Greg Broiles (by way of t byfield <tbyfield@panix.com>) on Mon, 17 May 1999 05:50:03 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Treasury/IRS implements Echelon-type monitoring via New Zealand?


     [orig to <cypherpunks@cyberpass.net>]

I ran across something interesting recently - every so often I grep my
webserver logs to see what The Gummint is thinking about these days - the
search strings they enter into index/search sites (and the Referer: field,
in general) is frequently interesting.

Someone from behind one of the Treasury Dept's firewalls/proxies did a web
search for the ECPA a few weeks ago, during a discussion of ECPA on the
cypherpunks list - apparently they followed the discussion on this list,
and thought perhaps ECPA would be of interest. I'm a little disappointed
that they didn't have any good summaries in-house, but perhaps I should be
honored that they were interested in mine, instead.

But that's not very interesting - someone from Treasury surfs by every so
often to take a peek at the Jim Bell files and see if they're still
available, so I'm accustomed to seeing them pop up in my logs.

I was curious if they had a West Coast proxy, since all of their proxies
seem to be run on the East Coast - my impression (from spending some time
reading mine and others' web logs, and from using standard network mapping
tools) is that current "best practice" for federal agencies is to use
internal network links between their field offices, routing all requests
through one or more proxy servers run on the East Coast near one of the NAPs.

But it looks like they've got a *New Zealand* proxy - I would be happy to
be corrected on this point, but I've had a hard time finding an
inconsistency in the data I've seen.

The machine "tcs-gateway6.treas.gov" seems to be located somewhere in New
Zealand - this is why I think so:

1.	Traceroutes from locations in the US (from several NAPs), Europe, and
Australia all end in NZ; not at the host, but somewhere near it, apparently.

2.	The IP address corresponding to that name returned by the designated
nameservers for treas.gov is 202.27.2.101, which is within address space
assigned to the New Zealand Ministry of Commerce.

I'd be happy to learn more about this - perhaps some list members who know
more about routing than I do could provide insight, and perhaps Jeff Gordon
or others with insight into internal IRS/Treasury/DOJ matters could explain
why things are set up this way. Given NZ's relatively poor connectivity,
I'm having a hard time thinking about why one would locate a web proxy
there, other than for jurisdictional arbitrage or than to keep assets out
of seizure/forfeiture/discovery range.

Any thoughts?

Just for grins, here's the log entry in question -

tcs-gateway6.treas.gov - - [15/Apr/1999:14:17:47 -0700] "GET /fedpriv.html
HTTP/1.0" 200 18993
"http://www.lycos.com/cgi-bin/pursuit?matchmode=and&cat=lycos&query=Federal+
Electronic+Communication+Privacy+Act+of+1986&npl1=ignore%3Dpq&x=28&y=3"
"Mozilla/4.03 [en] (Win95; U)"


--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C

---
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@desk.nl and "info nettime-l" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner@desk.nl