Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

White House Proposes New Wiretapping Restraints 6

CharlieG points out this story at ABCNews.com. The White House wants to make law enforcement jump through the same hoops to intercept e-mail as it currently must to intercept phone calls. CDT approves of the plan. The ACLU is understandably focused on Carnivore (FBI: "trust us") and is "disappointed" that Clinton didn't take the opportunity to put the kibosh on it. I can't tell from the news reports whether the proposed legislation would only affect law enforcement, or whether the private sector would also be held to the same standard.
This discussion has been archived. No new comments can be posted.

White House Proposes New Wiretapping Restraints

Comments Filter:
  • You are being distracted by all this new internet stuff.

    Just put a tap on the phone that goes to his house. Just like the old days. You are pretty much guaranteed to get only the subject. It's just a matter of processing the tapped with a computer instead of a tape recorder.

    Why worry about his IP address if you know his phone line ?

    Why worry about some SMTP server when you can just listen everything that goes in and out of his connection ?
  • I can access the phone network from anywhere also. Those with something to hide from law enforcement have always had access to public pay phones, or more recently, been able to purchase cell phones with cash pre-paid service. So standard phone taps have always been frustrating, and law enforcement has always found other ways (long distance microphones, planted bugs) to surveil targets when necessary. All within the laws we have right now.

    So why does the government suddenly need more powers ? They don't listen to all of my phone calls to make sure that I'm not really Osama Bin Laden, so why do they need to grep through all of my email ?

    The point is, that this is an extension of the government's powers, not simple application of existing powers to a new medium. I'm not against extending the wiretapping authority of the government, it may be necessary, because of the increased amount of communications (not the newer mediums). But it should be done with open public discussion, not in an atmosphere of misleading claims.
  • I can think of two problems for someone with a legitimate court order.
    • How do you get the IP address associated with the dialup port being used by the target.
    • Incoming mail is being delivered to a SMTP server, not directly to the target. If you want to capture the target's incoming email, you have to sniff port 25 on the SMTP server(s).
  • It wouldn't work to merely tap his home phone because you can (and many people do) access the Internet from all sorts of locations; cell phones, pay phones, airplane phones, etc... sure not every criminal is going to be running around like a technophile doing this kind of thing, but probably enough will that standard phone taps will be frustrating at best...
  • How do you get the IP address associated with the dialup port being used by the target.

    This is easy to do anyway, but espcially if you have access to the ISP's hardware. Since they're already putting their Carnivore device inside the ISP's office and on their network, it would actually be less invasive to just tap the ISPs radius logs (dial-in modem authentication program used by most ISPs as far as I know) for when the account(s) you're interested in signs on, and what IP they're using.

    Incoming mail is being delivered to a SMTP server, not directly to the target. If you want to capture the target's incoming email, you have to sniff port 25 on the SMTP server(s).

    True, but adding in the ability to poll the ISP's mail server (since you will have their password anyway and the ISP's cooperation) would be a 10 minute session for a halfway decent programmer. Plus, if you don't need to get the mail immediately, you can always just wait for the user, because at some point they have to download the mail, and when they do you will see it going over their connection just like any other data...
  • by nezroy ( 84641 ) on Tuesday July 18, 2000 @06:33AM (#924804) Homepage
    When Carnivore is placed at an Internet service provider, it scans all incoming and outgoing e-mails for messages associated with the target of a criminal probe.

    I hope the FBI computer crimes division is just a little smarter than this... if you know who you are going after, you should be able to find out their account id and, consequently, whatever IP they may be using at any given time... as such, you would only have to scan incoming traffic for it's source address, which is no more an invasion of privacy than any standard router. For that matter, with access to the ISP's hardware, you wouldn't even have to do that (being subject to spoofing et. al. anyway). You should just tap directly the data from whatever modem/router the suspect's account is currently being accessed with.

    This much more discriminatory system should be combined with a wiretap order that is ACCOUNT SPECIFIC, meaning you have to explicitly state which ISP accounts you are going to be monitoring, just as (I assume) you have to explicitly state which phone numbers you are going to be tapping in a standard wire-tap order.

    Together these two simple provisions (which should be in place anyway) would mean that the government would have the hardware purposefully designed only to listen to traffic destined to a specific account, and would be explicitly stating ahead of time which accounts it intended to tap. As a result, police stepping outside of their bounds would be easier to catch, easier to regulate, and easier to punish.

    The net result is that you have to prove to a judge ahead of time that you think someone's account might reasonably be used to transmit information to/from/about the suspect, before you can get the tap in the first place. This is the same as phone taps; you can't just go randomly tapping phone lines in the hope of netting a conversation about a suspect. You have to have a reasonable belief that the line you are tapping is somehow related to the investigation BEFORE hand. This shouldn't be hard to justify or implement with internet taps; after all, if you're tapping the suspect's account and all his outgoing data, you're going to know from there exactly what other e-mail addresses or ISP users you may be interested in. All of this protects the privacy of those who are innocently involved or completely uninvolved, while at the same time providing the police all the power they need to get the evidence on their suspect.

You can be replaced by this computer.

Working...