NYT on Electronic Evidence:
Today's New York Times has an interesting piece on the growing use of digital evidence in court.
As there is no appropriate thread on which to make this comment, I make it here. In light of the upcoming NSA hearings this coming week, I urge everyone to visit the site of Glenn Greenwald (,a lawyer who is working with Senate Judiciary staff members to develop a list of questions to pose to our AG during the hearings. As some may know, Glenn Greenwald was the blogger who first wrote about the 1992 NSA/Baker matter, which has now reached the MSM (today's opinion page in the NY Post) and which spread like wildfire across the blogosphere. No doubt it will be mentioned at the hearings. As Orin was one of the first, if not the first, to provide a detailed analysis of the legality of the warrentless spying matter, I would think Orin would have a special interest in looking over and commenting on the ten questions Glenn has developed which he lists on his site. I would also again urge Orin to link Glenn's blog to this site, as Glenn seems to have swiftly come to the forefront as one of the lawyers who is most knowledgable and involved in the FISA/NSA/AUMF "eavesdropping" issue.

As an aside, this seems, to my limited knowledge, to be the first time that an important story which originated totally outside of the MSM has come to such prominence. A big victory for the blogosphere!
2.4.2006 4:11pm
I forgot to add this excerpt from the Greenwald site, in case anyone is interested in listening to a debate on the NSA eavesdropping issues before the hearings begin.

"I'm going to be on C-SPAN's Washington Journal this Monday morning, February 6, before the NSA hearings begin, from 7:45 to 8:30 a.m. I'll be debating the NSA eavesdropping issues with Bush supporter Professor Robert Turner of the University of Virginia."
2.4.2006 4:27pm

I was planning an open thread for tomorrow. Perhaps you might want to repost this then, as it has no relevance to this post. Finally, Eugene controls the blogroll; whether to add someone to the blogroll is entirely his decision.
2.4.2006 4:28pm
Thank you Orin! I was hoping you would be posting your thoughts on the hearings. I'll be reading every word of yours. I will copy and paste my comments on the new thread you have opened, so you can delete them from here, and I will post on one of Eugene's threads my suggestion to add Glen's blog site to your list of blogs.
2.4.2006 6:55pm
Bethesda Jack (mail):
The NY Times article is interesting in the context of the criticism of China in the past several months for pressuring U.S. Internet companies to disclose the identities of those the Chinese consider to have violated State secrecy regulations. Is it OK to require disclosures in the U.S. of e-mail account identities because we have a well developed legal system but not in China because their legal system is considered rudimentary and under the control of the government? If the Chinese inact laws similar to the Electronic Communications Privacy Act et al, would the criticism go away?
2.5.2006 5:47pm
The Franchise (mail):
I'm concerned about the reliability of IP identification. Is it possible for an individual computer user to change his IP, thereby appearing to be another user?
2.6.2006 3:30am
Riskable (mail) (www):
The Franchise: Yes, it is more than possible, it is simple and easy!

There are many ways you can mask your original IP address... Usually by stealing the IP of another user either by utilizing their machine/router/modem as a proxy (without their knowledge) or by fancy TCP/IP spoofing tricks (arp cache poisoning, header mangling, duplicating mac addresses, etc). The former requires the machine to be broken into somehow (viruses, worms, trojans, spyware, etc), the latter only requires weaknesses in the user's ISP architecture (some are inherent to TCP/IP and cannot be worked around).

Another method--which is increasing in popularity--is to mask your IP through an anonymizing Peer-to-Peer (P2P) network such as Tor. For example, if you use a Tor client to surf the web, your traffic is actually bouncing around the net off of other Tor server machines. The server that accepts your web traffic will only see the last Tor machine you connected through. See:

What this means is that if someone is allowing Tor traffic through their machine (by setting up a Tor server), their IP address will be the one that shows up in the server logs. If your machine is compromised, the attacker could setup a Tor server without your knowledge and quite a lot of Internet traffic could appear to come from your machine.

There are other means as well. Transparent cross-site-scripting proxies allow an attacker to use a victim's browser to surf the web--making it appear that the user is the one doing the surfing (using their cookies and credentials). All it takes is to surf to the wrong website just ONCE during your web browsing session and the attacker can utilize this capability until you close your browser.

I wouldn't be surprised if attacks such as these are already in use to blackmail people (force their browser to download child porn in the background). It all goes to show you: An IP address is not an identity.

"I have a license to kill -9"
2.6.2006 2:17pm
Riskable (mail) (www):
I forgot to mention the most basic form of masking and IP address: VPNs. If you're logged into a VPN, the source address will always appear to be that of the VPN server.

...and also NAT/IP Masquerading: When you buy one of those "broadband routers" at CompUSA they come pre-configured to "mask" all the machines behind them so that they all appear to be coming from the same IP. This includes the guy sitting across the street surfing the web through your connection.

"I have a license to kill -9"
2.6.2006 2:22pm