13 June 2012 Communications Privacy Folly Related: 0415.pdf US-Mexico Communications Spying Solicitation June 12, 2012 Lisa Brownlee writes: I would greatly appreciate your comment on this: ssrn.com/abstract=2035417 [Excerpt] NINTH PRELIMINARY DRAFT FOR ANY/ALL DISTRIBUTION/PUBLIC POSTING National Human Rights Commission  Mexico (CNDH) Copies  Federales, Telmex, others LISA M. BROWNLEE, ESQ. Mexico 25 April 2012 Re: Mexico law revisions  Warrantless Real-time Cell phone Geolocation Data Surveillance  Parliamentary Gazette Volume X, Number 3455-II, Tuesday, February 21, 2012 (hereinafter LeyGeolocalización MX) This memo sets forth my opinion on LeyGeolocalización MX, as experienced privacy, technology/digital rights legal scholar and practitioner, expatriate resident Mexico. My credentials are provided here. I will be publishing my conclusions in an article to be published next week by Bureau of National Affairs (BNA) E-Commerce Law Report, which will receive international distribution and, we anticipate, press coverage. A press conference to present my findings will be held in coordination with the weekly press conferences held by Dr. Eduardo Daniel Jiménez González, Abogado Ambassador, International Lawyer, affiliations Harvard, UNAM, Georgetown, Johns Hopkins. Cryptome comments: 1. Due to the transmission technology of cellphone systems, like the that of the Internet, there is not likely to be a means to prevent geolocation and user data from being accessed by unauthorized parties. 2. At best there will be legal protections which cannot be technologically fulfilled. 3. It has become common to enact legal programs with promises of digital data protection and privacy which mislead about technological capabilities. 4. Operators of communication systems are aware of the impossibility of technological protection to fulfill legal requirements but join in the deception in order to falsely assure customers, officials and watchdogs that protection is possible. 5. Operators of communication systems work in concert with governments to allow access beyond what is legislated, in accord with long-standing practices worldwide. 6. Operators of communication systems also permit access to the systems by third parties under contract provisions which are customarily revealed only in part to users, and in somes cases only in part to officials. 7. Most communications sytems are privately owned and operated for profit, even those ostensibly owned by governments. Information about these systems is closely guarded against outside parties learning about the systems' capabilities, including governments, and in many cases, third parties who may not know in full how their participation is used by the system operators. 8. Deception about communication systems is fundamental to guarding information about the systems from competitors, governments, third parties, rogue employeess, spies and criminals, many of who work in concert, competition and deception. 9. Every communication system is a spying system. Digital systems are far easier to penetrate than analogue systems and thus much easier to use for spying. 10. Deception about digital systems is fundamental to their carefully guarded operation, marketing and minimization of liability. 11. Every manufacturer of communication systems equipment is capable of being penetrated, corrupted and bribed. Undiscovered covert attacks are most lethal to the manufacturer's survival; discovered attacks are most often concealed, denies, lied about, used against competitors, secretly sold as products by the manufacturer, by their rogue employees, by inside spies of competitors. Deception about successful attacks is fundamental to the systems' operation. 12. The only protection against communication systems is to avoid their use. Protections of promises of encryption, proxy use, Tor-like anonymity and "military-grade" comsec technology are magic acts -- ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy. 13. Avoidance of communication systems does not eliminate the exploitation of data already collected, manufacture of false data, targeting of those who avoid the systems, planting concealed tracking devices on a person, using others to track a person. This is the short version of why there can be no solution to preventing communication systems abuse. Regards, John Young

Cryptome.org