Court to FBI - Full Public Review Of Carnivore 222
ka9dgx writes: "According to CNN, the judge has decided that the FBI has to make public how Carnivore works. The FBI has to come up with a timetable for disclosing how it works." More detail: The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works. This comes as a result of EPIC's fast-track Freedom of Information Act [?] request for information. This does not mean, however, that the source code will be made public - but it's a step in the right direction.
Re:A different take on this whole thing... (Score:1)
What about that crafty terrorist suspect out there that we don't yet have enough information about - should he or she (to be politically correct) be given a break?
Yeah - give him a little privacy. Give him/her the ability to figure out what exactly Carnivore looks for. Give him/her more knowledge about it so that he can use it to his advantage and maybe work around it like it was never there. Sure.
I for one think there are some things that I'd rather not know to protect my safety and others.
Bug fix. (Score:1)
Bug fix (fixing my last bugfix) (Score:1)
- if (contains(tokens,e_mail_body,e_mail_subj))
+ if (!contains(tokens,e_mail_body,e_mail_subj))
It was a $500 hammer, and it cost a lot for reason (Score:1)
Ran out of room.
The reason the hammer costs $500 is because you can stick it on a road, run over the hammer with the tank it's intended to fix, and then proceed to fix the tank with it.
Try running over a $10 hammer from the local hardware store in an M-1 and see how well it works after that.
Huh? (Score:1)
Excuse me, but what in the fuck are you talking about?
How can you defend an "industry" that makes its money from the degredation of women?
How?
An "industry" that pushes the view that women are sluts there for male exploitation and use?
Again, Huh?
Pornography is the domain of men who can't get a real wife, and instead are forced to retreat into the fantasy land of "erotica", another liberal term that hides a disturbing truth.
What "disturbing truth?" That your religions are responsible for more discrimination and oppression of women than this "evil" called pornography?
No, I have a bit of an inside view of the industry (having dated a girl involved) and I can tell you it ain't nearly as bad as you make it out to be.
No. They're not. (Score:1)
If you were basing them on ethics rather than pushing your morals to ethics, then there you would be shutting up. See, porn doesn't adversely impact anyone who's consensual. You claim it does, using your own assumptions to do so.
Ain't nothing to see there, folks. Just hogwash.
Orwellian Nightmares (Score:1)
---
OK, then the NRO then (Score:1)
foia (Score:1)
would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law
There are other provisions for non-disclosure such as an Executive order. There is also a provision whereby non-disclosure is granted by a specific statute (law passed by Congress). A real juicy example of this the "Death Squad Protection" [gwu.edu] act.
Re:The FBI are just looking out for us right? (Score:1)
Good god. The problems with your assertions are innumerable and amazing. I hope you're just trolling, but I doubt it.
Let's see 1) children attacked and killed every day...never mind the children's crusade, the horrible state of orphans in, for example, victorian england, etc. Methinks that most children today are overall better off than in Franklin's time. If you want to bring all of culture down to the level of children, hey, have fun watching Barney for the rest of your life.
2) pornographers make lots of money...SO WHAT? How do *you* define pornography? What exactly is wrong with pornography as you define it (pretty broadly I'd guess)? If you don't like it, don't watch it, don't contribute money to it. When everyone agrees with you that it's wrong, and stops spending money on it, it will fade away. Until then, unless it is provably causing harm (and if you define it as broadly as I expect, there are many forms of porn that are only "proven" to cause harm by those who go into their studies already knowing the results) it's protected by the constitution. Sorry if that's inconvenient for you.
3)"Islamic Fundamentalists"...where can we start with the inherent racism in THAT statement? There are plenty of American Militias that wouldn't mind destroying America, at least what they see as the wrong parts of America. There are plenty of Christian Fundamentalists who don't have any problem killing gays or workers at abortion clinics (even those who don't perform abortions themselves), and even some who use Christianity to defend their racism and attacks on people who are different colors than they are. And let's go back to looking at what was going on in Franklin's time...there were British Troops looking to "destroy America" with direct warfare. That's a much more direct and credible and immediate threat than we have today, but he didn't advocate draconian measures to address it, that's why he made the statement in the first place.
4)Commonplace crime and murder...I guess you've never read much about large cities from years gone by. With fewer people it was probably easier to hide the crime and murder, but it definitely happened all the same, and in every era it has always been decried by those who believe we could be a better human race. You need to actually study some history instead of assuming that the idyllic (idullic? heh) stereotypes portrayed widely today were real.
Your arrogance in claiming to speak for Franklin and what he'd think if he lived today is amazing. He did not think we needed a big daddy government then, and we still don't need one today. There are good cases to be made that in fact a large percentage of the "modern" problems are directly RESULTING from the government trying to be big daddy. It should be obvious that if someone is forced to accept overarching and misguidedly excessive parentalism, they'll never grow up, and when something happens to leave them unsupervised they won't have learned any of the skills of self control because they didn't have to. That's when things get really ugly.
Re:The FBI are just looking out for us right? (Score:1)
Those who would sacrifice liberty for security deserve neither
You can rant all you like about the FBI "just doing their jobs". That is roughly equivalent to the same statement about the guards at Auschwitz. What they are doing is not authorized by the constitution, it's unreasonable search & seizure. Sure, they have to have a warrant to use the box, but once it's in place how can it be proven that they're ONLY gathering the data approved by the warrant? It sees everything, and it doesn't seem too difficult to have it squirrel things away that are convenient. Oh, and do we want to claim these boxes are hacker-proof? I wouldn't bet anything on that. What do we do when hackers get access to a machine that watches EVERY DAMN PACKET?
Re:Pornography is not "harmless" (Score:1)
Ah, and here we see the rub. The problem is that it many cases, you are projecting your own opinion that women who are in the "industry" are sluts. There is plenty of pornography that does not make that assumption--a simple picture of a naked woman makes no perjorative prejudgement of her moral character, unlike you.
Those of us who still believe in decency need to fight those who would push their immoral filth onto society.
Um....nobody forces you to buy porn, Dan. Or do you mean that because something exists and is legal, it's forced on society? Personally, I'm more offended by those who would force Barney onto society. That, and religious people who think they are the only ones who know the ultimate truth and I have to be forced at gun point (that's what law does after all, in its final analysis) to behave by their rules.
Re:There is no "technical" lawbreaking (Score:1)
By your definition there are probably 100,000 non-criminals in this country. Y'all gonna lock the rest of us up?
There's PLENTY of ways to break the law technically without doing anything morally wrong. Even by such strict moral standards as you profess to have. Of course by the "deserves whatever they get" standard, seems like most lawbreakers should just get the death penalty. Hey, they deserve it right?
Re:HAHAHA! (Score:1)
Mine seems to be stuck too - I've been moderated up twice today, I haven't been moderated down at all, and yet my karma hasn't moved. I'll test this on the next article that comes out.
Re:sendmail & encryption (Score:1)
Obviously the correct response is for the client which has many free resources to do the encryption but that of course raises all sorts of issues that have been better addressed by others.
In other words your beating a dead horse which you have zero understanding of.
Re:Way OT, but is Slashdot Hypocritical? (Score:1)
Re:Makes sense -- we know how a search warrent wor (Score:1)
Secondly, any box placed out on the net like that needs to be completely understood, simply in order to avoid having it be a huge security vulerability - security through obscurity being a really terrible idea. Not to mention being sure that it's only doing what it's supposed to.
Thirdly, the purpose of police is not "efficiency", but protection. The basic conflict between society's freedom and the police's efficency should be heavily weighted on the side of freedom and privacy. The cops job is not SUPPOSED to be easy. Tough shit, Janet.
Further deponent sayeth not...
- Dr. S
Re:sendmail & encryption (Score:1)
I don't understand your logic.
-
Open source movement in the government. (Score:1)
Re:Way OT, but is Slashdot Hypocritical? (Score:1)
Just post a URL... (Score:1)
I have a better idea for the FBI (Score:1)
The set of people who are dumb enough to run this client has a great deal of overlap with the set of people who aren't smart enough to use encryption or off-shore ISPs. PLUS, it's cheaper to make (and may have income from selling it) AND has no pesky legal problems (RealMedia does it, why not the FBI?).
--
Re:A different take on this whole thing... (Score:1)
I'd give up my rights to a little phone/net privacy if it protected my family, friends, or even other innocents (as long as the information isn't made public if I'm found to be an incorrect suspect).
I don't know who is not listenning - there are two points to satisfy your support for law enforcement: ISPs can provide the information easily themselves, and the FBI can use better technology to get access to only the packets of a suspect (by hooking a sniffer to a suspects entry point, not by sniffing the whole stream).
What we currently know about Carnivore shows that it is a system ripe for abuse. Here's my hypothetical: what if a pedofile used the information from a cracked Carnivore box to learn that your daughter is going to to the mall to meet her friends at the ice cream stand?
Re:A different take on this whole thing... (Score:1)
Who will select the experts? Will the true experts agree to the conditions and NDAs that the government will require? Who will guarantee that the binaries used in practice are produced from the exactly same source code which was reviewed by the experts? And most importantly, there is a great example of open source security - OpenBSD. How many exploits are there for OpenBSD and how many cracked sites?
And remember, all this discussion is relevant if Carnivore is really needed. I haven't heard or read anything that would tell me what Carnivore is doing something the ISPs can't do themselves, given the appropriate court order.
Re:Bullshit (Score:1)
Re:Speaking of Haiku... (Score:1)
I'm not the haiku master
But I sure get bored
--
Re:Speaking of Haiku... (Score:1)
Many are on vacation
Maybe he is too?
--
Re:OT Question (Score:1)
tagline
Re:Oooh! Oooh! Pick me! Pick me! (Score:1)
A similar "group of experts" was used to review the Clipper encryption chip.
Amazingly, the selected experts were all law-enforcement-friendly (in the pejorative sense) and amazingly, they all said it looked fine, no civil liberties worries.
Prepare to be amazed again if the court settles for a group of experts.
Re:The FBI are just looking out for us right? (Score:1)
No, he lived in an era when his culture occupied a narrow strip of seacoast, beyond which lay a vast frontier full of hostile natives. (Not that the natives didn't have good reason to be hostile, but that's beside the point, which is that modern times simply aren't fundamentally different from earlier periods.)
/.
A different take on this whole thing... (Score:2)
I know the rights to privacy thing already. But do you really think that people out there are going to be interested in our love letters or other "secret" email? If you're secrets are so important, then what do we have email encryption for? Sure, it can eventually be cracked. But I'm sorry but I don't see the FBI having all the time in the world to check what Joe Schmoe is emailing to Mary Jane about how much they love each other. Whatever. They have more important things to do.
Personally, I would feel much safer knowing that the FBI is using the Internet to hunt down a pediphile's whereabouts, or maybe a terrorist's. By revealing the workings of Carnivore, whom are you trying to protect? It seems obvious to me that it will only make tracking the whereabouts or actions of criminals much more difficult.
I say - let them use it. I think what they revealed about it is enough - it scans/captures packets that deal with criminal investigations. What's the big deal? Why do you need to know more unless you are looking for a way around it? If you want the source code or more info about its inner workings, that tells me that :
1) You are performing unlawful activities you don't want people to know about.
OR
2) You're paranoid that the device does something other than email and packet capturing - like shuts down the net.
If you're really paranoid about government conspiracy and such, which I guess I can understand to a certain extent, then why not accept the industry experts disclosure plan? Allow the experts to make an opinion and then let them inform the public whether or not Carnivore is "safe" or not. There is no need to reveal everything to the public.
Someone argue with me here because I'm not yet convinced that the inner workings of Carnivore need to be revealed.
PGP doesn't do enough. Bigger problem. (Score:2)
I did it all for the children (Score:2)
----------------------------
no pornography? (Score:2)
----------------------------
Encrypted EMAIL needs infrastructure... (Score:2)
Enter a central server that does nothing but key management. If you query the beasty for a public key for "foo@bar.com", and it turns out that "foo@bar.com" doesn't have one, it in turn sends an EMAIL to "foo@bar.com" saying "john@doe.com wants to send you encrypted EMAIL, click _here_ to download the decryption program" and notifies you "sorry, this guy doesn't have a public key yet." Then when "foo@bar.com" does get a public key, it informs you "hey, he has a public key now, send that mail you wanted to send?". Voila!
There's a lot of additional details that would be needed to make it secure, but that's not the point. The point: Until sending and receiving encrypted messages is easy enough for my mom to do, it won't happen. And with the current infrastructure, I don't see any way to make it happen on a client-to-client basis, because it's just too hard to share key information in a reliable fashion and for the recipient to know what client to get in order to receive the message.
-E
ECC (Score:2)
Given the complexities of ECC, and the patent uncertainties, it makes sense to use RSA when its patent runs out unless the longer key length needed for RSA is a problem for your particular application (smart cards, for example, are unlikely to like having to spend 2048 bits of flash RAM to store a key).
-E
RSA is NOT evil (Score:2)
The RSA public key algorithm is secure, time-tested, simple... once the patent runs out, the only reason to not use it is because it requires such long key lengths in order to be secure (I'd recommend a minimum of 2048 bit keys if you want to be secure for the next 10 to 20 years). ECC uses much shorter keys to get equivalent security. On the other hand, ECC (Eliptic Curve Cryptography) also requires much more complicated software... remember those "munitions" signatures that did RSA in a single (long) line of Perl? You couldn't do an ECC implementation that way :-}. So for the moment, due to the maxims that "time-tested is good" and "simple is good", RSA is preferable to ECC except for applications where the key size is an issue.
Just because RSA the company is evil doesn't make the RSA algorithm evil. Remember, RSA the algorithm is the algorithm the NSA would have loved to suppress, and rumor is that the NSA, having given up on suppressing it, was behind the patenting of it in order to slow its adoption... if the NSA wanted to suppress it, it has to be good :-).
-E
Guilty until proven innocent (Score:2)
Yep, that's our country all right.
Re:Bullshit (Score:2)
The Cure of the ills of Democracy is more Democracy.
They claim not to need it. (Score:2)
The really silly thing is that the FBI claims it doesn't actually need Carnivore at all. If all you want to do is tap the Email of a suspect it's a trivial matter to have the ISP silently cc all the email going through that mailbox to the FBI.
By that logic carnivore must be doing something else. Who wants to guess whether or not it's something the feds should be doing?
Re:I'm so sick of this tired quote. (Score:2)
of course that could be a misquote as well.
Re:Way OT, but is Slashdot Hypocritical? (Score:2)
We Slashdot authors have total editorial freedom.
Note the penultimate word in the previous sentence.
That means we can (and do [slashdot.org]) publish articles exposing DoubleClick or anyone else we feel needs to be looked at. But "editorial freedom" doesn't extend to sales and marketing decisions. We write the content, and VA/Andover sells it however they want. Welcome to capitalism, this is how it works. In fact, this is one of the best examples of capitalism's intersection with speech that you will ever see, and I say that as someone whose job largely includes criticizing the intersection of capitalism and speech. Rob and Jeff were lucky (and smart) to guarantee all us writers this much latitude.
Most people consider this "Chinese firewall" between content and advertising to be a good thing. And it's the way I like it. The folks who sell ads have never contacted me to complain that my anti-DoubleClick editorializing makes their job harder (though I imagine it might well have). I don't even know those folks' names.
I recognize that some slashdotters, for whatever reason, are going to nag us as long as DC ads appear on some Slashdot pages. I don't know what else to tell them. I'm not in a position to do anything about it -- and that doesn't bother me, because if things change so that I can influence advertising, things might also change so that advertising could influence me. Better to just have a total disconnect there, as far as I'm concerned. While I'm not ecstatic about the DC ads, I am thrilled with the current system.
If I ever bump into one of the ad-sellers at a company meeting (assuming they're wearing a descriptive nametag so I recognize them as such :) I'll probably mention my concerns. That's about the most I can do.
But basically, this is as good as it gets. Oh, and don't forget to opt out [doubleclick.com]. In fact, go to CDT's opt-out page [cdt.org] and opt out of every damn thing. And nobody can stop me from telling you that! Woohoo!
Jamie McCarthy
It's nothing without source code (Score:2)
Yes, but in what sense do we really know what the damn thing does without the source code? Even if the FBI was totally honest -- a dubious proposition at best -- specifications are not programs. Short of building your specification in some sort of formal language and having it translated into code, there's no way to guarantee compliance with the spec. Everyone who's ever worked on a large project knows how hard it is to make sure the code matches the specs, and how hard it is, for that matter, to design unambiguous specs. That's a cornerstone of computer science, friends.
Publishing the source is the only way we can be sure of what Carnivore does. And yeah, it's probably just a run-of-the-mill packet sniffer with a few specialized extensions, but we don't know that without the code.
"I dunno if data wants to be free, but I sure as hell do!"
Re:HAHAHA! (Score:2)
Your user page is seriously whacked, I assume by you (since it states "Karma 113 (mostly the sum of karma whoring, trolling, and other drivel posted by user)"). When I look at other's user pages they don't list their Karma; most people can only see their Karma on their own user page. So I don't accept the "Karma 113" as evidence that your karma is unaffected; only the user with the 11223 cookie can see that information.
Although if you have broken it somehow, congratulations of course.
Re:I'm so sick of this tired quote. (Score:2)
Re:Way OT, but is Slashdot Hypocritical? (Score:2)
I don't understand. Don't you already serve the page itself? You could just count that? That would even give you a more accurate traffic count since it would include people who don't load images.
Or are you tracking both page serves and image serves in order to build statistics on what fraction of readers load images?
---
Re:sendmail & encryption (Score:2)
Encryption should probably stay at the user level though.
Re:The FBI are just looking out for us right? (Score:2)
Every group consisting of more than a few people has both good and bad, all mixed together. What's worse, some people's ideas of good are what others consider bad. Who gets to decide?
In the US, the people get to decide through elected officials, the legislative branch of government...UNLESS the executive branch (the ones who are supposed to be doing the bidding of the legislative branch) decides that they'll do all their work undercover. In this case, the executive branch can do anything they damn well please, because there will be no one to stop them.
History has proven again and again that police organizations tend to look out for their own before the general populace, even if that means allowing thier own to commit horrendous crimes. Without full disclosure there will be no one to watch the foxes.
Haiku? (Score:2)
They say to the FBI
It's an empty threat.
--
Re:OT Question (Score:2)
or you can fsck it up REALLY badly... so the trick is to not be screwing around unless you REALLY, REALLY know what you're doing...
tagline
Re:Bullshit (Score:2)
Yes, I know that the NSA may not exactly follow the ruls on this one, but ... you can dream, cant you?>
tagline
Re:A different take on this whole thing... (Score:2)
Even if we lived in some parallel universe where the FBI was trustworthy, the inner workings of Carnivore should be revealed, so that any bugs are discovered by objective researchers (who will issue warnings and recommendations) rather than criminal crackers (who will quietly exploit them to either get around legal surveillance or conduct illegal surveillance of their own).
/.
Re:Makes sense -- we know how a search warrent wor (Score:2)
Having a third party in the loop insures that somebody will be in a position to blow the whistle if the cops break the law. Removing a safety alarm is generally understood to be a Bad Idea.
"If presented with a proper court order, we are required to allow the FBI to attach a device to our feed to monitor an unknown customer."
Or,
"We will personally forward your mail to the cops if they ask."
You have it precisely reversed. The actual alternatives are:
/.
Re:There is no "technical" lawbreaking (Score:2)
/.
It just answered the question (Score:2)
Obviously Carnivore is the 5-inch 486 cube!
Re:sendmail & encryption (Score:2)
Re:The FBI are just looking out for us right? (Score:2)
Last I checked, it wasn't illegal to be a bigot. Not that I do, but if I were to think that, say, french-speaking Saudi's were the algae or society, and I wanted to express my strong dislike or hatred for them, I am free to do so.
BUT, with a system like Carnivore, if I am outspoken about my hypothetical beliefs, I'm sure that under the watchful eye of the FBI, I could become suspect in any criminal case about, for instance, the murder of a french-speaking Saudi.
I know it's a movie, and yes, I think for myself, but the writers of Arlington Road [imdb.com] make some good points. They talk about government making moves without all the facts, but with what they think is enough "evidence" to act.
BTW, I'm Canadian. Most of my email is likely routed through the 'States, though.
Fiction? (Score:2)
Read: 10 working days to get our stories straight.
Fruit of the poisoned vine (Score:2)
But they take a big risk of contempt and a default judgement that Carnivore is unconstitutional until they do.
That would be disaster for the FBI, because then any evidence that Carnivore produced or lead to [however indirectly] is inadmissable in Court.
Re:Easier Solution [OT] (Score:2)
Criminal's stupidity is half of what makes them criminals. I don't know what the other half is. (But I'm not a criminal, and I'm pretty stupid, so I got it).
Re:Way OT, but is Slashdot Hypocritical? (Score:2)
If it's not up to you, User ID #2, then who is it up to?
Seriously, cannot you and Rob make your own decisions on who's banner ad service your system runs?
Re:Way OT, but is Slashdot Hypocritical? (Score:2)
And just try that with most of the rest of the media!
Re:Bullshit (Score:2)
Re:The FBI are just looking out for us right? (Score:2)
And one final question, just how effective is all this snooping? Great, you can catch the stupid terrorists but are they really the ones that we need to be worrying about?
ah, bureaucracy, how i do love thee. (Score:2)
As soon as you think you're making progress with something in this country, you realize that there are policies and heierarchies in place to keep you from getting anywhere.
Re:Bullshit (Score:2)
And who was your contact with the NSA?
He said he couldn't give us his name.
So then on to the NSA congressional oversight committee: What's in the box?
Answer: We can't tell you. It would compromise National Security(tm)
We could get all this done in time for dinner!
Re:sendmail & encryption (Score:2)
E-mail clients should have PGP built and switched on by default and be made easy to operate. Someone could write a reference implementation but unfortunately, most users will stick with the Outlook/Netscape/Eudora/AOL/etc software that they're used to. An intermediary step might be to have proxy pop3 and smtp services that run on the local machine (more difficult with multi-user systems) but again, this would require users to install another piece of software so most won't bother.
So what is really needed is an e-mail application with encryption built in which has a killer, must have feature as well. I don't have any idea what that might be.
Rich
Re:Quotes (Score:2)
Will you give me up to a reputable breed rescue, or just drop me off at the pound? When you do give me up, you should at least talk to the workers and tell them what the reasons were so they won't place me in another inapropriate home.
As for the spirit of the law, I certainly agree that it is important, but I'm not sure it can be judged by the words of the "foudning fathers". They were, in large part, slave owners. They did not say "all men are created equal" as a more poetic way of saying "all people", and they really weren't thinking of men outside their own demographic. I do not ask myself WWFD? when confronted with a legal, ethical or constitutional question. I think that the founders' best work went into the constitution itself, and that document plus the supream court case law that interprets it, are the best source of the "spirit" of our laws, not the contextless quotes of famous men.
-Kahuna Burger
Re:The difference... (Score:2)
This makes no sense. Sending someone an email is no more a private act than calling someone on the phone. Either way there is an assumption that you and the other person are the only ones involved, either way an intelligent person is aware of the possibility that others could somehow be listening in. There are public phones, and there are terminals in libraries.
I actually consider phoning someone more private than sending an email because its much easier for me personally to call someone annonymously (just enter the "don't let caller ID see me" code before dialing) than to send someone an annonymous email. (I don't have an annonymous account and would have to do a web search to find a remailer.)
So can you say anything to actually support this assertion, or can anyone else weigh in on their particular assumptions about privacy in the two venues?
Kahuna Burger
Re:Makes sense -- we know how a search warrent wor (Score:2)
Why should they? Yeah, they let the phone companies do the wire taps, but last time I checked, 1) there are a lot more ISPs than phone companies, 2) they tend to be smaller, and thus 3) there is a greater chance that the employees of the ISP who are trusted with the tapping have some personal knowledge or opinion of the person being tapped. This is called a conflict of interest and shouldn't be allowed in an investigation.
Also, I would think the ISPs would like it better the FBI's way. Which would you rather say to your customers?
"If presented with a proper court order, we are required to allow the FBI to attach a device to our feed to monitor an unknown customer."
Or,
"We will personally forward your mail to the cops if they ask."
Or, of course,
"If asked to forward you mail to the cops we will first refuse, then tell you, then send them hashed messages and prentend they are yours encrypted, then..." Which of course is what the FBI is trying to avoid by making compliance a simple "yes the machine is there" or "no its not" matter to enforce.
Kahuna Burger
Re:Would terminating it be better? (Score:2)
Almost off the shelf, and it needs to be tied into the packet stream at the Email host so as to see all packets.
Releasing the sources it like describing how a old fashion wiretap works - you can get the parts, you know how to hook it up, but if you can't get at someone else's phone line then it does you no good. And the telephone company isn't likely to let you into their C.O., nor is an ISP likely to let you hook you packet sniffer up to the ISP's hardware.
Re:Makes sense -- we know how a search warrent wor (Score:2)
>ISP's network, since the ISP's themselves are quite capable of pulling copies of any and all e-mail traffic
>passing through their systems. Why does the FBI need to "do it themselves"? Don't they trust the ISP's?
The reason the FBI feels that they can't count on ISPs to furnish this information is, "control of evidence." With Carnivore, they know exactly how the evidence was obtained from the network, and they believe (rightly or wrongly) that it is safe against tampering, and will thus stand up in court. They cannot guarantee the same "evidence quality" for information furnished by a third party.
I saw this elsewhere, and don't want to be "Redundant", but it hasn't been posted elsewhere on this topic.
This doesn't mean that I agree with Carnivore. Imagine the first time Carnivore evidence goes up against a savvy lawyer, and he brings out cracker witnesses who have already penetrated...
Not to mention the Civil Liberty issues. At the very least, Carnivore data about ME needs to be available to ME under the Freedom of Information Act, easily and regularly. The quantities and monitored individuals need outside auditing, and the data contained should remain confidential.
Re:Would terminating it be better? (Score:2)
From everything I've read, carnivore is still a "box" that needs to be PHYSICALLY connected to the ISP's line. And I can't think of any ISP that will just say, "Sure Mr. Smith, come on over and tie you packet sniffer directly into our incoming line."
It doesn't look like there is anything "remote" about the packet sniffing going on with this machine... so it's pretty much worthless to people in a "software only" state...
Of course, having the code out there could make it possible for your ISP to build a Carnivore and monitor your communications... but that's a completley different story.
You see, this is like digital music... once it's out there, it's an IDEA, and ideas can't be put back into the bottles like genies can. This thing can't be DESTROYED... because it's been created... it will come back and haunt you.
Re:10 Days? (Score:2)
RTFA Again. It's not going to be released in 10 days. The 10 days is to create a TIMETABLE of when the details of the system will be divulged. I also didn't notice anything in the CNN article stating when the divulging must be completed, only that it will be overseen by the court.
Gov't has a LONG history of spying on us (Score:2)
Anyone know about Operation Shamrock?
Back in the '50s the NSA -- their precursor organization, I think, really -- went to all the major US cable operators and said, "what say you give us a tape every day of all the traffic you passed?"
All 3 of the major cable companies caved. They knew it was illegal, but they were afraid of what resisting would bring them. So, for years the govertnment was keyword searching every freaking byte of telegram data that those companies passed.
This was called Operation Shamrock. If you think I'm full of it a little Google searching should show you some links to back this up.
I don't have any doubts they'd pull something like Shamrock again if they could. That includes "voice grep" of telephone data streams as well as sniffing internet traffic for interesting bits.
Let me put it another way -- they *will* do as much as we let them get away with. They have the track record to prove it. I assume that every non-encrypted communication I send is captured in a file somewhere.
Oh please (Score:2)
ten days later (Score:2)
FBI:Well, it's going to be at least a year before we can tell you about the networking connections.. And another year before we will be able to disclose the processor.. We have planned an additional three years to disclose the operating system..... But this is a very complicated system.. At once? No we can't disclose everything at once.. Becasue, this is a very complicated system.. Ok, so after another six years...
---
Re:I'm so sick of this tired quote. (Score:2)
KB: I'm so sick of that tired quote. First, the actual line is "Your money or your life." Second, it's not even a complete sentence; what about my money or my life? It's an ultimately meaningless statement, and besides, sounding cool doesn't make it relevant.
Mugger: *bang!*
KB: O, book learning! *choke* How thou hast failed me!
Re:sendmail & encryption (Score:2)
How intelligent.
HAHAHA! (Score:2)
Re:HAHAHA! (Score:2)
Re:sendmail & encryption (Score:2)
Ahem. So, I can take military control of the US through a coup, erase all laws except "11223 is prime dictator", and then claim that the state didn't become more corrupt?
Re:sendmail & encryption (Score:2)
Even when the patent runs out, I encourage you to boycott the RSA algorithm. Please, please, use the Diffie-Hellman Key Exchange in combination with DES or a one-time pad. You'll feel much better, and sleep easer at night knowing that your algorithm hasn't been tainted by an evil patent.
Oooh! Oooh! Pick me! Pick me! (Score:2)
Why not do both? Submit it to Ask Slashdot.
Herbivore - How YOU would write a Carnivore. (Score:2)
What would you want it to do?
How would you architect it?
Platform?
- Could it be made to run on a Palm III?
- How about that 5" cube running FreeBSD?
Etc...
The FBI are just looking out for us right? (Score:2)
As someone who is proud of my great nation, I am against the persecution that agencies like the FBI and CIA suffer. Hey people, they're just doing their job! The reason they exist is to protect us from the increasing number of criminals, terrorists, child molesters, bigots and dictators that exist both inside and outside of the US.
They can't do this if their hands are tied behind their backs by liberal activists more concerned with privacy than security. And besides, does anyone here really think that their sad little lives are interesting enough that the FBI is going to snoop on them?
We've had systems to tap phone lines and intercept mail for decades now, and yet when it's your precious internet people start bitching. It's no different. The justification that you use to stop the FBI snooping on your collection of porn also allows Arab terrorists the opportunity to plan which building they're going to blow up next.
It's time to grow up people, and realise that the world is not the uptopia the liberals make it out to be. We need to be aware of the dangers to protect ourselves from them.
Carnivore src revealed! [You read it here first!] (Score:2)
{"president","vice","clinton","gore","bomb","gun"
"nuclear","missile","moose","squirrel","boris",
"natasha","fearless","leader","monica","bush","xy
if (contains(tokens,e_mail_body,e_mail_subj))
exit(0);
else {
flash_red_light();
sound_klaxon();
send_out_for("pizza");
}
Re:sendmail & encryption (Score:3)
And not everybody uses sendmail. Fortunately, you can use SSL for this, so most servers could be doing this if their Admins wanted to set it up.
--
sendmail & encryption (Score:3)
Bullshit (Score:3)
Criminals don't get 10 days to decide how they committed their crime.. how come the FBI gets a week and a half to dispatch its spinsters to put out a controversy!?
Re:Quotes (Score:3)
Shouldn't be too much trouble in Texas.
--
Hmmm. (Score:3)
One fully loaded high-bandwith logging server: $5400
Seeing how they grope our packets: Priceless
--
Re:Bullshit (Score:3)
They can probably core dump about 12398412 pages of info on teh american people that would descibe how this thing works tomorrow.
Of course, 98% of it would be redacted... THe redacted specs would read something like: ...[next 12398411 pages redacted] ... and provide for national security whilst also stopping terrorists, drug dealers, and kiddy porn, all while providing for the law abiding citizens privacy.
"the carnivore system will monitor the internet for criminals by
see... THe FBI has nothing to hide...
tagline
I'm so sick of this tired quote. (Score:3)
Why do people keep quoting a line that when misquoted is moronic and when correctly quoted is a tautology?
The misquote is just saying "liberty for safety". But the very existance of society is a trade of liberty for safety. There are times when I would love it if (as they joke about Texas) "he needed killing" was a valid defense. But I would never actually choose to live somewhere where it was, because there are undoubtably people who think I need killing for various reasons. If Ben Franklin had believed the misquote of his words, he would have encouraged that the colonies all disband and leave the new land in anarchy.
But the true quote "essential liberty for saftey" is really no more meaningful. Well, of course if I consider a liberty "essential", I too would be unwilling to trade it. And if I support this particular trade, I simply say "well, yes you're right sweetie, but do you really think that this particular liberty is essential?" Thus the line becomes a tautology.
Which, of course, is just another name for retoric. Franklin was a "statesman" which is what they called politicians back then. Nothing more. He made some grandly eloquent, but ultimately meaningless statement while debating over something he wanted or didn't want, and it sounded cool enough to be repeated. But sounding cool doesn't make something relevant. Being orriginally said by a famous person doesn't make something right. Just repeating a this one tired quote doesn't make any point except that you don't take the time to orriginally express your own opinions.
So when you are tempted to quote, try expressing your own take on the philosophy and how it specificly applies to this situation instead. Or save space and just write "Franklin says no", which is about as relevant as this quote.
Kahuna Burger
Re:A different take on this whole thing... (Score:3)
-Martin Niemoller
I'll give you one good reason.-
Question Authority
Why is it... (Score:3)
-={(Astynax)}=-
Re:Way OT, but is Slashdot Hypocritical? (Score:4)
Believe me, if I had my way, we wouldn't be using it. But DoubleClick is what many of the advertisers use as their service, because DoubleClick does a good job of tracking click-thrus and such for them. That, and the honest truth, most big companies don't know how to run their own web server for ad serving, and so outsource. So - unfortunantely, a necessary evil of serving banner ads.
As for the webbug - I've never called it bad or evil. I think it's stupid, but Andover uses it to track traffic. I think caches fuck it up, but...c'est la vie. It doesn't do anything, so I don't particularly care about. I'm more concerned with stopping advertisers from using Java in banner ads, or sound,or shockwave, or...
It's all about choosing your battles.
Re:A different take on this whole thing... (Score:4)
I know the rights to privacy thing already. But do you really think that people out there are going to be interested in our love letters or other "secret" email? If you're secrets are so important, then what do we have email encryption for? Sure, it can eventually be cracked. But I'm sorry but I don't see the FBI having all the time in the world to check what Joe Schmoe is emailing to Mary Jane about how much they love each other. Whatever. They have more important things to do.
I am not sure you know the right to privacy thing already. The right not to be searched, detained, etc. without a very good reason is detailed in the 4th amendment. This means that no one can open my letters in the mail, I can't be stopped and searched, the police can't come to my house and expect to be let in without a search warrant, etc. This also should mean that the FBI cannot know what web sites I am visiting just because they would like to, or because they were after the guy three doors down the block who uses the same ISP.
Obviously, Carnivore must be sniffing all the traffic at an ISP that may contain packets from or to a suspect, for whom there is a legitimate court order. Even if small, there is a chance that the non-related data is also recorded, or processed in some manner. With the advances of data mining, where is the guarantee that the full-scale sniffing that Carnivore does is not going to be used for something else?
The method of surveilance practiced by Carnivore (as far as we can tell) is analogous to what is called "trunk-tapping" in regular telephony. Incidentally, "trunk-tapping" is illegal, and cannot be used by law-enforcement agencies. If the FBI developes the equivalent of phone-tapping, where only the suspects line is tapped, and no other information can be accessed, then I don't think there will be much comotion over what is going on.
Then there is the technical and security aspect of it. No sysadmin in their right mind will agree to put a black box on their network, which is also accessible remotely. It is a huge security risk, that can be only mitigated by open-sourcing Carnivore and subjecting it to a security audit (similar to the one OpenBSD does).
By revealing the workings of Carnivore, whom are you trying to protect?
The FBI currently is trying to say, "We scan some of the traffic, but we only look at the suspect's packets." Until they explain what they mean by that, one can assume that they read and record everything and then sift through it. This is clearly in violation of the U.S. constitution and cannot be tolerated. The media keeps talking about e-mail scanning, while it seems obvious that there is much more than that going on, and the governments reluctance to say what and how exactly is scanned makes people suspicuous.
If you want the source code or more info about its inner workings, that tells me that :
1) You are performing unlawful activities you don't want people to know about.
OR
2) You're paranoid that the device does something other than email and packet capturing - like shuts down the net.
There are many reasons I wouldn't want anyone to know what my browsing habbits are... Maybe I wouldn't want the insurance company to know that I am looking at web sites about a chronic desease. What is the guarantee that Carnivore cannot be used to get that data - even in an unlawful manner, as a side job of a rogue FBI operative?
If I were an ISP, I wouldn't put anything on my network that I cannot inspect and do a security audit. If I were a small ISP, I probably won't have the resources to audit it myself, so the only option is to have it open sourced, and auditted by the community.
What is more if I were an ISP (even a small one) I would have the resources to provide the law enforcement agencies with the data they needed without the need for Carnivore. The insistance of the usefulness of Carnivore is suspicious by itself, eve for the not so paranoid.
Makes sense -- we know how a search warrent works (Score:4)
The police have exceptional powers. To protect individual rights [avoid a Star Chamber], their processes have to be subject to full scrutiny. They may complain this reduces their "efficiency" and allows bad guys to circumvent their methods. Too bad -- that is the price of freedom. Or perhaps the police would rather a police state?
Revealing Carnivore is no different from people knowing how other police methods work, like search warrents, wiretaps, etc. These are well known, and innocent civilians can adjust their affairs to to fall afoul of them. Similarly, citizens should know how to avoid attracting undue attention from Carnivore. Even if that also helps the crooks.
Carnivore Source! (Score:4)
---