FBI Wants to Tap The Net 503
Majik was among the stream sof people submitting this story about the FBI wanting to
tap the net. Makes carnivore look like a baby monitor since this tracks all packets, and would be placed at key locations on the net.
Go ahead. (Score:4, Interesting)
Lamers (Score:3, Interesting)
Someone please refresh my memory... (Score:2, Interesting)
That could really put a dent in the ability to snoop (they still may crack it, but its going to cost a hell of a lot more processor cycles to do so).
Re:always assumed this is being done (Score:3, Interesting)
NSA does not spy/eavesdrop on US citizens.
Read their charter; i'm pretty sure it's not classified. When I was a contractor at Ft Meade, I wrote a lot of extra code to specificially make sure of things like this for my project. I can't speak of the FBI, CIA, or DIA however...so draw your own conclusions people. Things may have changed in the last year, but as of a few years ago this was a top priority for each project I was on. If someone can convince me I'm wrong (project names, people, etc, not random web links), I'd love to know about it as I still talk to many friends at the agency (about unclassified things of course).
Hey, FBI: FUCK YOU. (Score:2, Interesting)
When you think about the FBI wanting to tap the entire internet, think about it this way: Would you be okay with the FBI wiretapping EVERY PHONE IN THE COUNTRY without getting a warrant for each one first? Because that's essentially what they are doing.
And they want to CENTRALIZE DATA as well! Yep, nevermind the whole idea of a distributed network (not that the backbone providers give a shit about that anyway), let's just put all the data on one server so that the FBI can easily listen in to every conversation in the country!
What a bunch of fucking bullshit. </rant>
Complain all you want... (Score:3, Interesting)
I run a webserver (as a business) and have run shell servers in the past. I don't think ANY of these people who have been on the receiving end of a 2 day DDoS attack. Now, if such a system would be put into place, there would be other advantages than just searching for "key words" in text. It would most likely be a enterprise integrated intrusion detection system used to find and stop DDoS attacks and the such. If these systems could use formulas to determine a DDoS and black hole routes before it can cause thousands of dollars of damage to an ISP, then it would save LOTS of money!
At one provider, I was received a bill of a few grand of bandwidth charges when my shell box was hit with a DDoS for several hours... image what it would cost Yahoo! and such sites in lost revenue.
Also, the FBI isn't interested in your e-mail. Sure, it would allow them to look at it but it's no different than being able to tap your phone now. So what's the difference between tapping your phone and tapping your internet connection? Nothing. There is no difference. They'll need a wire-tapping order to do it, still.. And yes, someone will respond "but they won't need one to do this!" and you're right... they also don't need one to tap your phone, but it's illegal without it. Hence, we would be protected under the same laws as the current wiretapping law.
Re:Welcome to 1984... (Score:3, Interesting)
confirmation? (Score:3, Interesting)
I can totally believe that the FBI would love to do this, given the chance. I just need a little more evidence before I am to go around saying that they *are* doing it.
Re:Get in the habit of using Crypto now... (Score:1, Interesting)
Useless, if they put the taps on "strategic locations" and then use them to act as the "man in the middle".
SSL may not be secure much longer (Score:2, Interesting)
Normal SSL allows the server to send a hunk of bits to you. If they an get a key signed by one of the CA's that is installed in everyone's browsers, then they can fake you into believing that you are talking to the end customer.
From the end web-sites point of view, they would never know that a man-in-the-middle style attack is in progress, since 99.999% of SSL does not use client side certs.
As for them getting someone to sign their bogus key, a little pressure can go a long way. You might even expect to see the next Microsoft service pack to have a new CA that is a front for the "We are just looking for terrorists and anyone else who is doing something that the current regime does not approve of" folks from the FBI/CIA/NSA/...
Time to start using GPG with long keys to protect anything you really care about, since there YOU are the CA, not the folks that we know we can trust.
In short, SSL does not make it safe to download your k****e p0rn.
Oath violations (Score:3, Interesting)
When you take a position in an elected, appointed, or law enforcement position with the government, you make a sworn oath to uphold and protect the Constitution.
The FBI agents and elected officials supporting them who are planning on implementing this overt violation of the IV Amendment of the Constitution [cornell.edu] either:
a. Didn't understand the oath they took. Which makes them very stupid, and are therefore unfit for their position.
or
b. Are knowingly violating their oath. Which makes the dishonest, and are therefore unfit for their position.
I leave it to you to decide which one applies.
Re:Get in the habit of using Crypto now... (Score:2, Interesting)
Mass decryption just isn't feasible and certainly not in real time so they have to try to do one of two things:
Re:Remember Fidonet? (Score:2, Interesting)
It's a police state. (Score:3, Interesting)
Law enforcement can now 'dictate' to data communication providers what types of functions their service MUST incoproate, in order to comply with the needs of law enforcement.
How does this NOT equate to the government telling you how to run your business?
Honeypot for Feds? (Score:3, Interesting)
There's no real way to catalogue every packet on the internet this without some sort of computerized searching technology. They may even call it 'AI', but what it will boil down to is an application looks for suspicious strings to flag for human eyes.
Therefore, it would be very possible to fool and overtax any kind of system like this by building a new kind of honeypot-style server.
Some Ideas:
Have this server connect to different IRC nodes bot style and create suspicious sounding chanels like '#BombUSA' or something similiar. Have it talk to itself Eliza style through IRC, but with terrorist keywords like 'Anthrax', 'Jihad', 'Hijack', etc... You could also substitute keywords for other kinds of illegal activity. Drugs, Pr0n, and other illegal/questionable vices all have keywords which would raise any LEO's eyebrows.
If two servers happen to meet on a chanel like this, they can exchange POP email addresses and start sending smtp packets to eachother with the same kind of information. Maybe throw in a few uuencoded attachments of the Osama and Bert poster.
One last thing. Have each server that does this engage in plaintext dialogue 4/5ths fo the time, and then, psuedo-random bitstreams the rest to simulate encryption. If/when they do try to crack those streams, it will use up their resources so that they can't as effectively be used against individuals who do have valid reasons to use crypto.
Encrypted Everything (Score:3, Interesting)
- by default apache should use https instead of http
- fork the email protocol so it *only* uses PGP/GPG and retrieves the public key of the recipient
- telnetd and ftpd should be removed from all open source distros
Perhaps LUG's could even offer certificate signing. I really would like to have an parallel email protocol that only allowed signed and encrypted emails.FBI considers torture (Score:2, Interesting)
"AMERICAN investigators are considering resorting to harsher interrogation techniques, including torture, after facing a wall of silence..."
The Times is one of the most respected, conservative papers in the UK. The FBI really are considering this abomination. Even Robert Blitzer, a former head of the FBI's counter-terrorism section, has criticized this in public!
Your Rights Online (and everywhere else) (Score:2, Interesting)
The fact is, our government had the infamous Mr. Atta in its grasp earlier this year and broke our own existing laws to give him a free pass. See the URL below if you want more info.
http://www.newtimesbpb.com/issues/2001-10-18/fe
Granted that these people had good intentions, too, but the transfer of rights and responsibilities to govenment isn't just words. It results in actions taken by people no more prescient than you or me, but with consequences on a much grander scale.
We all probably agree with the principle that choices should be made at the lowest level possible in a business organization, so why not apply that same wisdom to our country and society at large?
Speaking of business, I wonder if the business forces at work trying to transfer intelligence from the nodes of the net to a more centralized architecture like the FBI proposal?
Re:Another reason to vote correctly. (Score:2, Interesting)
The reason that there are no Libertarians (or other 3rd parties) in office is because the so-called "democratic process" is biased against them.
Third parties often unite on these causes, regardless how divergent their platform on other issues. Vote third party on the principle of it. If you can't trust Dems and Reps to be fair during the process of getting into office, how can you trust them once they are in office?
Get [fairvote.org] informed [electionmethods.org]. Push for change.
Comment removed (Score:3, Interesting)
This represents an extremely disturbing trend. (Score:2, Interesting)
Secondly, the notion of tapping the entire internet, aside from the massive outlay of resources that would entail (which is a whole nother thread entirely) is simply ludicrous. The internet is by definition global; the internet traffic of Swiss citizens (for example) is none of the FBI's concern (or shouldn't be, at any rate). You want to talk about a lack of jurisdiction? This all-encompassing, manifest destiny approach is reminiscent of the recent
Seriously, the more I think about this the less it disturbs me. I find it unlikely that the other countries would volunteer to reengineer their networks to assist the U.S.'s FBI in monitoring their traffic. What bothers me is why, presumably knowing this, they're funding a project like this anyway. Perhaps they're just looking to bottleneck the U.S. traffic, in which case we'd be known as Lag Central to the rest of the world. Yup, that'll certainly help e-commerce. ("Oh, don't shop there, they're U.S.-based. Their pages always take forever to load.") I shudder to think what happens when the FBI's systems suffer occasional downtime; do they halt the country's traffic until they can get them up and running again? They'd have to. To do otherwise would be a security risk, and we can't have that.
A view on /. paranoia (Score:2, Interesting)
When the tragic events of 11th September occurred, the finger was squarely pointed at the US intelligence services for failing to prevent the horror. It is now five weeks since that horrible day, and the stereotypical slashdot paranoia/anarchy has raised its ugly head once more.
How can you expect your intelligence agencies to do their jobs if you limit their powers over the tools of the terrorists? Sure, you may argue that any good terrorist would use crypto, but what about the one that doesn't (or forgets to)? Could that single interception save a life? Plus, they already intercept landlines, cellular, fax, telex and pager messages. Radio and satellite TV is picked apart for subliminal propaganda. Mail is opened and then re-sealed perfectly. For all of you who harp on about Echelon and how it invades your privacy - Apply for a job with ??? agency and go and see the truth. You'll be surprised at just how wrong you are!
If the installation of a few "privacy invaders" such as carnivore (etc etc) can save even ONE life, surely it is worth it? Would you stop someone listen to some random phone call to your gas board or would you rather see your next door neighbour's kids climb into a black limosine to trail behind a hearse because their mum/dad was killed in the latest bombing/crash/bio-attack?
This message will be modded as a troll or flamebait, but then again, isn't everything that doesn't subscribe to the "I use Linux and I'm a victim of persecution by the government" school of thought. I'm prepared to accept that there are valid issues in the protection of privacy, but none that can justify the loss of even one single life.
`
You have a point (Score:5, Interesting)
For the FBI to pull this off, they would certainly need quantum computers... And what of speling myst-aches? This requires more computing power... Even Caeser cyphers become effective means of defeating these because of computational limits...
Re:FBI considers torture (Score:3, Interesting)
I disagree.
Torture takes effort - an FBI permitted to use torture would be physically unable to use it in the violation of the civil liberties of 300,000,000 Americans, simply because it'd take too long to work their way through the population, even if every FBI agent went berzerk and started torturing everyone they met for the sheer hell of it.
Passive electronic monitoring doesn't take effort - every citizen's right to be secure against unreasonable search and seizure is violated the instant they flip the switch on the Mother Of All Carnivores.
Put another way - there's a reason why people get dozens of spams per day (sometimes per hour), while still only getting three or four telemarketing calls per week.
Re:This is much more sinister that it seems (Score:1, Interesting)
They already do.. (Score:2, Interesting)