information 
peaked in 2005-06 and 2006-07, with 117 and 226 disclosures respectively, 
a period that covered major counter-terrorism investigations in Victoria 
and New South Wales.

ASIO must obtain a warrant from the Attorney-General to seek any postal 
information from Australia Post.  Although the 2013-14 disclosure 
statistics precede the recent surge in counter-terrorism operations 
focused on supporters of the so-called Islamic State, the figures do 
suggest that ASIO's investigations target quite small numbers of people.

However, the Australia Post statistics also show that despite consistent 
declines in mail volume, confidential postal information is increasingly 
accessed by police, by government agencies enforcing laws that impose 
financial penalties and for "the protection of the public revenue".

-- 
Dave Horsfall DTM (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)