On Thu, Jun 01, 2006 at 12:41:52AM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, May 29, 2006 at 02:48:33PM +0200, Wouter Verhelst wrote: > > Then there's the issue of tracing who did an actual upload into the real > > world. A name on a GPG key is not, by any means, an effective way to do > > that, since it does not contain enough information to get out the black > > helicopters. Case in point: > (...) > > Useless case, you seem to believe that police officers can only trace and > obtain information from people through Google !
No, I don't. I'm just saying that the name tacked to a GPG key is of far less useful value than the email address which is tacked to the same. > I do not know how many cases related to "digital crimes" have you been > involved with or know of, Not many, I'll admit. > so please allow me to enlighten you how it could > possiby work: > > - somebody named X gets a trojan in the Debian archive through a GPG key > - SPI (not Debian as it does not have a legal entity in itself) brings the > case to a law agency claiming that X has committed a crime > - the Police traces X to A, B and C (same names != same people) > - the Police gathers evidence that A and B *might* be in possession of the > GPG key and might have done the attack (this includes things like > information from ISPs linking a telecommunications contract to a name, data > from their communication either publicly available or requested to ISPs or > servers) There, here we are. You've admitted that just the name isn't enough and that the police needs more, which was my whole point. If they have a name which might be valid but an email address which is, I think they have a far better chance at finding the person responsible than if they have an email address which might be valid but a name which is. [...] -- Fun will now commence -- Seven Of Nine, "Ashes to Ashes", stardate 53679.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
