FBI E-Mail Wiretaps - The Carnivore System 353
CharlieG writes "It seems the the FBI has been electronic wiretapping various e-mail accounts for a while now. First with a system called Omnivore, and now with a "More Selective" system called Carnivore. You can read about it on MSNBC.COM"
Re:please... (Score:2)
...phil
Re:If a data stream runs through a computer.... (Score:2)
Bad example. Radio is inherently a broadcast medium, e-mail is more-or-less directed.
...phil
Re:No wiretapping without a specific warrant (Score:2)
So "amendment" doesn't mean "afterthought". Politics. Such fun stuff.
Heard of TWINKLE? (Score:2)
Heard of TWINKLE [counterpane.com]? How far ahead of this do you think the NSA might be?
FWIW, I once worked a case for the FDLE, after which they tried to recruit me for their computer crimes unit. They were quite sanguine about encryption, saying they regularly shipped encrypted documents off to the NSA for decrypts, depending on how crucial they were to the case.
Also remember that given access to the private key, keylength is less important than passphrase strength.
It takes some work to use PGP securely, and ultimately, if some TLA wants your cleartext, they'll get it one way (cracking crypto) or another (Van Eyck, TEMPEST).
-Isaac
Re:The FBI is looking out for you (Score:2)
Let's start by realizing that different people have different sets of ethics, and not everyone believes that the government has a strong sense of ethics. For example, I am confident that the government is extreamly hypocrytical, which by my sense of ethics is one of the worst things possible.
Asking dictionary.com about 'principle' gives "basic truth, law, or assumption", "A rule or standard, especially of good behavior" and "The collectivity of moral or ethical standards or judgments".
When you say "It's also a matter of principle that criminals need to be stopped...", it's reasonable for me to ask "Who's principle, who's ethics, which laws, and at what price?"
The question many people are raising is if catching the criminals is important enough to justify breaking the law, violating the constitution, and ignoring the bill of rights.
My answer is "No, of course it isn't worth it! The rules of society, as described by the constitution, make it clear that catching the criminals is NOT the most important thing."
Let me make this as clear as I can manage. The 'betterment of society' is not served, and is in fact harmed, by a law enforcement group which intentionally violates the law, ever, even once. It doesn't matter if they catch a thousand murders and ten thousand rapists at the same time, if they had to violate one law to do so, they have made the world a worse place. It's simply a matter of principle.
Obviously my principles are different from yours.
And to answer your question, it depends on the criminals. In particular, it depends on what laws they are guilty of breaking. I mean, it makes a big differance if they are all guilty of murder, say, or just, you know, jaywalking or speeding or maybe growing a bit of pot and then smoking it.
Re:The FBI is looking out for you (Score:2)
Wow. I'm just amazed.
You can't argue with logic like that. You can point and laugh, but you can't argue with it.
Just for the record, in order to prove that it can be done, I deny them. I also deny your god. Please refrain from stating that it isn't possible, as it obvious is. Tell me again that I can't deny something, and I'm likely to do just that, if I want.
It is my belief that criminals can be caught and punished without breaking the law. It takes a little more work, but it's still possible.
Breaking the law in order to catch someone and punish them is a lot like the death penalty. Is it fair for me to assume that you don't agree with the death penalty?
"And as I believe I've said before, sin is sin, and trying to count the "amount" of sin is a foolish and pointless exercise. If you are guilty of a crime, you must be punished. It's as simple as that."
You seem to be confusing 'sin' with 'crime'. Crime is defined by society. 'Sin', for those who believe, is defined by some higher power.
the important point here is that society can, and often does, change the definition of crime. Drinking alcohol in the United States is a good example. It's legal. It's illegal. It's legal again. Of course, this caused some confusion.
It is my belief that there currently exist many laws which actively harm society. Society would be better off without some of the laws.
I'm willing to suppose it may be a bit of a leap for you to agree that some laws harm society. Let's see if we can agree that there are laws which are just downright silly, and don't need to exist.
Please refer to www.dumblaws.com [dumblaws.com] and see if you can find even one law which makes something a crime when it need not be.
Failing that, please explain the ethics behind this law:
New Mexico, Las Cruces:
You may not carry a lunchbox down Main Street.
Is this a crime because The Lord told someone it should be?
Is it a sin?
Does it harm anyone?
Can you suggest any possible reason for this law?
Can you begin to understand how I might think that someone might be guilty of a crime yet still not need to be punished?
Re:PGP (Score:2)
Re:PGP (Score:2)
There have been several other bugs found in PGP; I can't remember the specifics, but I believe that the above bug was in PGP for over a year for being discovered, in spite of the fact that the code was open for everyone to see.
If you've ever actually looked at the code for PGP, you'll see it's HORRIBLE. PGP is coded really sloppily. My comments were more directed at the high probability of an acidental implementation error due to programming practice, not an intentional crippling.
This is particularly the case with Open Source projects, as willingness to code something rarely translates to being the best person to do it. Bruce Schneier commented on this in his Cryptogram newsletter. See:
http://www.counterpane.com/crypto-gram-9909.htm
http://www.counterpane.com/pitfalls.html
http://www.counterpane.com/whycrypto.html
And please, this isn't a flame. This is born out of experience.
Easy work around (Score:2)
Re:4th Amendment anyone? (Score:2)
Re:The FBI is looking out for you (Score:2)
... And our Lord Jesus H. Fucking Christ spread his buns, and said: "Thou shalt not jaywalk, and always cross on thy green lights"... [Peter 89:45.12]
--
Here's my mirror [respublica.fr]
Re:The FBI is looking out for you (Score:2)
So, if you're not afraid of the FBI looking at your e-mails to your sister, you're surely not afraid at letting ME look at those same e-mails, no?
By the same token, you won't mind either me looking at those e-mails you sent to that chick you met last month at Catalina, no?
Can't you see it's a matter of principle, or are you just dumed-down by mass-media hysteria not to realize your fundamental rights are being trampled???
--
Here's my mirror [respublica.fr]
Re:ANother reason to use PGP (Score:2)
PGP not enough - and a solution (Score:2)
Just encrypting your e-mail with PGP is not enough. The sender and recipient histories can still be tracked. Here is my proposed solution to this problem...
Have several anonymous remailers scattered around the world with well published public keys. Each remailer will decrypt the message with it's private key, find the new sender in the decrypted message, strip the original envelope information, and send the message along to the next remailer.
Your message ends up encrypted in multiple layers that get stripped off one by one by each remailer. Eventually, it will get to its destination where the recipient will strip the last layer of encryption off.
This way, there is no reasonable way anybody can track who you're getting messages from, or who you're sending them to. Even if the remailers keep connect logs, or message logs, you still can't tell.
I'm thinking of writing this up as a python script that uses gpg and that can be set up as a filter in your .forward or .qmail file.
Modify SMTP (Score:2)
I suppose one could have SMTP report if it supports the new protocol, (SHLO to go along with EHLO/HELO ?) and if wherever the mail is being send does, you could use an extended set of commands to request a public key (KREQ ? ) from the server, send a session key (SKEY ), and encrypt the remainder of the session.
Since sendmail is nearly umbiquitous, they could define the protocol however they pleased, publish it as a RFC per the usual routes, and have a defacto standard. One could (should) do the same thing with http, IMHO. Of course that would be up to the WC3.
Unfortunatly encrypting the content of SMPT transfers/http doesn't protect against traffic analysis. Oh well...
Re:Steganography is juvenile (Score:2)
You can have the strongest encryption in the world, and it will not protect you from a subpoena for the (private) key.
Security through obscurity isn't "bad" any more than lemurs are "bad".
When security through obscurity interferes with the verification and validation of an algorithim, that will make the algorithim weaker. That could be considered bad.
When you think you are hiding information and you are not, that could be considered bad. The link [outguess.org] that I gave is to a steganography program that helps to hide the fact of seganography from stegonagraphic analysis.
I should, and do, use a lock on my safe that is so good that I can put that safe on a street corner, complete with a diagram of the lock, and no one can get into it.
But I think I'll put that safe (with that same strong lock) in my house, instead. Maybe behind a portrait.
Re: (Score:2)
Re:Wool makes my eyelids itch (Score:2)
And they use the magic words "drugs" and "terrorism", so anything they do is ok. Really.
"'National security': the root password to the [United States] Constitution." - Phil Karn
Re:PGP is not the answer (Score:2)
Really? Care to say how? Do you mean a backdoor in the program (the source is available) or a problem with the encryption algorithms? Are you a mathematician? Do you think the NSA has managed to prove that factoring isn't NP (which would be quite an accomplishment, esp. for a government organization)? Or, maybe, you mean that they've managed to prove that problems in NP can be solved more quickly (which would be the greatest mathematical achievement in decades). Truth is, if factoring cannot be solved in less than polynomial time, no organization, no matter how many mathematicians they employ, is going to be able to crack PGP fairly quickly.
You're right about the social engineering part, though.
Re:feature, not bug! (Score:2)
So you've never done or said anything in your life that wasn't politically correct? Even back before there was a concept of politically correct? Never told or laughed at a blonde joke? I hope you never plan to run for office, then - I guess you wouldn't get your vote.
The public will just have to continue to evaluate candidates on the same basis that we evaluate each other - based on what they say and what they do in public. You have no right to anyone's private communications, and without a court order neither does the government.
Carnivore Jam (Score:2)
Nice choice (Score:2)
I wonder if I'm meat or celery to them . . .
Big Brother is Watching . . . (Score:2)
I think it was Winston Churchill who said, "He who would give up privacy for security deserves neither." How about that?
What is the FBI's interest in "clones"? (Score:2)
Re:Heard of TWINKLE? (Score:2)
However, I would bet that a lot of those documents were encrypted using regular DES. The NSA can probably break DES in a minute or two by brute-force, using specialized hardware.
However... Suppose they can break Triple-DES, or Blowfish, or RSA, or whatever.
It is important to note that it would be difficult for them to safely use that information.
If the FBI/NSA/CIA/DOJ/DOD/whatever ever did something using knowlege that could have only been obtained by breaking one of those codes, the cat would be out of the bag.
The situation is very similar to Bobby Shaftoe's division in the Cryptonomicon, which had the job of running around creating plausible "cover stories" to explain why the Allies knew so much.
For the NSA et. al. to USE information they got from breaking 3DES or one of the other "strong" systems, they would first have to create a plausible alternative way for them to have obtained that information. And, that would have to be a legal way if they wanted to use it in court.
Now, they may do that. Apparently, they get a lot of "anonymous tips". Uh huh. But if there are say, three or four people in a conspiracy to cream-pie the president, and they only communicate through PGP, with good passphrases, and they are careful about Van Eck and other bugging... if they get caught and dragged in front of a judge, how will the Secret Service present the evidence?
As soon as the secret is out, people would switch encryption methods. (Well, some people. The people who care enough to use encryption, anyway.)
Torrey Hoffman (Azog)
Re:Heard of TWINKLE? (Score:2)
1. Their encryption was broken
2. Or, they were bugged (but why?)
3. Or, one of their members is a traitor
4. They screwed up some other way that got the cops onto them.
If they are confident enough to rule out #3 and #4, 1 is the only other choice.
So assume they get their day in court. Even if the Secret Service doesn't present evidence from broken encryption, (and instead uses evidence from regular bugging, search and seizure, whatever) the question still arises: Why were these people under investigation in the first place?
What got the Secret Service looking at them? Was it just because they were using PGP? Not likely - too many people use PGP for them all to be checked out. So, their messages must have been cracked and scanned for incriminating phrases.
The conspirators lawyer will ask for sure. And the secret will be out. Or at least, people will be suspicious. If it happens a few times, people will believe the NSA can crack PGP.
This hasn't happened yet. So either the NSA cannot crack PGP, or they have been very very cautious how they have used the ability.
Torrey Hoffman (Azog)
Re:PGP (Score:2)
But the thing I was trying to show is that the way we currently deal with networking is unsafe. TCP deals with reliable point to point connections, but these connections are unsafe. It leaves it to applications on top of it to deal with encryption and most applications don't do this. I would like to see encryption pushed down in such a way that it works transparently for applications. E.g. if I'm chatting through ICQ with a friend, the connection used by the two clients would be automatically encrypted.
Steganography is juvenile (Score:2)
[Retrieve hammer from hardware store]
Speak these words: "Steganography equals security by obscurity."
[Inflict one wound to torsoe with hammer]
Speak these words: "Security by obscurity is bad."
[Inflict one wound to torsoe with hammer]
Speak these words: "The encryption I use should be so strong that I should be able to give encrypted copies of my deepest, darkest secrets to anyone that asks for them, provide them with the software I used to encrypt it along with a whitepaper describing how my encryption method works, teach them how to use it, and be confident that they won't be able to read that document."
[Pin 1st place ribbon on chest; you've won!]
Re:Steganography is juvenile (Score:2)
BZZZZT, wrooong, but thank you for playing.
Steganography isn't for keeping information unreadable.You can already do that with encryption. The point is that you may not be able to send encrypted information through open channels without a man in black coming to your door and busting your aft section for "hindering the work of law enforcement" or something like that.
The point of steganography is to hide the fact that you're communicating encrypted data in the first place.
Yes, that smells like security through obscurity, but imagine this: You have an encryption algorithm so devious that it's unbreakable (in reasonable time, I mean) and the resulting data is indistinguishable from the stuff you get from /dev/urandom on a good day (which means that it can't be proven to be encrypted data and not meaningless noise). Now hide that data in the low-order bits of an image (replacing the already random enough data there) and no one can prove the data is encrypted since there is no significant difference between the output of (say) RC4 and cat /dev/urandom.
Admittedly there are some caveats to this particular technique (although they can mostly be avoided if care is taken):
Re:PGP is not the answer (Score:2)
IIRC, the US Government is the single biggest employer of Mathematicians worldwide.
Care to guess how many of those are doing crypto?
Re:Modify SMTP (Score:2)
It doesn't even protect against the FBI getting the plaintext. Remember, the wiretaps they're talking about here are with the (sometimes grudging) consent of the ISP, so if encrypted SMTP became the norm they'd just require the ISP to provide them with the private key of the mailserver as well, or to provide a tap into the unencrypted stream within the server software itself. The only way to be sure of your encryption is to trust both ends of the link.
Re:I'm convinced (Score:2)
I enjoy comments such as yours, as it gives me an opportunity to trot out one of my favorite qoutes:
According to you, we in the USA no longer need the 1st, 2nd, 4th or 5th amendments. Why should the FBI (or any LEO) be burdened by having to go to a court for a search warrant? surely, if you have nothing to hide, you have nothing to fear if they show up and ask to inspect your residence. And why shouldn't criminals be made to testify against themselves???
Oh, yeah, I'm sure I'm gonna trust 'em to be honest. They wouldn't break any laws, like allowing the White House access to background check files of potential political foes. They wouldn't plant evidence, or give false testimony (hey to the L.A. PD!), nor do anything unjust!No, never!
James
Last post! (Score:2)
-russ
Re:PGP is not the answer (Score:2)
-russ
Re:Selective filtering (Score:2)
At the surface, it seems like they should be able to brute force it consistent with the court order for the wire tap. Just out of curosity, though, what about the DMCA's protections on decoding encrypted information?
To wit: From Jack Valenti's, MPAA Chairman, deposition [cryptome.org]:
10 Q You said any use of DVD that involves
11 coping is illegal. Is that right?
12 A I think what I said was, any time you
13 circumvent encryption according to the DMCA you're
14 violating the law. That's what I said.
It seems to me, if DMCA is used that broadly, couldn't it be used to argue against the FBI decrypting email communication?
Just a thought.
Don't count on 4th Amendment for protection (Score:2)
Someone wrote:
And then Kahuna wrote back:
That's true... if the FBI is interested in a criminal prosecution. As far as I know, but I am not a lawyer nor particularly knowledgeable in the area, the Exclusionary Rule (legal precedent that says you can't use tainted evidence in court) is the only significant disincentive for an illegal search.
If the FBI or other law enforcement agency is more interested in simply harrassing, intimidating, or embarrassing a target, then the Exclusionary Rule has no practical effect.
I just saw Guilty by Suspicion on video the other night. True story, McCarthy era: film director harrassed by FBI agents, blacklisted because he wouldn't testify that his friends were Communists.
Our protagonist in the movie (Robert DeNiro) was investigated and bullied on suspicion of something that isn't (and wasn't) even illegal. The only prosecutions coming out of the McCarthy investigations were for perjury and contempt of Congress, against people who either wouldn't talk to the HUAC or who were caught lying to it. Nobody was convicted of merely being a Party member. But that didn't stop the FBI and the HUAC from carrying out their dirty tricks. And the FBI couldn't be challenged under the Exclusionary Rule because they weren't presenting evidence at trial.
Yes, it would be extremely difficult or impossible for law enforcement to use evidence inappropriately gathered by Carnivore in a criminal trial--they really do have to follow the rules there. But it would be relatively easy to use Carnivore or a similar device to gather information for other purposes, given just a little cooperation from ISPs.
I honestly don't think harrassment or intimidation is the primary purpose of Carnivore. It actually seems pretty mild compared to other more intrusive and less targeted means of investigation. But don't assume that the Fourth Amendment will protect you outside of a criminal courtroom!
Re:The FBI is looking out for you (Score:2)
Oh, I absolutely agree! The FBI proposes to commit a crime (violation of the Fourth Amendment), and in fact has thereby already committed a crime (conspiracy to deprive citizens of civil rights under color of law). They must be stopped. QED.
/.
That is how it's supposed to be. Is it that way? (Score:2)
Re:TO: myfriend@theotherispintown.com (Score:2)
I think it's getting to the point where the cost of "protection" (or the illusion thereof) is that we have a government that is going to get worse than the crime was to start with.
Well, screw the FBI. I'm going to go smoke a bowl and clean my machine gun.
Re:No wiretapping without a specific warrant (Score:2)
Because it's none of their damn business. They ahve no need to know and hence shouldn't be looking. If they are going to look anyways then I'm going to find a way to stop them. And I'm going to do it because it's my RIGHT as a human being not to have every detail of my private life examined by some government thug to be sure it meets with his approval.
Kintanon
There's bad and good in this. (Score:2)
So what's new?
They still need a court order and they could always tap the suspects phone any time as things stand. This just let's them tap an account than might be moving on a dial in from different locations. The whole system has always been build on trust and controlled by the fact that any abuse of the system won't pass muster as evidence in court anyway.
So, if a Judge let them deploy Omnivore it sounds like there's a need for some legislation to prevent this sort of dragnet approach in future but the Carnivore system is exactly the kind of thing I'd expect the FBI to be getting up to, why is everyone so surprised? The intention of developing Carnivore as a discriminating filter seems to be a move in the right direction IF it only traps and searches the email of the suspect, and that's the whole point of the newer system.
Move along folks, there's nothing to see here.
Just Read the ZDNet Story (Score:2)
The analogy used was "It's the electronic equivalent of listening to everybody's phone calls to see if it's the phone call you should be monitoring." Actually, I'd say it's more analogous to having a bug in every home that uses that network. Considering that e-mail communications originating from one private residence destined for another private residence would qualify for some privacy protection, I would offer that placement of the "Carnivore" on a public wire steps way over the bounds of legitimate surveillance jurisdiction.
I guess what shocks me the most is that they actually demonstrated this technology. They expect buy-in?
Of course, there's always encryption....
Linux rocks!!! www.dedserius.com [dedserius.com]
Re:Easy work around (Score:2)
I remember reading a news story where someone sent an encrypted message containing details about a "crime" to an important high official, but without giving him the key (and they threw away the key themselves). They challenged the UK police to arrest that high official, since he had "evidence of a crime", but wouldn't(couldn't) give the key.
Funny how law enforcement seems to be a little more reasonable about enforcing stupid laws (in just about any country) when it comes to arresting "important" people.
Re:No wiretapping without a specific warrant (Score:2)
Email isn't really all that different, it just seems that we all expect our postcards to be completely private.
Read the article... (Score:2)
"The FBI defends Carnivore as more precise than Internet wiretap methods used in the past. The bureau says the system allows investigators to tailor an intercept operation so they can pluck only the digital traffic of one person from among the stream of millions of other messages. An earlier version, aptly code-named Omnivore, could suck in as much as to six gigabytes of data every hour, but in a less discriminating fashion."
This sounds like it is indeed meant for targeting specific suspects, after having obtained the legal permission to do so. Is it open to potential abuse? Certainly - but aren't unencrypted internet data transmissions open to snooping anyway? This just sounds like a high-powered info-sifter...
Re:If a data stream runs through a computer.... (Score:2)
Perhaps because you inore history? I would submit that the entire history of the human race is the history of power abused by indivbiduals.
Do we forget that the FBI is the same organization that has abused its powers in the past. Would you consider it part of the FBIs job to forge letters to heads of the Maffia and heads of the US Communist party in attempts to litterally provoke the two organisations to violence against each other? Well they did it! I have seen the declassified papers on it!
(www.thesmokinggun.com - an archive of files obtained under the FOIA)
Furthermore....what they CLAIM to want is EASILY obtainable without "Carnivore". It would be TRIVIAL for an ISP to setup their mail server to blindly send copies of all messages and ONLY messages to and from the person being monitored to the FBI system...instead they insist on having THEIR box process EVERYONES messages.
If Carnivore was the ONLY way to do the job, that would be one thing. The fact is, it isn't. In fact its the MOST intrusive method possible. It means THEY are sorting through data that they have NO right to access, in order to get at the data they do have the right to.
Re:If a data stream runs through a computer.... (Score:2)
> wad about the government getting warrents to
> check your email, but you flat out say that
> IPS's could redirect and read your email without
> anyone knowing, and no one cares?
I care...unfortunaly its unavoidable. Its the way that email was implimented, there is no way to stop an eavesdropper on that level.
My point was simply that they can get exactly the information they CLAIM to want, yet they seem to be insisting on a MORE intrusive system where the ONLY protection against them accessing more data than they "should" is well them.
Why would they insist on this, when they can get the SAME data through LESS intrusive channels?
Do I trust my ISP more than the Federal Government? Only because I have no other choice, short of convincing everyone I know to use PGP (fat chance that).
My ONLY objection, in the context of this discussion, is that this system can be abused by the FBI, with, essentially, no oversight. Using the ISP system to divert mail would require complicity between ISP and FBI to be abused...and that at least marginally raises the bar.
FBI agents are human beings. Human beings sometimes do bad things, even with the best intentions. As such, there must always be some level of protection in place to limit the damage that they can do.
Again...what I am suggesting is truely trivial difference, if they are truely only doing what they claim to be doing. However it protects the people at large, if their intions are other than their claims. Seems like a win all around (unless of course your an FBI agent who wants to abuse your carnivorous machine)
Re:Read the article... (Score:2)
There is a huge difference between tapping a phone line and listening in, and tapping the whole trunk and listening to every call, for every person on the block, simultaneously.
It opens the system up for abuse. It means that ALL email going through the ISP can be logged...once the system is in place, ALL users email is subject to the whims of the human FBI agent who installed it and set it up.
Protecting people from this is a trivial problem, and gives them NO less legitimate information.
Re:No wiretapping without a specific warrant (Score:2)
What they are doing is going to the post office and saying "There is a person in this city who we are investigating. We have a warrent that lets us read his mail before it gets to him." (assuming thats possible - remember this is an analogy)
Then demanding that the Post office turn over ALL mail that comes to the post office to the FBI and lets the FBI sort out this persons mail from the rest.
They arn't opening the letters per se...(tho in the case of email the distinction is blurred as the envelope doesn't conceal the contents) but demanding to look at "ALL" envelopes and make their own determination as to what they have access to.
Not How Terrorists Operate (Score:2)
From: susie777@hotmail.com (** ACTUALLY Brian O'Connor **)
Subject: Party! (** ACTUALLY Bombing of British Consulate **)
Hey girls(** ACTUALLY Fellow members of IRA splinter group **)! The party (** ACTUALLY attack preparation meeting **) is at Sheila's (** ACTUALLY Sean's **) on Saturday (** ACTUALLY Monday **). I'm bringing chairs (** ACTUALLY bomb material **) and Cindy (** ACTUALLY Michael **) is bringing hats and cake (** ACTUALLY automatic weapons and the map **). See you there!
Susie
If they are going to read my e-mail.... (Score:2)
Re:they DO require a warrant (Score:2)
Molog
So Linus, what are we doing tonight?
Same rules as non-Internet should apply. (Score:2)
If they have a warrant to collect emails to/from a specific person, fine. If they don't have a warrant, any evidence collected is inadmissible in court.
Gonzo
Re:referral ids (Score:2)
Why don't you learn what you're talking about before throwing accusations like that around, and if you're going to accuse people, have the guts to do it with your name attached.
Encrypt (Score:2)
Burris
Re:nothing will stop the FBI doing this until (Score:2)
But it can't do that. I mean, it won't just "notice" them. Its a computer. If its purpose was to scan for drug references in all emails, they could do that, but it would have to be on purpose. They couldn't use the "plain sight" defense to validate the evidence, because it requires an extra deliberate step to gather. You can't get a warrent based on evidence that you should have needed a warrent to get. It taints the process all the way down the line.
-Kahuna Burger
Re:The FBI is looking out for you (Score:2)
OK, breath deeply. Now lets think about this. Why was the fourth ammendment introduced in the first place? There were no phones, there wasn't even much of a postal service yet. But there were homes and doors and people capable of breaking them down to search your home. And there were police who might hear that you were seen leading a little kid into your home just before he was reported missing, and they might want to search your home. So we have the means to search your home and people who would want to. What do we do? We write an ammendment that says they can't do it unreasonably and a bunch of laws laying out a "reasonable" procedure.
Now the present. We have something besides your home, the internet, which people may want to search. We have ways for them to search it. And we still have an ammendment and a bunch of laws that say when and how they can do it. The existance of wiretap orders for other people who have given law enforcement enough justification to get a warrent, has nothing to do with your 4th ammendment rights, because they aren't searching and seizing you! As we understand carnivore and are discussing it, noone is spying on you.
Jon had it exactly right. As long as the FBI has the right and in fact the duty to obtain search or wiretap warrents, they will expand those rights into new forms of communication. It no more invades your rights than a legal, warrented search of your neighbor does.
-Kahuna Burger
PS, some people have expressed distrust at the number of internet wire tap orders obtained. But I'd be a lot more worried if they weren't getting any. Their going through the warrent process indicates that those warrents are neccassary, indicates that they are working within the system. Not perfectly, but its an indication that internet wiretapping is being taken as seriously as phone tapping. And thats what we want, right?
Re:4th Amendment anyone? (Score:2)
And one more time, they aren't reading the email of anyone except those who are on the carnivore tapes when they pull them. Saying otherwise is kinda like claiming that if I listen to police traffic on a scanner I am in fact listening to all my neighbors' cell phone calls because the equipment I have hears all of them not just what I'm tuned in on. Or that if I search DejaNews for "the keeper" I'm also performing an inapropriate background check of my potential employees by looking for their email addresses on porn, gay and alternative lifestyle newsgroups. Because, hey, that info is being scanned by the same program that gives me back my search results.
Paranoia is one of the many reasons I don't vote libertarian. I keep one of the others in my wallet.
-Kahuna Burger
If a data stream runs through a computer.... (Score:2)
I'd say no. The article was perfectly clear. The idea is to get messages for people/accounts on which there is a warrent. The computer sifts the data for those messages, and only saves those ones. The people whose messages are analysed by the computer but not saved, not read not noted, have suffered no invasion of their privacy.
Look at it this way. What if the police were snooping on conversations over short wave radio by tuning to the frequency of the people they were interested in. Could you seriously say that every person in the area using a short wave radio had had their privacy invaded because the radio equipment used at some level recieved every signal, even though the police only heard and recorded one? Its just as silly to claim that they are "invading" anyone's privacy but the person whose messages they actually read when they download the carnivor files.
People who have a problem with the ability of law enforcement to get warents for wiretaps, should just say so. But when everything turns into some "Big Brother" paranoia rant, it just diminishes your credibility when you try to alert people to a real problem.
Heh, story of SlashDot : The Hacker Who Cried 'Big Brother'
-Kahuna Burger
Re:If a data stream runs through a computer.... (Score:2)
Again...what I am suggesting is truely trivial difference, if they are truely only doing what they claim to be doing. However it protects the people at large, if their intions are other than their claims. Seems like a win all around (unless of course your an FBI agent who wants to abuse your carnivorous machine)
Actaully, I wonder about that. I have not had a lot of expereince with the rules of evidence, but would having a third party route all the data really result in as high a "quality" of evidence as the FBI harvesting it themselves? The advantage I see of the Carnivore method is that the data is filtered directly from the "feed". In your suggestion, could the ISP really guarenty the completeness of the info they were providing? Would their credibility become another route by which the data could be attacked (so, you claim to have provided these forwards to the FBI of the defendant's email. But as the provider, you are certainly capable of making a indistinguishable forgery of such a mesasage, right? Did you have any billing problems with the defendant?)
On a slightly more serious note, your method would require the FBI to tell the ISP exactly who the target was, risking a civilly disobedient ISP doing the forwards, but tipping off the subject of the surveillance. Of course with Carnivore, if the ISP couldn't tell what it was scanning for, they wouldn't know that it wasn't pulling an "echelon".
So, the best case senerio (given the existance of wiretapping laws, etc) would be: FBI shows up with a machine and two peices of paper. One is a authorized warrent, the other is a third party affidavate (I dunno, someone backed by the ACLU) stating that the filtering is programed only to pick out the email address of one individual, the one covered under warrent. You could even have the third party program and install the Carnivores, and then provide the kit and kaboodle to the FBI at the end, giving them the data and the chance to confirm that said 3rd party programmed it corectly.
Of course a system like that would take a lot of work to get in place and people with the energy to do that much work on this topic generally wouldn't like it because its compromise. So they will probably just keep doing it the way that makes some people nervous, and those people will keep making noise. Real life is too bad that way.
-Kahuna Burger
Trust (Score:2)
Are you not trusting the FBI, or not trusting the technology? The entire point of the system is that the FBI isn't just browsing through and deciding to take your messages. "They" aren't doing the sorting, no individual is going to say "hey! I know we just had a warrent for guy X but a line in guy Y's email caught my eye and I think we should look into it!" In fact, that is exactly what this systen is meant to avoid. Get it? The entire point of carnivore is to 1) save man hours, and 2) avoid invading the privacy of people who aren't covered by the warrent.
Why is this bad? Given the existance of wiretapping warrents that can be applied to electronic communications, how can you guys possibly object to a technological solution to decrease the human instinct to notice things other than what they are looking for. Computers don't see anything except what they're looking for. Have you ever done a web search for breed rescues and had your computer say "Hey, this isn't related, but there a kinda neat article over on Slashdot about overclocking."? No? Me neither. But I regularly browse the "new titles" section of the library for one topic and end up with an interesting book on something else. If you are concerned about law enforcement exceeding their warrent, you should be celebrating Carnivore.
If, on the other hand you just salivate like pavlov's dogs at the words "wiretapping" and "messages" Carnivore would be a bad thing by definition.
-Kahuna Burger
Warrants difficult to get? LOL LOL LOL! (Score:2)
G.Gordon Liddy was once a prosecutor. Do you think he would blanch at faking a warrant if he felt that he was fighting a just cause? Have you seen the enemies lists he compiled for Nixon, with recommendations of assassination? Don't fool yourself into thinking that it is always rational, good-hearted people running the show. And whatever your politics, remember that the other side will occasionally have control of this mechanism, and will use it with the same fervor as a Gordon Liddy or James Carville - pick your villian.
Finally! Wiretapping for the 'net (Score:2)
Marcus Thomas, chief of the FBI's Cyber Technology Section at Quantico, said Carnivore represents the bureau's effort to keep abreast of rapid changes in Internet communications while still meeting the rigid demands of federal wiretapping statutes. "This is just a very specialized sniffer," he said.
He also noted that criminal and civil penalties prohibit the bureau from placing unauthorized wiretaps, and any information gleaned in those types of criminal cases would be thrown out of court. Typical Internet wiretaps last around 45 days, after which the FBI removes the equipment. Mr. Thomas said the bureau usually has as many as 20 Carnivore systems on hand, "just in case."
Mr. Thomas is entirely correct --- Carnivore is just a very complicated sniffer. And while privacy advocates are correct --- the government COULD sniff anyone. But the government COULD also wiretap anyone. The rule of law is what prevents that. The FBI can pay through the nose if they get caught making illegal wiretaps.
The Carnivore system is perfectly consistant with the current laws and norms on government surveilence. To question Carnivore but allow for regular wiretaps, is in my opinion, an indefensible view point.
Re:This would be a surprise? (Score:2)
While it's true that it's easy to forge email on the internet, that's not where the billg mail came from in the Microsoft case. In that case, the email was from Microsoft's internal email system. It had been turned over to the government as part of the pre-trial discovery phase, which is basically when the lawyers for the two sides are allowed to demand that the other side turn over information that might be relevant to the case.
Furthermore, the emails weren't just random mails from billg to the rest of the world. They were part of multiparty email correspondance on particular issues. IOW for Gates to disavow the emails, he would have had to claim that someone was not only forging his name but was also intercepting his personal emails and forging a conversation on his behalf. Not only that, but they were doing so not on some leaky internet system but on Microsoft's presumably secure internal system, and that the other people he was corresponding with, who presumably encountered him at least occasionally in person never brought up the topic of the emails in non-email conversation so that the forgery never came to light. That claim would be so obviously bogus that all it would do is damaged Gates's credibility as a witness and not impeach the credibility of the email at all.
Re:This would be a surprise? (Score:2)
Yes, and written letters are just bits of ink on pieces of paper, but using them is quite common in legal circles. Fairly reasonably, if I ask you for your records and I find something incriminating in them (and bear in mind that you also have to provide copies to the court, so I can't change them and claim that they're original) it should be your burden to prove that the incriminating comments were forged, rather than mine to prove that they're genuine! If anything, people should be suspicious if they show something unusually exculpatory, since you're far more likely to modify them in a way that reflects well on you than to forge records that incriminate you. In any case, IIRC these aren't emails from Gates's desktop machine; they're from the corporate email archive.
Getting back to something closer to the article that triggered the discussion, the FBI isn't talking about either of these things. They're talking about intercepting email in transit, so my original interpretation of the more conventional approach to header forging is more of what the FBI would be interested in. In thise case, though, the FBI's tap is actually less likely to be forged than a random email, since they're going to be tapping his immediate upstream connection, so a forger would need to insert their forgeries exactly there rather than at any random point in the network. As for the FBI being able to forge the email, they could potentially do that no matter what system you used, so you're going to have to trust them to be honest in any case.
One interesting aspect of this is that it suggests that if you're a criminal you shouldn't PGP sign your incriminating emails. If they're PGP signed, it provides the FBI with excellent evidence to use in court that they're not forged; unsurprising since proving authenticity is the intent of signing them. If they're unsigned, though, it'll be a lot easier to claim that the FBI forged them. You can probably enhance the effect by signing all of your non-incriminating emails (which you figure that even the most hardened criminal would have) so that you can intimate that the FBI forged the incriminating ones but were unable to forge the signature since they didn't have your private key.
I'm sure they filter... (Score:2)
They don't actually look for words like "make", "money" and "fast" or even "buy", "cheap" and "toner"...
...and they certainly wouldn't be looking for words like "XXX", "asian", and "sluts"... or would they?
PGP (Score:2)
Re:No wiretapping without a specific warrant (Score:2)
I'll do ya one better. Why shouldn't a letter sent via electronic means not enjoy the same protections as a letter sent by the post office? Correct me if I'm wrong here, but tapping into a phone line isn't a federal offense, where as opening someone's postal mail most certainly is.
This is NOT wiretapping folks. This is the process of ripping open your sealed envelopes. Worse yet, it rips all of them open with only a flimsy promise to only look at the letters in question. The FBI does not have a great track record for being trusted to abide by only playing by the rules of a search warrant.
The really amazing thing is, America's founding fathers saw this very thing coming. The 4th amendment was not an after thought. It was put in to deliberately undermine tyranny within the nation they were building.
Re:Satellite phones (Score:2)
Certainly they do exist but they are about the size of a suitcase, cost thousands of dollars + several doller a minute in calls.
Personally i've never seen cell networks like the ones in finland and estonia.
Finland deserves credit because i've travelled up north into the country and still get a better reception with a Uk cellphone than i get in my apartment in central Edinburgh. Not to mention that they have boosters every few metres along the subways so you aren't ever out of touch, and cells on every single goddam rock that sticks out of the sea too
Estonia on the other hand deserves equal amounts of credit for developing a network to rival the UK ones and yet only 10 years ago they were part of the USSR and the rate of growth there is just mindblowing.
Government Promotion of PGP (Score:2)
At the end of the day we all know that they almost certainly cant crack PGP encrypted stuff... except that I only started using PGP for vaguely sensitive mail when i first heard about the echelon system.
I was always aware that my comms could be intercepted and certainly running a packet sniffer on a network brings in some interesting stuff, but I never really considered it was practical to filter all online traffic in that manner.
The govt have coming forward and said "Guess what? We're already doing it!!" probably does about the same good for PGP usage as handing out $10 bills with every download.
It really is a shame that the bulk of the public dont understand the reasons why encryption is a good thing. Sadly the conventional press tend to see it more as a system for protecting criminals rather than free speech, and popularist public opinion is against PGP.
4th Amendment anyone? (Score:2)
It does not matter what the FBI says, they may not do this and be in compliance with our Constitution.
Let your representatives know that you don't want the Constitution ignored, or vote for a candidate that will demand that the government complies.
Look for a candidate at the Libertarian Party home page [lp.org].
Topher
Got Freedom? [lp.org]
Devil's Advocate (Score:2)
I disagree -- I think it's more like opening a telephone junction box to see which line you should be tapping. With that box open you have the potential of tapping all those lines, but you just tap the one. The computer may be monitoring all the traffic, but obviously it has no understanding of what it's processing; if the system is used properly (and granted, that may be a big IF), it's only recording suspect traffic.
--
Unnecesary Paranoia? (Score:2)
When I was a kid, I hung with a lot of skins and punks. The Cops would shake us down every time they saw us.
It wasn't that they knew we were up to something. (although yea sometimes we were... but no more then anyone else). I personaly have never had a record, but the cops knew we were trouble, mostly because we were skins & punks. (And no I was not a bigot)
It is not a question of being a crook, it is a question of being percived as a "unwanted element". We were an unwanted element.
I do not feel comfertable with the FBI (or anybody) with this kind of power. How long to they start shaking you down.
What about Echelon? (Score:2)
----
Re:Secure Communications (Score:3)
HushMail [hushmail.com]
Already exists (Score:3)
("apt-get install postfix-tls" if you use Debian.)
Take a look at RFC 2446 (Transport Layer Security) and RFC 2487 (SMTP Service Extension for Secure SMTP over TLS) for details.
For an implementation, look at postfix-tls:
Start with the postfix site [postfix.org] and then the TLS site [tu-cottbus.de] if you don't have the ability to apt-get source I guess.
Re:The FBI is looking out for you (Score:3)
Just because I'm not a criminal doesn't mean I want the gov't, or my next door neighbor, to be able to read my email. Of course, that's why I have a huge PGP key (check my userpage)...
I am a private citizen, and my personal life is no business of the government.
Heading for Braindead . . . (Score:3)
Imagine an authoritarian system as a pyramid with an eye on top (look at a dollar bill). Now, the guy at the top wants to control the people down below, but he has to rely on them for information. So he uses coercion to control them and extract information, but since fear of punishment, hate, and paranoia are driving the people below, they only say what will prevent punishment. The system reflects itself down the pyramid, and due to increasing ignorance, becomes brain dead over time.
It seems this is the way we're heading with cybersleuthing, techno-eavesdropping, lawyers throwing lawsuits round, etc. We're all paranoid as hell, everyone doesn't trust anyone, and there are more and more threats each day.
It appears the FBI is making yet another contribution to this. I wonder how this will be abused (and thus increase mistrust), how errors will be made (and thus increase mistrust), and how many bad precidents and angry reactions this will produce. I wonder how many lawsuits and court cases will result from their snooping.
In their quest to enforce laws, the FBI makes themselves that much harder to trust by being more invasive. Ironic that.
Re:Read the article... (Score:3)
> targeting specific suspects,
Well it deponds on how you wish to look at it really. Assuming its a given that they have the right to wiretap (I am putting aside the fact that I have major philosophical problems with law and law enforcement here)....they have the right to listen in on "data" (conversations email etc) comming from a known data source (victem er I mean bad guys phone) to gather evidence against him.
Their entire system sounds basically like a system that takes all the email in the system, applies a set of regexs to the headers and takes all email too and from there target.
Here is the problem I have. The "data source" is not a "known one". They are not listening to "His line" they are listening to the whole ISP. Even if its just a header grep...they have NO RIGHT to recieve and look through ANY data except that which comes from or two who they are looking at...even if it is JUST a gheader grep.
The difference may not seem important but it is. If they wiretap your phone line, they can't abuse that to listen to my conversations, unless I use your phone. In this case there is the possibility of abusing their "wiretap" on YOU to listen to MY email because I am on the same ISP as you.
if YOU are the target...they have NO right to have MY mail ever even TOUCH their system.
I know what the FBI use it for (Score:3)
These are then filtered out and despatched to agents personal computers, saving them several hours a day in hunting for pr0n.
These extra hours are what will really give them the advantage combatting cyber-terrorism.
they DO require a warrant (Score:3)
Sigh, the FBI does rquire a warrant to use Carnivore, and to top it off, it's _really_ hard to get. As for tossing extraneous data, it's the software that analyzes all the traffic, not humans. IANAFBIA, but from my experience, c-vore only _collects_ data on the target, agents don't even see the rest of the cruft.
Let's get off of our parannoid horses for a minute, and think about this rationally. Do you _really_ think that the FBI would waste the thousands of hours of manpower it would require to manually analyze just one hour's worth of unfiltered data? Even if they did see that metallica.MP3 file you e-mailed to your aunt, would they really care enough to note who you are? Of course not, they're after the sick-ass guy who brags about whipping pre-pubescent girls and rubbing salt in their wounds (trust me, I'm _not_ overstating this).
Besides, if you really need to overthrow the gov't (of course one day we will, history teaches us that) you'll just have to use encryption...
A good invention (Score:3)
Re:Selective filtering (Score:3)
(up to 10 years i think)
also, never be 100% sure that your encryption is safe, you never know quite what technology they've got....
{shhhhh... the froggies are asleep.}
spam-proofing?
Re:This would be a surprise? (Score:3)
In the MS v. DOJ thing, apparently they used a bunch of emails from Billy G. as evidence.
Admittedly, I didn't follow it all that closely, (by them time I had first heard about it, I was sick of hearing about it) but why didn't he just say "I didn't write that."
It should be virtually impossible to prove that email was written by any particular person. I could set my "Real Name" to Bill Gates and send out an email, or if I really wanted to put effort into it I could even make it look like it really came from bgates@microsoft.com. It's not that hard to create a file with a certain set of text in it, so an email header that says "this is from person X" doesn't at all guarantee that it actually is.
I know what many of you will say: "But you can track it's path through the mail servers, and if you're really thorough, you can pin it to an internal IP and MAC address and time of origin." Even that doesn't prove who was using that machine.
Steganography. (Score:4)
Take your plaintext, encrypt it, hide it in some of the least signifigant bits in an image, attach the image to an ordinary email, and off it goes!
The thing that bothers me (Score:4)
Originally, you have this telephone system.
Then.. the feds (or whoever, law enforcement) says 'hey.. would it be possible for us to listen to someone's phone call?'
It was just evidence gathering.
Can anyone see how this is a world different than the feds saying 'you may not build a phone system unless we can wiretap it?'. It's a very different scenario. The first was simply evidence gathering based on what was available, the second is an actual attack on privacy, or, in other words, 'we forbid you from making a secure, private system'.
People.. everyone *must* start using encryption!
This would be a surprise? (Score:4)
The scariest part of this is that people can, and frequently DO send e-mail from different places. Also, multiple people frequently use the same phone line. So consider these two situations:
It is very easy to forge e-mail. What's to stop someone from forging e-mail in the name of someone in two places? Nothing of course. What guarantee is there that the FBI will understand that they could easy get false data? None of course. Since we're already setting up classes of crimes for which "innocent until proven guilty" is no longer upheld (in practice), it won't be long until someone is convicted of a crime based upon what is fraudulent electronic evidence.
Of course it has probably happened already.
Secure Communications (Score:4)
In the UK i believe the police can now demand ISPs route certain customers traffic through them and whilst I dont do anything that i'm particularly worried about online it's still not a very comforting thought.
I wonder if providing free encryption based web mail services would be something that havenco would be prepared to provide as a publicity stunt?
ANother reason to use PGP (Score:4)
So I think that stories like this should be brought to a greater attention (read: Joe User should notice that). And we should get used to "sealing" our email with PGP like we're used to seal our envelopes.
One other nice thing about encrypted email is: your ISP couldn't be held responsible for anything you say. I'm responsible for what I say, and you are responsible for what you say, and not vice versa. And this should be true for everyone.
As long as PGP can't be decrypted, we can shrug our shoulders at stories like this.Re:That was then, this is now (Score:4)
It starts by stating that to change a single bit in a processor, you would (according to the laws of thermodynamics) need an amount of energy no less than kT where T is the absolute temperature of the system, and k is the Boltzman constant. If you run a computer at 3.2 degrees Kelvin, and with k being 1.38*10^-16 ergs/K, you would need 4.4*10^-16 ergs to set or clear a bit.
The sun releases about 1.12*10^41 ergs in a year, so if you could collect all the energy from it for 32 years (of course, Earth would soon become very cold and dead then), you could have a your computer count up to 2^192, but you wouldn't have any energy left to do anything with the counter (such as cracking a key). A typical supernova releases about 10^51 ergs. If you collect all that energy, you could count up to 2^219.
The conclusion is that unless computers are built from something other than matter, and occupy something other than space, a brute force attack against a 256 bit key is not possible.
--
Re:The big picture (Score:5)
If the government has a technique that can decrease crime, prevent terrorism, and save lives, how can you be opposed to it?
Pol Pot and Yeng Sari had such highly successful techniques. Cambodja virtually had no crime. It also did not have any literate cittizens left and had 25% of the population killed.
Hitler also had such technique. The crime level in Nazi germany was very low. There were almost no pedofils left in Germany for example. So if broght now Hitler Germany would not have had any "child p0rn" problems as there were no consumers for "chid p0rn" left. He simply treated them like the jews. Actually jews had higher survival rates than pedos and gay in Nazi Germany and Stalin USSR.
Stalin and his followers also had such technique. The crime level in the ex-eastern block was never asv low as in nazi germany but it was mostly petty crime. Not shooting in the streets like now.
Are all these compelling reasons for us to restore anyone of these? Clone them maybe?
Just a thought. (Score:5)
It has long been viewed in north america (though the US changed it's law for some reason or other) that the public airwaves were just that; public. We regulated who could use what spectrum for what in order to make everybody happy. (if everyone fought, radio would be useless).
Then, one day.. along came the cellular telephone. Lo-and-behold, these phones used standard FM in their allocated bands. So.. people with radio scanners could listen to phone calls.
Now.
The airwaves are a public resource; they always have been and they always will be. The celluular providers had *NO REASONABLE EXPECTATION OF PRIVACY* for their calls. They were broadcasting in the clear.
Remember, regulation states who can broadcast, not who can listen.
So.. cellular providers deal with this up here by pushing digital.
How is the internet any different? You KNOW that you don't have control over your packets once they are out of your network. Perhaps your upstream has an agreement wiht you guaranteeing certain privacy.. but what about their upstream? What about everyone? By it's nature, the internet is not a single resource, but a vast collection of networks all hooked together, covering every juristiction and idology known to man.
Regardless of what the 'ignorant' public might think, there is *NO REASONABLE EXPECTATION* of privacy when putting packets on the internet, unless they are encrypted. Period.
I'm not saying the itnernet is a public resource, like the airwaves.... but you *know* you can't control where those packets go. So
Re:PGP (Score:5)
Difference between FBI and Congress (Score:5)
The FBI, on the other hand, gives it a name that can't help but encourage visions of a government run-amok eating its citizens. Which, come to think of it, is not too far from the truth.
No wiretapping without a specific warrant (Score:5)
This guy is right on the money. This isn't about targeting a suspect and confirming other evidence (as wiretapping is meant to be), but about trolling for suspects. Why should electronic communication be legally less protected than telephone communication?
I wouldn't much mind if this sort of thing required a warrant and if they were required to toss any data without a specific person's (or IP, at the outside) name/id on it. There's no need for this level of invasion. I also suspect, rather like the cybersensor filters, they're going to pick up more false hits than real crime, and wind up investigating and harassing uninvolved people.
Now here's an argument for better encryption.
TO: myfriend@theotherispintown.com (Score:5)
It's so double plus good to be alive and protected by the Ministry of the FBI!
----
Re:PGP (Score:5)
...wait a sec...
*CLICK, CLICK*
There, my key is now 4096 bits, problem solved. ^_^
Seriously, I think PGP is too versatile to be cracked so easily. i.e. I have a 2048/1024 DH/DSS key with the CAST cypher, but I also have a 2048 bit RSA key with the IDEA cypher. You can also have custom key sizes, for example Will Price at PGP has a 4000 bit DH key.
Powerful and flexible.
I recommend looking up "PGPDisk." It's easier to use than the already dead-simple normal PGP. It creates a virtual disk volume that's encrypted, and can auto-unmount itself. It's good even when the PC crashes, too. (In tact, data saved until crash is still there when you reboot.)
...however I don't know if it's out for Linux.
Automated Search Warrant Request Software (Score:5)
warrant would reasonably limit privacy
invasions by any agency.
Until I found a website for an automated
search warrant request software package.
Like most of you, I don't do anything that anyone would be concerned about. I don't even keep copies of DeCss around, nor do I download metallica songs. And after seeing the anonymous family photo with the cucumber, the dog and what appears to be a small cheerleading squad, I haven't much interest in downloading Pr0n. With caffeine as my only drug, I'm not exactly worried...
I even pay my parking tickets and cable bill.
What is scary is the website I found (there are at least three packages for this)detailing software designed for automating search warrant requests (probable cause, non?) and capable of processing over 1100 search warrant requests per hour!
I found these sites by accident while looking for information on search engine technology in 1996. I won't list the URLS, but you can find them. One site talked about how much faster it would be when electronic authorization (EDI) interaction became available.
Imagine how low the threshold of probable cause will slip once some eager programmer decides that online email profiling data can go immediately into the search warrant request software, returning approval in under thirty seconds.
There are no laws saying that e-mail, packet scans and IP traffic logs cannot be held indefinately, or archived for the last 120 days. This didn't apply to telephone calls - while call logs could be accessed, recording the actual conversations required a warrant - so speech that occured before the warrant was safe, or left as hearsay evidence. With digital archiving of all traffic, the landscape has changed.
In the future, search warrants will effectively be *retroactive* - and can contain complete records of what you've done for months.
For most people, privacy is seen as a way to hide indiscretions from general knowledge, or as a way to "get away" with crime. It isn't - that's a small quirk that can be handled through our current legal system.
Privacy is really the way that we guarantee our right to stay at arm's length from our government (well, at least the individuals in it) and our ability to disagree and express that disagreement (without fear of punitive retaliation)to those in power, be they government officials, Microsoft or the MPAA.
As long as we have that, everything else in a democracy can work. We don't really want a truly libertarian state (Been to Moscow lately?), but a democracy that embraces responsibility and liberty like RSM embraces pizza and ego.
So Get off your dead asses
and write those letters now!
snicker.
Selective filtering (Score:5)
BTW, how does wiretapping interact with encrypted data? What if they tap the email and discover that it's all PGP'ed? Can they brute-force it?
the part MSNBC didn't print (Score:5)