[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please revoke your signatures from Martin Kraff's keys

On Mon, May 29, 2006 at 02:48:33PM +0200, Wouter Verhelst wrote:
> Then there's the issue of tracing who did an actual upload into the real
> world. A name on a GPG key is not, by any means, an effective way to do
> that, since it does not contain enough information to get out the black
> helicopters. Case in point:

Useless case, you seem to believe that police officers can only trace and
obtain information from people through Google !

I do not know how many cases related to "digital crimes" have you been
involved with or know of, so please allow me to enlighten you how it could
possiby work:

- somebody named X gets a trojan in the Debian archive through a GPG key
- SPI (not Debian as it does not have a legal entity in itself) brings the
  case to a law agency claiming that X has committed a crime
- the Police traces X to A, B and C (same names != same people)
- the Police gathers evidence that A and B *might* be in possession of the
  GPG key and might have done the attack (this includes things like
  information from ISPs linking a telecommunications contract to a name, data
  from their communication either publicly available or requested to ISPs or
- the Police asks for a search warrant, gets into A and B's house and seizes
  their computers
- the Police finds the private key associated with the GPG key in A's
  computer (maybe even evidences of the trojan itself)

Guess who is going to get prosecuted regardless of whether they have the same

If you think that's science fiction, maybe a tv series plot, or think that
law agencies (or judges) are stupid and cannot gather evidence for a case in
the digital age then think again [1]

Law agencies (in many countries) have enough budget and laws backing them to
do that (and more). Given enough damage done by X (=A) through the trojan
introduced in the archive or enough money layed down by SPI you bet there
would be a thorough investigation of the case.



[1] Virus and worm writers have been busted with even less information (when
the investigation started) than the information I leak while writting this

Attachment: signature.asc
Description: Digital signature

Reply to: