Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy

University to Review Carnivore 128

stubob writes "CNN.com is reporting in this article that within the next 2 weeks a university will be selected to review Carnivore. This is apparantly a follow-up to this story posted on Slashdot last week. It will be a hardware and software review, lasting until December. The FBI has not decided which university will perform the review, and no information was given on who at the university will actually be performing the review."
This discussion has been archived. No new comments can be posted.

University to Review Carnivore

Comments Filter:
  • by Anonymous Coward
    No chance. The first thing they did was crack all that shit. Don't you remember? This is the same agency who trained groups of people to see how vulnerable other agencies secure networks were? Any system in three days, was it? How safe do you think ssh is years after its release? We're just implementing it now, and I think we're wasting our time...
  • by Anonymous Coward
    Come on, use your head. The father of modern computing, Alan Turing, was a known homosexual. Bob Jones, in a recent interview with Militant Fundy magazine, explained that "as a school, we cannot do anything and embraces or endorses faggotry. This includes having those homo devil-boxes on our campus."
  • by Anonymous Coward
    That's right ..

    What Would Natalie Portman Do

    Hint: It involves nudity and petrification!

    (She'd probably kick an arse or two ..
    that's what Natalie Portman'd do!)
  • by Anonymous Coward
    FOR IMMEDIATE RELEASE

    The FBI's Cornivore system will be reviewed by specialists in Content Analysis at Harvard that *cough* developed *cough* it, and will present a *cough* biased report tailored to reveal as *cough* little as possible but to *cough* placate the public as much as possible.

  • Just one and they get to pick it? I don't think so. And I don't think there's any magic stuff in this thing that it really needs to be classified- so why all the hubub from them? Are they trying to hide something?
  • I seriously doubt that this complies with the FOIA order handed down by the Court recently. And claims of some of the stuff being classified? I don't buy it. If it's classified, how can you be releasing it to a university (most universities aren't directly working with classified stuff- too hard to control the environment, etc. to insure that the stuff never gets out into the open, etc.)? There's measures to be followed with classified stuff- and most universities aren't equipped to deal with that level of security.
  • CMU should get it. We've got CERT (a bunch of competent people) and a good crew of hackers in the student body. We've even got an assignment in one class that almost direcly applies itself to buffer overflow exploits. We'd give Carnivore quite a stress test.
  • The FBI is going to decide who does the review? If true, that just doesn't sound right. Do those accused of crimes routinely get to select the procecuting attorney?

  • Be realistic. That student wouldn't get a job. Being last in the graduating class hurts a great deal.

    ~afniv
    "Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
  • I was reading over some material for a service that was marketed to someone I know, and I was a little intrigued by the timeliness. The service is called eSniff, and it does nearly what Carnivore is supposed to do, and in the same manner - by attaching a stand-alone box to a network, and have it monitor mail and other internet-related traffic for certain policy violations.

    The interesting part appears in one of the paragraphs that talks about the company's background:

    "The eSniff technology is the brainchild of Thomas Donahue. He was the founding VP of Technical Operations at Colorado Supernet, Inc....served as VP of IP Services at Qwest Communications...etc."

    It goes on to say, "Tom became renowned in the area of network security. Because of Tom's reputation, the FBI asked him to help crack a very difficult case." (That case was Kevin Mitnick.)

    The last sentence of the section reads:

    His experiences confirmed what he already believed - that there is an enormouse need for network monitoring, and that monitoring is a vital component of organizational security.

    I just can't help but wonder if there's a connection here. Hell, we had the NSA contributing funds to a company that was pushing the sale of drivers' license photos so they could be used for a new POS identification system, so...

  • That's amusing--I'd seen it on the WSJ this morning and immediately searched the usual official mirrors of it looking for a more public access to it (seems WSJ got wise to cyberpunk/cyberpunk finally!) and didn't find anything, so huffed and went on about my day.

    On topic, I'd wager that the FBI has a preexisting relationship with this university, having been named so quickly.
  • The FBI and one university story is right above(and linked to via the "previous story" link") the Katz article about how trustworthy a university (or any academic institution) is to do academic research....
  • by eswan ( 16407 )
    "The FBI has not decided which university will perform the review, and no information was given on who at the university will actually be performing the review."

    And the winner is....The School of the Americas! [soaw.org]

  • I think Carnegie Mellon [cmu.edu] is credible, especially since CMU's got CERT [cert.org] - which specializes in security vulnerabilities. Altough I believe CERT is still funded [cert.org] by the government (department of defense).

    Anyway, everyone knows that Penn State students are only good at drinking and rioting.
  • We want to know what Carnivore does and how. Having some hand-picked university reiview gives me zero confidence. Therefore I (or someone like me) will just re-request the information using the FOIA--and it has to be done all over.

    Why not just post the entire source code on the Internet? If what they are doing is so secure and trustworthy, surely everyone can look at it to no detriment to the FBI.
    --
  • <i>not decided which university will perform the review, and no information was given on who at the university will actually be performing the review.</i>

    Who will do the review is simple: it will be an undercover agent placed in the university to watch the rebelious students. It will help that the agent is probably a network administrator because having access to tap the network makes spying sooo much easier.
  • I am of course well aware of who L0pht is but it wasn't until reading you post that they have been aquired by @stake. I hadn't heard of @stake as far as computer security goes, but I have heard of them, because their CEO just moved in next door to me a few weeks ago. I never realized what they did until now.
  • You see, anyone who has watched the X-Files closely will automatically know that Carnivore is an alien derived system composed of new and mysterious technologies. They are monitoring our email to disclose the best time and point of attack!

    The FBI is actually just a sheild for the impending alien invasion! They are among us!

    okay, maybe not.

  • The Department of Justice is selecting who will review Carnivore.
  • They have higher education in Canada?! [/flameait]

    --
  • I hope this is not the FBI responding to the EPIC FOIA request. The FBI should turn over their unclassified documents on carnivore immediately; not coming up with some scheme to bury this issue for months so the public can get distracted by some other issue..

    I would say this tactic works fairly well, nobody's thought about the missing/found nuclear harddrives at los alamos lately. I wonder how the token non-investigation is going.

    -- Greg
  • I was thinking they would probably send it to School of the Americas.

    No, that's phase II of the Carnivore test, the torture test.

    George

  • Reminds me of the Zero-One-Infinity Rule.

    http://www.tuxedo.org/~esr/jargon/html/entry/Zer o-One-Infinity-Rule.html

    He's just saying that you'd need more than one, whatever that number happens to be.
  • Comment removed based on user account deletion
  • The first-year students of the Colorado School of Arts have finished their review of the FBI's "carnivore" system.

    "It is definitely a creative masterpiece," stated Rufus Niederman, spokesperson for the 20 student review team, "we feel that it will be a real attention getter in the years to come. Although the plotline is really just a re-hashing of a standard theme, the powerful new twist should be quite an audience grabber."

    The FBI was enthused by this accolade, and intends to shoot for the widest possible distribution. Look for it, comming soon, to a screen near you.

  • Dorothy Denning is still at Georgetown.

    I'm sure she would give it he usual thorough treatment...
  • >His son with 5 years of political experience...

    I would think less time spent in the goverment would be a plus.

    Think of all the tricks Al Gore must of picked up from Bill.

    Later
    Erik Z
  • The FBI has a long history of corruption. J. Edgar Hoover kept secret files on people like JFK and Martin Luther King Jr. People who weren't criminals by any stretch of the imagination had their phones tapped, were followed by the FBI, etc.

    People could argue (I wouldn't be on of them) that more recent actions by the FBI demonstrate their willful disregard for the constitution did not end with Hoover. Ruby Ridge and Waco are examples of this.

    No organazation should have unchecked power, and in my opinion, carnivore is too much power without enough checking.
  • My rumor mill suggests that the San Diego Supercomputer Center will be doing the review.
    This is quite different from handing it to
    some random CS department. Not necessarily
    better, but different. SDSC is one of the
    NSF funded Supercomputer centers. They are
    more closely associated with UCSD now than
    when I worked there, but it's definitely a
    research center, not a university department.
  • The FBI should not be the ones to select who will review it.

    This is not cool. :-(

  • I'll bet the will purposely not choose a university with a formidable research team. I'll also b3et alot of universities don't want to touch the thing for fear of PR repurcussions(sp?).

    On another note, what will the criteria be for the study? Will that be public?
    Will they hand back a good/bad one word report?
    Will the explain how it works? Who determines the study criteria?
    Will they even be able to see all the code?

    Someone needs to FOI the FBI into submission.
    (I just how the university gets lots of government money to make the FOI act a possibility.)

  • 1. Find small university with Technical Sounding name that noone has ever heard of.

    2. You are going to review Carnivore whether you like it or not.

    3. Here are your results in case you forget to give us a good review.

    I'm really not paranoid. I would like the FBI to pick a credible school (i.e. MIT). However, Penn State should be their choice since it is the best :P

    -An alumni of PSU
  • Who cares if they suspend the use of the box? The big issues are dual:
    1. Whether the people at the university can be trusted, or have been vetted by the FBI to guarantee a conclusion favorable to them (a la the Tricot investigation of the Rainbow Warrior bombing in France), and
    2. Whether the university people doing the investigation are getting the exact Carnivore system which will actually be put into the field.
    While I still have enough faith in academics that I would doubt that a committee could be chosen which could whitewash the system a la #1, #2 is impossible to guarantee. Any time that the Carnivore box gets into the FBI's possession, it could be loaded with software which does literally anything within the capabilities of the hardware. Examination of one set of software by a universe of absolutely trustworthy academics cannot rule out this possibility, and it is the reason why Carnivore cannot be ruled trustworthy.
    --
  • It had better be a good one. And there should hopfully be some motivation to review in a timly manner. I think the idea behind this is that they are less likely than consultants or isp IT guys to have a bias for what would be convenient for ISPs and such. I hope that the report produced is detailed, thorough, and remains public i.e. not-classified.

    -Daniel

  • This article makes me worried, especially since I start attending Arizona State University in about a week!

    What they should do, is only set it up to moniter certain e-mail accounts, that the students KNOW about, and then have them all send messages over a couple of days that might trip off the system that shouldn't, some that really should, etc, and see what the administrator comes up with.

    If this system causes more e-mailings to be read than should be, it should be done away with.

    Don't we all love the FBI? They are the PERFECT group to bring change in america! I mean, under J Edgar Hoover, they solved the problem of Martin Luther King REALLY quick. Oh, and let us not forget how much they helped with the JFK Assassination! Don't we have so much to thank them for?

    This all makes me want to grow up to be an FBI agent. That way I can read all of CmdrTaco's e-mail from us weird /.ers
  • I'm sorry but if they hand it to Harvard or Yale, our communal goose is cooked.

    Be cool if they sent it here (don't worry, we'd do a good job). Though since I don't work in the security lab I doubt I would ever get to see it. :(
  • Why a university? Answer here [slashdot.org].
  • What's to stop the FBI from choosing a university, or a specific department in a university, that get's major funding from the government, or the DOD. In which case it would be in the university's best interests to find only a few or minor "flaws" in the carnivore system.

    Shouldn't, instead, it be a court or some other third party that gets to select the review board?
  • I trust universities about as much as I trust the FBI. Whatever university they choose will give carnivore a yellow dog review. At most they might point out a few minor flaws to make it look like an earnest attempt.
  • ...universities are now entering into a cold war situation as a race to be the picked univ by the FBI.
    Some have launched special schemes, for example Boston U. is now giving away 2000 marks extra credit to anybody who can hack into FBI and select their univ by computer.
    Other Univs are taking aggressive measures and crashing each others Networks with mutated CIHs etc.; so that FBI picks the one with a functional lab.
    More news later. Keep your browser open. and refresh often.

    This Site is cool. Dont be a fool. Click here [iotaspace.net]
  • Pretty decent thing to do. At least now the kids in the universities will stop hacking and do some constructive work. Hope they Don't take this stuff the other way round though...
    A cool Site to see. Is entry Free. [iotaspace.net]
  • Anyway, I'm sure some uberhackers will subvert Carnivore into logging all traffic, thus boobytrapping the public support.
  • by genkael ( 102983 )
    You have to wonder what the FBI is up to.
  • I love fat cuny girls!
  • Sendmail is hosed and SIMS won't be ready for the beginning of the semester.

    Now there's an interesting thought. Can carnivore keep up with SIMS? A packet sniffer can catch the packets, but sustained operation requires both capture and analysis. SIMS's MTA can be quite a handfull.

    Temkin

  • Okay... so now we can pretend to find out who is causing those DOS attacks! ;)

    Actually this is kind of scary, since most students who have any smarts should be using rsh, and pgp. I wonder if the school would have some sort of policy against those programs on their network if they were pushed to it.

    kick some CAD [cadfu.com]
  • http://www.techweb.com/wire/stor y/TWB20000810S0017 [techweb.com]

    FBI's Carnivore To Undergo University Review

    The final review team will include ... Donald Kerr, the FBI's Laboratory division assistant director ...

    Sounds like this is gonna be real objective.

    A pointless political stunt and a waste of taxpayer's money.

  • Yeah, that was a pretty funny follow-up :) But the idea of 'unbiased and objective' is so laughably funny that I break down into a small pile of shaking goo whenever I think of it.
    If Carnivore passes, all of its opponents will claim that it was bias and pressure from its supports.
    If Carnivore doesn't pass, all of its supporters will claim that it is bias and pressure from its opponents.
    Of course, you could put both opponents and supporters on the review team and hope the biases balance out. :)
    Eric ze Kidder
  • Academe For Sale!

    Sorry couldn't resist

  • It was meant as a joke about the earlier article, not an attack on Columbia, which is an institution that I actually find rather respectable.

  • Perhaps it will be Colombia?

    PSSST. FBI, I'll tell the world that your software is harmless if you slip me a $20 and a nice review.

  • by hidden ( 135234 )
    I wonder about the corrolation between this article and this one... http://slashdot.org/article.pl?sid=0 0/08/04/1824247 [slashdot.org]
  • Why does the FBI get to choose the University that is going to review Carnivore in the first place?

    Well if you ask Katz he'll tell you it's a conspiracy, because everyone knows the Universities are all for sale now.
  • Oh but wait, it gets better when they set up napster and w4r3z servers on all the Carnivore boxen they dissect. Heh, hotmail.com, yahoo, and more of the net's companies with the fattest pipes will become home to the latest RIAA CD and Id Software game.
  • I'm sad to say that I think you're absolutely correct.
  • Yup... it'll probably go to a "government-friendly" school... like RIT [rit.edu], a school well known for its wonderful ties to the CIA and government agencies... [rit.edu]

    Yeah... while they're at it, they'll probably plant a couple of FBI spies into the RIT architecture there too. I'll trust them... sure!
  • At least they didn't tie this up in some Senatorial Oversight Committee, or some equally useless, rubber-stamp group of Washington insiders.

    A university is at least an objective (we hope) third-party. And if you select a university of sufficient size with a CS department of good reputation, such as MIT, Berkley, or Illinois/Chicago-Urbane (sp?), I think you could be assured of a good, professional evaluation. Two would be nice, but perhaps a bit of overkill.
  • Let's get this right. The FBI picks the place, the people, the budget, the access controls, the fees, the material to be reviewed, the time-frame and the intimidation.

    And then we're supposed to accept the results as having some significance or relevence?

    Excuse me, but have you EVER known an "impartial" review, when the reviewee pays the reviewer?

    OF COURSE they're going to pick people most likely to be sympathetic, and ply them with "sweeteners" to "encourage" a favourable result.

    If the FBI wanted a genuinely honest result, they would be taking a hands-off approach. They'd make Carnivore available to a RANDOM assortment of Universities, place NO constraints on who was to do the testing (detailed records would be ok, though, and very desirable), and provide proof that they had NO contact with the researchers, the University, or ANY friends or relations, during the work.

    (They could reasonably be expected to ensure that no other intelligence agency did, either, though.)

  • No, I think it is cheaper to just bribe someone at an university to say there's nothing wrong with it than appointing an entire comittee :-)
  • Hey, wait a minute, how does Carnivore get its logs back to the FBI? Is the FBI going to have removable media in this thing and have the logs sent by snail-mail? Otherwise how the heck is this thing going to transmit stuff back when its installed at a busy site with a saturated outgoing connection? Would the ISP be able to do traffic analysis on the transmitted traffic to determine what kind of data the thing is logging?

    So many questions, so few answers.

  • Ruby Ridge and Waco are examples of this.

    Um, no. The FBI has been exonerated repeatedly for what happened at Waco.

    Not that I would trust the FBI to keep its nose clean, but at least blame them for things that are actually their fault.

    -jon

  • I was thinking they would probably send it to School of the Americas [soaw.org].

  • Where did you get the idea I was anti-gov't? I'm actually pro-gov't. The reality is that academic research is skewed by government funding.

    In the end, only Congress and the courts will be able to check the powers of the DOJ, which is reaching beyond the 4th ammendment with Carnivore.

    The court of public opinion will only be satisfied with complete public disclosure and verification that their rights aren't being violated.
  • I bet the University they select will be
    one that receives grants from DOJ. If not,
    then there would certainly be some other
    financial/political conflict of interest. After
    all, Every university receives copious ammounts of funding from the US Government.

    Actually, it wont be the University as much as the professors at the university. There *has* to be at least one professor in the DOJ's pocket somewhere.
  • Shouldn't they be appointing a comittee that will take a few years to make up their minds?
  • They had better make it public. I wonder if the documents that the universities recieve will be part of the publicized review, or is that too much to ask of the FBI.
    I am always wary of that sort of thing because universities are easily pushed around by the NSA and other similar bunches of spooks-in-suits... If they are easily pushed around on what cryptography research they can do and/or publish, why not deliver a fixed report after some smoke-filled-room discussions... Not to sound like a paranoid, but i'm usually skeptical of this sort of thing because we always find out 20 years later once things get declassified that the public was being lied to. It happened with the civil rights movement, where the army and the FBI were keeping lots of surveilance people busy watching potential rabble-rousers... It will happen again now with this, and we'll only find out after it's too late, and it'll happen yet again with tomorrow's technology so the powers that be can keep any free thinkers under thier thumbs...
  • I would suggest that if ISPs and privacy minded individuals are really bothered by a Carnivore system - why not put our own filter in place upstream of the Carnivore box?

    Filter out all but the packets that pertain to the subject under the warrant - the Carnivore system gets NO chance to exceed its legal bounds.

    You could even get fancier and "expunge" the subject line from the mail header packets that are fed to Carnivore.

    I doubt this would be more than a few weeks worth of work for the right hackers 8-) Maybe even be a "floppy" distribution like the one-floppy router project. Call it ZooKeeper (feeds the Carnivores and Omnivores).

    The FBI can't really object - we can make the source code available for THEM to audit. It does exactly what they need, so a court should back up someone using it (i.e. they ARE cooperating fully).

    Any takers?
  • I think the FBI is great and does a great job, but I'm not going to give them the keys to my house because they tell me they won't search it without a really good reason.

    OK... From the story....
    But privacy advocates and some members of Congress fear the system may cast too wide a net, encompassing private information about legal activities and leading to potential abuses.(emphasis added)

    Some members of congress feel that there is potential for abuses. The only way for potential abuse is for monitoring information of non criminals/suspects which means private americans and corporations, From what I understand the FBI was instuted to protect, in part, the protection of Americans privacy. Some of our own congressmen admit, by implication, that the FBI is corrupt. I don't know about everybody else but if I had a choice I would not want the FBI involved in anyhthing remotely close to me due to the possibility of abuses. In fact if I had a choice I would have the power of the FBI GREATLY reduced so that Americans privacy would have more protection.

  • I remember seeing a interesting documentary on A&E about Las Vegas slot machines. There's an industry where the software that runs the machines quite likely could be (and as the documentary pointed out, has been) tampered with in favor of the issuing party. This is extremely serious, because if people don't believe the machines are giving them fair odds, they won't play, and Vegas would be finished (the machines run the town).

    To prevent this, the ROMs that the machines run are *tightly* monitored by a government review board, who, I would assume, employ assembly language gurus and the like to make sure nothing fishy is up - and this board can randomly inspect any machine, at and time, for any reason, and god help you if your rom doesn't match the one on file.

    Such a system would work very well to control the carnivore system, I think. Of course, my country isn't proposing to do anything this insane, yet.. When I think about it, sweet jesus, it's scary - they want to be able to tap any email or internet connection (packets are packets, right) at any time!

    There's got to be a mecahnism put into some of the popular mail readers (mozilla?) to allow for hard encryption during transit happen real soon like. I mean, who gives a @#$@ how crappy the passwords are stored (put them in a .conf file) just so long as they're being *used* for email, ideally, transparently. Then carnivore is effectively useless. Too bad Microsoft wouldn't implement something like that - would be sweet. Or even if ICQ supported it (there is a ICQ client for secure comm now, Linux only..)

    Just some thoughts.

  • You've never worked at a University, huh?


    Of course not. I applied back in the 80's. I haven't heard from them yet.
  • FBI Director: "Somebody get me the head of monetary appropriations on the phone, NOW!!

    Phone rings...someone on the other end of the line picks up.

    Voice: "Hello?"

    FBI Director: "Uh, yes, hello, this is the director of the FBI speaking. Ummm...I'm doing some..uhh..research here and I need to know the top ten most government funded universities in the US."

    Voice: "Well, University X received this much, University Y received this much, and University A tops the list with a wopping X amount of money given to it by the government."

    FBI Director: "Right!! Thanks!"

    Director slams down phone. Leans out of office window, yelling:

    "Johnson!! That university that we were looking to test Carnivore? I've got one lined up!"

    This was meant to be humorous, not to be taken serious by any stretch of the imagination. Please moderate and reply accordingly

  • It is kind of auspicious listing this article right after the one about universities being
    bought out for research.
  • This is ridiculous. The government is monitoring communications and won't reveal the manner in which they do it? The FBI should be forced to comply with FOIA requests for any and all documents related to Carnivore. The FBI is the servant of the citizenry, not its keeper, and should be put back in its place.
  • Oh, but Bush and the CIA didn't do anything! And he certainly didn't pardon most of the people involved before he left office!
  • They should pull a trick like the CIA did when it was discovered their involvement with cocaine and Latin American contras - do an internal investigation and state that we found nothing out of order. The media/public bought it last time.

    You are more than the sum of what you consume.
  • After getting reaction from privacy and law enforcement groups, one will be recommended to Attorney General Janet Reno. He said the university will be selected partly based on its technical expertise in computers and its ability to conduct a "thorough and timely" review. Reno said the university experts will have "total access" to any information they need to conduct their review.

    OK Kids.. Here's five dollars, you have twenty minutes to 'review' the system.. No you may NOT open the box - Heres the instruction manual:

    Welcome to new CARNIVORE system

    Your new CARNIVORE system made from component of hi quality. If use, keep dry. Not to open style case with not user serviceable parts inside.

    To Operate

    1) Press POWER button
    2) plug to NETWORK connection
    3) Wait for single beep tone
    4) Leave connected- Only AGENT use now

    If Problem occur

    1) Check power cord - Is plug in?
    2) Did POWER button completely depress?
    3) Contact AGENT for assistance, No user serviceable parts inside.

  • This may be a little reaching, but perhaps instead of a university researching it, why not have Universities test it out on a private internet?

    Internet2 is already there, with several tech-filled campuses using it. Why not just have the Internet2 test out the Carnivore and have those U's figure out its flaws, its innards, and what vulnerabilities to people's rights it would have.

    To me, that seems like the best idea, and it won't disturb anything with other countries or people's rights, just make the U's on I2 a little more worked, but for the good of everyone.
    Dragon Magic [dragonmagic.net]
  • I need a good thesis topic... pick me! pick me!

    Seriously, do you want to end up with a bunch of students reading through (Ada, no doubt) obfuscated (wait, I already said Ada) source code and trying to figure out what it does? After all, the researchers are all too busy working on corporate research to be able to do this...

    Anyway, all there needs to be is ONE buffer overflow/security hole in the code, and then the FBI can get in and push bits around on the stack until it's reading everybody's email. Remember to check for that!


  • Question: Does the FBI Training Academy count as a university?

  • It will likely be reviewed by a bunch of students who will do exactly as the feds say, in lieu of being prosecuted for the 14 gigs of w4r3z they have on their computers.

    The leader of the review will be a professor who will be spared from charges related to that 17 yr. old freshman he was screwing last semester..
  • Shouldn't they be appointing a comittee that will take a few years to make up their minds?

    This way they can play it for ratings value by handing it over to a bunch of university legal scholors, who will probably arrived at some informed and intelligent opinion, which than can be thrashed about on Larry King Live, handed back to the House (via the FBI) where it can languish and be debated ad nauseum, despite good thought already put into it, but because it's not Dems or Gops.

    Rather than toss it to the combatants^H^H^H^H^H^H^H^Hcandidates (Bush & Gore) who would thrash it around, get it politicized in the House and Senate (because it's an election year) then be implimented anyway after January 21, 2001.

    This really is a hot topic, but I haven't heard any candidate say anything pro or con about it... Am I just missing it in the news, or is Bush in favor of it because his father (George Herbert Hoover Johnny Walker Anheuser Bush) - an old spook - likes the idea, and Gore likes it because he could read those secret emails still going back and forth between Monica and Bill?


    Vote [dragonswest.com] Naked 2000
  • Someone unbiased and objective, I'm sure. Kinda ironic this followed right on the heels of Katz's article on the tainting of academia from outside influences.

  • by Mr T ( 21709 ) on Thursday August 10, 2000 @10:12AM (#864699) Homepage
    My alma mater will do this deed. They take enough funds from the DoD. They build bombs and some other similar type projects at SEI. They have a ton of clout and respect. And, honestly, I think they could probably do a really fair job and I think that the FBI types might think that a place like that is the only type of place where a fair job could get done because of the academic culture at so many other fine institutions.

    I've got a plate of rice crispie treats and a pint of Guinness that says they do it. Anyone want to bet?

  • by AugstWest ( 79042 ) on Thursday August 10, 2000 @10:07AM (#864700)
    If you're looking for an objective review of software, you don't go to the company chosen by the publishers, as it will obviously be swayed.

    If this is a public inquiry required by the gov't, why not let the public decide which university? Anyone else think this is a bit strange?

    Also, totally OT, but... this is killing me...

    Anyone else worried about G.W.'s ties to the CIA? I mean, his father was the head of the CIA for a while (during iran contra, i might add), and now, all of a sudden, BOOM his son is up for President. His son with 5 years of political experience...

    So the former head of the CIA pulls some strings and gets his son nominated for president... Said son states that one of his 3 main platforms is national security....

    I'm scared, and I'm wondering why noone is talking about this.

    I guess it isn't really even offtopic. I mean, Carnivore is the FBI's surveilance system. Does anyone honestly believe that the CIA doesn't have a surveilance system in place?

    I don't like Gore either, but with GW's puppetness, CIA ties and stated platform of national security, I'm more than a little worried.
  • by scott@b ( 124781 ) on Thursday August 10, 2000 @08:35AM (#864701)
    A problem with systems like this is that they are intended to be able to capture all of an Email if that's what is needed. So we know that such capabilites must exist within Carnivore.

    Now, this should only be done when a full wiretap authorization has been given by a court order. The part that needs Real Close Examination is the logging of enabling and disabling such captures. If that's sloppy or has holes then anyone could be monitored without proper authorization.

    Beyond that one should be asking what will be done to review that logging - will this be done by the FBI, making sure that the FBI is only watching who the courst have said they could? Self monitoring has certain weaknesses ...

    This also applies to the "trace and trap" or "pen register" modes, where only the From: and To: information is being captured. The code review can confirm that the mode works as it should, but it also should confirm that moving from trap and trace to full capture mode gets logged as well

    US citizens might consider the establishment of a standard for wiretap authorization; perhaps as a rider to CALEA. This would involve digital signatures for enabling levels of authorization, with an indirect process to generate the electronic command - the FBI asks, the court grants and sends the enabling command. And the code is well reviewed for any holes in the enabling and logging logic.

  • by mlknowle ( 175506 ) on Thursday August 10, 2000 @08:15AM (#864702) Homepage Journal
    The real question is whether or not they will suspend use of the box during the investigation- otherwise they can just milk this thing for as long as they want and keep using the system, or switch to a different method that is equally invasive...
  • by catkinson ( 187577 ) on Thursday August 10, 2000 @08:23AM (#864703) Homepage
    If a university reviews the Carnivore system what exactly is expected by the FBI to be accomplished?

    Is this going to be used as a final decision regarding the use of this email interceptor?
    We just read an article which suggested that Academia is progressing towards profitability and less credibility

    Am I too harsh in thinking that nothing will come as a result of a long and drawn out process of 'experts' reviewing the integrity of the system. It all depends on who they ask to review it.

    Reno said the university experts will have "total access" to any information they need to conduct their review

    If we are lucky, then somebody of good faith will be able to post intimate details of the inside guts of the system. Can we only hope, so we can keep our right to privacy?
  • I can just picture two CompSci students working on the Carnivore box...

    Mike: Hey, what's this thing do?
    John: Hmm, seems like that's the part used to detect everyone's e-mail address as it passes through Carnivore.
    Mike: You know what would be cool?
    John: What?
    Mike: I've got a way or hacking this thing. Let's keep quite about it, and when the FBI install these babies, we can use the hack to read everyone's email!
    John: And why would we do that for? Other than for fun, of course.
    Mike: To score with the chicks, John! To score with the chicks!
    John: Oooooooh! Great idea!

    *shudder* I _know_ guys in college who would really do this kind of thing...
  • by The Ape With No Name ( 213531 ) on Thursday August 10, 2000 @08:28AM (#864705) Homepage
    Shouldn't they be appointing a comittee that will take a few years to make up their minds?

    You've never worked at a University, huh?

  • by 64.28.67.48 ( 217783 ) on Thursday August 10, 2000 @08:20AM (#864706)
    The FBI should ask Jon Katz what university would be best for the review. Without his help, they might select a university influenced by UnichemaMcPetroColaNikeDollars and not really do any real research.
  • by karmawh0re ( 221209 ) on Thursday August 10, 2000 @08:50AM (#864707)
    I am sorry, but having only one university examine the machine is a 'bad idea'(TM). For any real security evaluation you ought to have at least two teams (which implys diffrent skillsets) examine the device. Also if a university examines it it will likely be a professor or two and a handful of students (that might not have the skills that I would concider necessary).

    Let me reiterate.. at least two universites.

    Having only n universities examine the machine is a 'bad idea'(TM). For any real security evaluation, you ought to have at least n+1 teams examine the device.

    Let me reiterate... at least n+1 universities.

  • Why do they even need the system in the first place? ISP's can provide them with all the information they are legally entitled to when they present the ISP with a court order. Why do they need their own unmonitored access to all email on the ISP?

    As stated in the above post, this outside review of the software doesn't prevent the FBI from making changes in the future without notifying anyone. I think the FBI is great and does a great job, but I'm not going to give them the keys to my house because they tell me they won't search it without a really good reason.
  • by sandidge ( 150265 ) on Thursday August 10, 2000 @08:16AM (#864709)
    the first student of the newly created FBI University was enrolled today.

    "We will provide a superb education for all our students for years to come," said an FBI-U rep. "Well, at least until our 'faculty' get done 'researching' that Carnivore thing."

    Sandidge

  • by evanbd ( 210358 ) on Thursday August 10, 2000 @08:37AM (#864710)
    Also, the FBI Unversity is the best in the world, by any standard. By admiting only one student, we have managed to keep the faculty per student ratio very high, at an unprecedented 12 faculty members per student. Furthermore, average class size is at a record low of exactly one student per class. SAT scores, incoming GPA, and many other measures of incoming student body are kept at record highs, easily surpassing inferior universities such as Harvard, Yale, Princeton, and other Ivy League schools. The school has an excellent computer securities department, making it the ideal choice for a review of carnivore.

    ---
  • by GrievousAngel ( 220826 ) on Thursday August 10, 2000 @08:20AM (#864711) Homepage
    Bob Jones seems an obvious choice.

  • by jabber ( 13196 ) on Thursday August 10, 2000 @08:28AM (#864712) Homepage
    Why does the FBI get to choose the University that is going to review Carnivore in the first place? Why a University? It's like asking Bill Clinton to choose the person to investigate his latest impropriety (Ginger Lynn, the porn star... wait for it.) Or like Micro$oft appointing the Judge to preside over their anti-trust trial.

    The decision of who and how will review Carnivore OUGHT to be made by a panel of SECURITY EXPERTS, not the people accused of 'wrongdoing' in the first place. I'd like the decision-maker to be Bruce Scheiner, and I'd like him to hand Carnivore over to the L0pht guys (umm, excuse me, @stake).

    It should be the hacker community that gets to scrutinize Carnivore. Not because I'm a /. reader, but because the hackers and the Fed are natural adversaries. It's the only way to make sure Carnivore gets a thorough PEER-REVIEW. Hackers would really get under the thing's skin, while academics will complement it's object-oriented design, oogle the UML specs and give a favorable review in exchange for a research grant. The only hope is that, since this thing will end up at a University... Well, their security ain't the best.. We'll get to see it somehow.

    In the very least, I hope a formidable research University gets the nod. Someplace like CMU, MIT, or UC Berkeley would/might do this right. I'm sorry but if they hand it to Harvard or Yale, our communal goose is cooked.
  • The WSJ ran an article this morning that had a less happy veneer. The high points were that the FBI was claiming Carnivore was classified information, and that thoguh they'd submit it for evaluation, it would not become public knowledge in any form whatsoever. The article is here at http://interactive.wsj.com/articles/SB965861735609 205665.htm [wsj.com]

    And here are relevant excerpts:

    "The Federal Bureau of Investigation declined to give to Congress details of its Carnivore Internet surveillance system, telling a member of a House oversight committee that some of the documents he requested include classified information and others are the subject of a pending lawsuit seeking their release"

    "...the bureau wrote that it is "not presently in a position" to provide documents he requested. "There remains substantial public misunderstanding and misinformation about the system," wrote John Collingwood, assistant director for public affairs."

    "...the Justice Department has been negotiating such a review with the University of California at San Diego's Supercomputing Center, said Tom Perrine, the center's manager of security technologies."

    and my favorite:

    "Mr. Perrine said that part of the FBI's challenge using Carnivore is conducting Internet wiretaps under U.S. laws that predate the Internet. "Carnivore is probably the best program and the most privacy-protective program that [the FBI] could have written given the lack of guidance in law from Congress," he said."
  • by ajs ( 35943 ) <{moc.sja} {ta} {sja}> on Thursday August 10, 2000 @08:58AM (#864714) Homepage Journal
    What we need here is a redundant array of inexpensive universities (RAIU). At least four universities should be set to the task of evaluating Carnivore, independantly. Meanwhile, one additional university is given the task of checking the findings of the other four as they come in. If any of the results don't match previous statements made by the FBI, you throw them out.

    Seems simple to me... ;-)
  • by artistX ( 213795 ) on Thursday August 10, 2000 @08:15AM (#864715)
    Once the FBI submits Carnivore to public (the university) scrutiny - will they then be able to install their boxes with impunity, without continuous monitoring? Perhaps I'm stating the obvious, but how hard would it be for them to fill a box with some fairly innocuous code and then run whatever they want once they get the green light and the spotlight dies down? Just a thought.
  • by wmoyes ( 215662 ) on Thursday August 10, 2000 @08:16AM (#864716)
    I am sorry, but having only one university examine the machine is a 'bad idea'(TM). For any real security evaluation you ought to have at least two teams (which implys diffrent skillsets) examine the device. Also if a university examines it it will likely be a professor or two and a handful of students (that might not have the skills that I would concider necessary).

    Let me reiterate.. at least two universites.

Your own mileage may vary.

Working...