Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Courts Government News Your Rights Online

Carnivore Goes Wireless 169

GMontag writes: "The Washington Post Tech Section is running this story FBI's 'Carnivore' Might Target Wireless Text. Apparently, since the industry can't provide big brothering to the satisfaction of the FBI the FBI will will do it *for* them. This is a collector's item too, with no mention in article of DCS1000 being used to "save" children!"
This discussion has been archived. No new comments can be posted.

Carnivore Goes Wireless

Comments Filter:
  • radio (Score:3, Insightful)

    by geekoid ( 135745 ) <dadinportland@y[ ]o.com ['aho' in gap]> on Friday August 24, 2001 @11:04AM (#2213651) Homepage Journal
    wireless transmission can be monitored by anyone, not just the F.B.I.
    • not legally. well, not in the US at least.
    • That's not true anymore, at least not in the US. In the US it is illegal to listen in on cell phone frequencies for instance.

      Of course it's technicly feasable for anybody to do so, but it's not legal unless you are the FBI (or other law enforcement and you have the proper paperwork).
      • Re:radio (Score:2, Insightful)

        by Menteb ( 161089 )
        well, so is making backdoors in webserver software and selling it to stupid people (euh... M$ maybe ;). I mean, not every person on the planet is born with good brains.
      • "Can" is not the same as "is legal to"

        or: it's perfectly feasable, just don't get caught. Wireless anything should not be considered secure (unless steps have been taken to secure it, obviously)

        Not that that makes me less uncomfortable with the fbi...

    • they have Echelon, the satellite spy that does that job.

    • When will you people learn that whatever's broadcast can and WILL be intercepted. The only question that remains is whether they can break your encryption...
  • I suppose 2004 is just as good as 1984.
  • There's just no good reason to send plain text over a wireless line. Not only can any private citizen with a decent radio setup listen in, now the government will listen in, too.

    What's needed is a good wireless encryption standard with good firmware decoding. A simple hardware setup with centralized servers containing public keys would be a fantastic way for a wireless company to earn my business.

    • What's needed is a good wireless encryption standard with good firmware decoding
      Given the current corporate Zeitgeist (what's ours is ours, and what's yours is ours), I wouldn't be inclined to invest a lot of faith in any COTS hardware-based encryption scheme.

      Not to say I wouldn't use it, but I wouldn't consider it secure without some open-source software encryption package running on top of it.

    • > What's needed is a good wireless encryption standard with good firmware decoding.

      But wouldn't building such a network be in violation of CALEA, the act that requires network providers to be wiretap-friendly?

  • *sigh* (Score:3, Informative)

    What part of "subject to court order" don't you understand?

    Sometimes I think there are people who seriously think we should completely ban law enforcement because there might be some miniscule possibility of abuse.

    • abuse can be good :)
    • Sometimes I think there are people who seriously think we should completely ban law enforcement because there might be some miniscule possibility of abuse.


      Just like authority thinks that all blank media should be taxed because there is possiblity of abuse .

      • Just like authority thinks that all blank media should be taxed because there is possiblity of abuse .
        Taxation is not the same thing as banning.
    • Yes, but they are still watching everything in that area subject to court order. How are we to trust them if we can review the process that decides which messages get saved, and which don't? Maybe your neighbor is being carnivored, but they decide to also save your message discussing "weaknesses in css style protection flavor of the week" for later investigation. After all, when they see a "crime" in progress, they are allowed to act on it reguardless of if they only saw because of survailence of someone else.

      At least that is my understanding as a non lawyer.
    • While it is true that this is just another hysterical /. story in which the poster saw a headline and just put it up without reading the article...

      I think Carnivore is alot larger than a "miniscule possibility of abuse" ... it represents an "actuall violation of privacy". I would not ban law enforcement because of this, I just want law enforcement to play fair. How would you like to play Cops & Robbers where the cops get to have unfair advantages like not having to play by the rules they are supposed to be enforcing? That's no fun, that's cheating! Criminals are people too, stop taking away all their fun.
      • Ahem... actually, I did read the article. What portion of it do you *assume* that I missed?

        BTW, the title that I submitted was "DCS100 aka Carnivour goes wireless!"


        "The Washington Post Tech Section is running this story FBI's 'Carnivore'
        Might Target Wireless Text.


        Humm... can't be that part...

        Apparently, since the industry can't provide big brothering to the satisfaction of the FBI the FBI will will do it *for* them.

        Was not a quote from the article, it alludes to the industry itself saying that it can not meet a 30 Sept. deadline for providing eavesdropping services to the FBI.

        This is a collector's item too,
        with no mention in article of DCS1000 being used to "save" children!"


        Perhaps you saw a "save the children" refrence that I am still missing?
    • Re:*sigh* (Score:3, Interesting)

      by stuccoguy ( 441799 )
      It is true that the FBI must get a court order in order to use Carnivore to intercept the contents of a suspect's communications. Under most circumstances this would be a satisfactory due process safeguard against abuse. In fact, it has been the status quo for preventing abuse by law enforcement for decades.


      This is not the case with Carnivore. The system captures all trafic on the network based on protocol. A court order to intercept the contents of John Doe's email could also result in the capture of your email if it happens to be crossing the same network.


      After the packets have been captured they are filtered to present a set of emails to and from the subject of the court order, but your email and the email of hundreds of other innocent individuals is already sitting on the FBI's computer waiting to be misused or abused.


      And the threat of abuse of that information is hardly miniscule. This is the organization that withheld thousand of documents in the timothy mcveigh trial, attempted to railroad Wen Ho Lee as a spy for taking his work home with him, kept dossiers on thousands of politicians, businessmen and regular citizens for political motives, murdered Randy Weaver's wife and son, and massacred 33 women and children at Waco.

      • Re:*sigh* (Score:2, Interesting)

        by Stickster ( 72198 )

        You are indeed underinformed, but that's typical of /.ers these days. The packets are filtered but then pursuant to the actual court order and normal Title III wiretap regulations the non-pertinent traffic is not retained "sitting on the FBI's computer" [sic] for later use. The irrelevant traffic must be discarded at the time of filtering.

        Your obviously polemic (and clearly incorrect) comments at the end of your post don't even bear up to the slightest modicum of common sense. Do yourself a favor and don't believe everything you read or hear. Remember that the news media is a BUSINESS, not a public service. They have no motivation to report truth, especially when it doesn't generate good ratings.

    • by Bonker ( 243350 ) on Friday August 24, 2001 @11:47AM (#2213880)
      Heh...

      This attitude never ceases to amaze me.

      Once upon a time, when I was sixteen years old and driving home from my girlfriend's house one evening, I was pulled over by a police officer in what could be called the bad side of the town. Although North Amarillo is still a fairly nice neighborhood, it does have a slightly higher crime rate and lower property values than the south side.

      Thinking to my self... 'I wonder why I've been pulled over?' I remained calm because I had done nothing. What could I possibly have to fear from a uniformed law enforcement officer when I hadn't done anything wrong.

      Said officer pulled me from the car at gunpoint and shoved my face into the asphalt... the gun pressed into the base of my skull... while he cuffed me and frisked me. He threw me into the back of his patrol car and then illegally searched my car.

      I learned later that he did all this because there had been reports of a 'drive by shooting' in my girlfriend's neighborhood. My car matched the description, so in the cop's mind I was a dangerous unknown... dangerous enough to hold a gun to my head. He felt he had 'probable cause' to search my car for firearms based on an anonymous 911 call.

      An attourney later told me candidly that I had very little chance to win a court case because the policeman released me after searching my car and the judges were all highly sympathetic to the police.

      Now, what lessons should we all learn from this?

      1. American criminal and police law is not designed to protect innocence. It's designed to punish the criminal.

      2. Police will do their best to uphold that law out of honor, duty, hate, fear, or any other of a hundred positive or negative reasons.

      3. Police don't care about innocents who get hurt or get their civil rights violated, so long as *they* aren't hurt and *their* jobs don't become any harder. There's a reason we have the term 'Police State'

      4. Power breeds corruption. Any given law enforcement agency may have a policy against abuse, but almost all law enforcement officers will abuse their power in one way or the other.

      I'm not the only one who things these things. There's a reason we have the fourth amendment, after all.
      • I was going to quote one section, but can't narrow it down.

        I am truly sorry that you were not the right person. And yes, it was unfortunate that you were in the 'wrong place at the wrong time.' But, as much as I believe in individual liberties, if I was that cop I would have done the same thing.

        I work in computers, but have spent 4 1/2 years as a firefighter as well. I am 22 and have seen a lot more than I would like. Like the outright murder of not one, but three police officers (two Tampa detective and one Highway Patrolman) as well as recently another murder of a Tampa Police Officer. Why? Because they did not do exactly what the police officer above did.

        Let's play what if. What if you would have been that shooter? What if the officer had a report the shooter had high-caliber weapons? What if the report also involved possible other shootings? What if you had not been the shooter, but had a gun?

        Unfortunately, because we are all human, mistakes are made. You were not held illegally, not tortured, nor beaten, you were 'secured' via a legal method of takedown in a possibly hostile situation. And if I was in your situation (and I have been) I would only be upset if the police officer would have continued to hold me for hours, or would not have released me, or would have had no reason at all.

        As far as your points? I am not even going to start on them. I can say that you appear not to even know a Police Officer or (obviously) be one. As I tell people who complain about how open source projects are going, if you don't like it, do something about it. Don't sit on your freakin' butt and come up with reasons to make you feel better about yourself. Go out and do something. Become an officer. Put YOUR life on the line. Or help those that do. See how it feels to arrive on the scene of a shot officer, to see the destruction caused by it. To do everything you can and it not be enough. Do that, then come back and see how your viewpoints are.

        • > I was going to quote one section, but can't narrow it down.

          Thanks for saying it better than I could. (Moderators, please consider the parent of this post...)

          There's a world of difference between stuff like Carnivore (which I regard as an abhorrent evil), and an officer in a potentially life-threatening situation doing his job.

          Had I been the cop in question, I, too, would have done the same thing. Had I been the "guy in the wrong place at the wrong time", I'd have been scared shitless, but once the mistaken identity issue had been clarified, and assuming the officer had acted professionally (and as it appears in this case, he did), I'd have complimented him on being safe and wished him good luck in catching the perp.

        • A friend of mine had his front door kicked in by police on a drug raid. He and his unarmed parents were beaten so badly that they will never recover from the hospital debt. The doctor mishandled his medication and now he's addicted to painkillers. He gets arrested a lot because whenever he sees a cop he runs in fear. The punchline? It was the wrong house.

          An honest mistake? Well, going into the wrong house was. Crippling unarmed people was quite deliberate on the other hand. Is this SOP?

          A much closer friend was attacked by a man on PCP in her own apartment building. Her skull was cracked open, and aside from nearly bleeding to death she still doesn't have full feeling back in her hands. When the cop arrived on the scene, did he arrest the perpetrator? No. Instead he informed this man of his right to have arrested the woman who had tried to save my friend by using an illegal can of mace. The cop took a perfunctory statement and to this day the man roams free.

          Was that SOP?

          Or I suppose the cops who beat Rodney King more than 60 times were doing so in fear for their lives.

          Ever been pulled over for "driving while black"? I guess all people of african descent might be the suspect of a shooting nearby, so that makes sense, right? It's to save officers lives.

          Sorry. It's bullshit. Yeah, maybe the poster's case was mistaken identity and an obnoxious but necessary use of procedure. But don't sit here and tell me that police abuse is necessary.

          I do know a number of cops. I'd label all of them "basically nice guys". However, they all share an interesting viewpoint. In their mind, they are the "good guys", and thus anything they do to catch the "bad guys", or do to the "bad guys" once they are caught, is justified. They might feel bad if they screw up the wrong person, but not too bad, since it was all part of the process of getting the "bad guys".

          Did I say interesting? I meant scary, because these people carry guns, authority, and far too little accountability.
        • if I was that cop I would have done the same thing.

          This is incredibly sad. I had a similar situation occur, when working late one night. It was about 1am and I got a call that there was a personal emergency I needed to take care of. I left the office and drove very quickly towards home.

          I got stopped in Warminster PA, held at gunpoint and had my car illegally searched because the police refused to believe that I was the legal owner and operator of my vehicle even after giving them all the relevant paperwork. It was only after the search came up empty, AND they got second-hand verification that my paperwork was legitimate that the guns were no longer pointed at me.

          The only reason I didn't file a complaint was a fear of retalitory behaviour from the officers involved. After all, these were people who thought it was reasonable to keep multiple guns trained on an unarmed civilian for almost 15 mintues.

          All this because I'm a relatively young guy who was driving a nice car a little too fast.

      • Once upon a time, [... blah story]

        Thus illustrating the danger of anecdotal evidence. I wasn't there, I don't know all the details. However, when I say "miniscule possibility", I am saying that statistically this just doesn't happen that often. Does it happen? Of course. Does that mean we should ban law enforcement? No. Does it mean we should continue to watch them very carefully? Yes.

        And does it mean we should "handcuff" law enforcement because of the *possibility* of abuse? Absolutely not.

        Now, what lessons should we all learn from this?

        That police are human, not perfect, and will possibly err on the side of caution when their life is in real danger. Sorry, but I can't say that I wouldn't have done exactly the same thing, particularly if it occurred in a dangerous neighborhood (which presumably it was if you have drive-by shootings). Personally, I would rather live and apologize, than die knowing I didn't frighten a possible innocent.

        • "I would rather live and apologize, than die knowing I didn't frighten a possible innocent."

          So it's ok frighten your wife or your child
          as long as I apologize after?

          Can I shoot them if I think they might have
          a gun?

          Where do you draw the line?

        • And does it mean we should "handcuff" law enforcement because of the *possibility* of abuse?


          Sounds like a good idea to me. Police misconduct isn't a "possibility", it's an all too common fact. There are far too many cops who wouldn't think twice about planting or manufacturing evidence, committing purjury, or conducting illegal searches & surveillance. Cops are rewarded (by promotions, raises, &commendations) for making arrests [particuarly ones that lead to convictions], and are only rarely held accountable for their own misconduct and criminal actions. Law Enforcement has too much power and not enough oversight and accountability: either we need to reduce thier power, or increase their accountability. Cops who break the law should be disciplined by the courts, not by their fellow officers.



          We would not need so much "law inforcement" if we didn't have so many asinine and unconstitutional laws. Being safe from government oppression is just as important, if not more so, than being protected from violent individuals. It's fairly easy to defend yourself against random thugs; protecting yourself against an out-of-control government is much more difficult. Even as an upper-middle-class suburban white male with a squeaky clean lifestyle, I am far more afraid of being victimized by the police than by street hoods. I can only imagine what urban blacks and hispanics must go through.



          Of course, in order for legal & police reform to work, we would need a criminal justice system that actually worked and kept the truly dangerous and violent people behind bars. Instead, we keep paroling murderers and rapists after they serve a fraction of their sentences, while keeping non-violent drug offenders incarcerated on inflated mandatory minimum terms.



          The plea bargian and parole systems are hopelessly broken and need to be scrapped. I don't have the exact figures handy, but the vast majority of violent crimes are committed by a comparitively small number of repeat offenders. Eliminating parole will keep these people in prison longer. There have been numerous studies that show that the recidivism rate among violent convicts is inversely proportional to their age when released

      • reminds me Robocop... which has better laws

        1 - serve the public trust
        2 - protect the innocent
        3 - uphold the law
        4 - classified :o)
    • Re:*sigh* (Score:3, Interesting)

      by sphealey ( 2855 )
      I think most people in the Western world understand court orders and the need for law enforcement. There are two minor problems, however:

      * Law enforcement and the judiciary form a pretty much closed loop system. They come from similar backgrounds, they consider themselves the "good guys", and they prohibit investiations into their own motives/failures/biases. So when there is a problem with a request for a warrent the odds are that the judiciary will approve the request anyway.

      * If you have spent much time with law enforcement people, you know that the "observe crime/gather evidence/make arrest" model isn't the only one they use. The "suspect crime/fish around for something/use something to get warrent/intimidate person into confessing or giving up someone else" model is pretty common, too. And the methods used to find "something" are not always pretty, legal, or constitutional.

      In the past, while this behaviour may have been bad, it wasn't totally corrosive, because the ability to fish around for "something" was limited by the overall difficulty of gathering information.

      The technologies being develped today, in contrast, make it quite easy to fish for whatever one wants to find. And since there are laws affecting just about every action (I am willing to bet you have violated 5 federal laws already today), the widespread availability of this technology gets more than a bit scary.

      sPh

      • * Law enforcement and the judiciary form a pretty much closed loop system. They come from similar backgrounds, they consider themselves the "good guys", and they prohibit investiations into their own motives/failures/biases. So when there is a problem with a request for a warrent the odds are that the judiciary will approve the request anyway.

        I think most people wouldn't consider police and judges/lawyers as coming from anything close to similar backgrounds. Police are generally come from working-class backgrounds, while lawyers (and especially judges) are generally more upper crust.

        Judges are sympathetic to warrant requests, but not because of their backgrounds.

        • It's a question of the psychlogical profile.:

          "Right now you're thinking in terms of not being a rat regarding your friends. Let me tell you a few things: first, they are not your friends to get you in a fix like this. You don't owe them a thing. Second, you have a duty to do your part to keep this society together. You need to face this like a man and do the right thing as you were rised and trained to do".

          To most law enforcement personnel, this argument makes complete sense. Everybody has a duty to do whatever possible to make the world a better place. They learned this at home and had it reinforced by various social institutions such as the church, school, scouts, and the military. Thus, an interrogator might think: "How can anybody not see this? Everybody knows this. I'm merely verbalizing the obvious so the subject will find it easy to agree."

          -John E. Hess, "Interviewing and Interrogation for Law Enforcement" (ISBN 0-87084-348-6).

        • "I think most people wouldn't consider police and judges/lawyers as coming from anything close to similar backgrounds. Police are generally come from working-class backgrounds, while lawyers (and especially judges) are generally more upper crust"

          If you are talking about original background, perhaps, although in Chicago policeman => watch officer => night law school => assistant prosecutor => judge is a pretty common life path. Supreme Court justices probably went to Yale, but there are a lot of judgeships in the nation and most of them are local in scope.

          However, by "background" in this case I ment a career of dealing with "perps" and "mopes" in very a lengthy series of very unpleasant encounters, building a shared worldview of us-against-them. See _Bonfire of the Vanities_ for a good ficational description.

          sPh
    • Sometimes I think there are people who seriously think we should completely ban law enforcement because there might be some miniscule possibility of abuse.

      "Miniscule"? Can I direct your attention to the history of the past few decades? From COINTELPRO to Rampart to the Abner Louima case to Waco to Carnivore, the one thing police forces have shown time and time again is that the probability of the abuse of power is anything but miniscule.

    • > What part of "subject to court order" don't you understand?

      Tell it to Martin Luther King, Jr. The FBI tapped his phones (*with* a court order) and discovered he was having an extramarrital affair. Since they couldn't arrest him for that, they sent him letters threatening to expose him and suggesting suicide would be a better alternative.

      Today, the FBI's headquarters are named in honor of the man who was at the top of the FBI during those "investigations".

      Now I'm supposed to believe that they should have access to every letter I type on a keyboard? Even the "independent" review of Carnivore revealed that the system had no real accountability and that a rouge agent could access everything captured without tracing the agent's access.
    • The US had law enforcement long before the FBI existed. Law enforcement does not necessarily need to snoop on communications. Real crimes leave evidence in the real world. Crimes that require eavesdropping to prove probably shouldn't be crimes.

      I'm sure there are exceptions, most of which involve people conspiring to commit "real world" crimes. But are the exceptions worth the price?
      What part of "subject to court order" don't you understand?

      This part. [google.com]
    • Are you not aware that the FBI under J Edgar Hoovers 48 years as it's head was practically controlling the federal government of the USA? Mostly through blackmail, but also intimidation and murder.

      Hoover spied on everyone and had incriminating files on pretty much every politician that could end their career, which enabled him to rule Washington.

      That is not "miniscule" in my book.

      Remember that those not aware of history are condemned to repeat it.
  • "But Sobel and Altschul said Carnivore cannot separate address information from the content of a message in a packet, and so authorities must be trusted to weed out data they are not allowed by law to have."

    What could they gain by only reading the packet headers? The content is what they really want.
  • this is no diffrent than a wire tape on a conventional phone line, they will still need to get a warent to do it so if your not breaking(or known to be breaking) the law don't worry.
  • But I always thought DCS1000 was a Sony digital camera. Isn't this infringing on Sony's intelectual property?

    Maskirovka

    Ok...bad joke.
    • Ok...bad joke.

      Not really. I think it was funny, and sociallpertinent, especially since I too have a Sony camera and made that connection.

      You might as well call the Smith and Wesson 'Peacemaker' a "SWP 45002", and see if it gets quite the same reaction. Better yet, lets call illegal wiretaps "IWS90210's" and see if they get as much attention as they deserve.

      Let's call a spy a spy, shall we?
  • Clarification (Score:2, Informative)

    by ViceClown ( 39698 )
    Here's a point I have been meaning to make for awhile. My uncle does computer fraud investigations for the FBI. Yes, that's right - he's a fed. I brought up this topic to him at our last family function. What most people don't realize is that Carnivore is actually going to be less restrictive than old procedures. If the FBI or one if it's investigators wants to subpeona email know what they do? They take the whole server. They take all the email and just route through until they find what they want. The point is they take it all and have access to anyone and everyone who went through that box. With Carnivore they can pick out who they are looking for through standard procedures and as long as you are not a fedral criminal you have nothing to worry about. Frankly, if that helps stop bombs from going off at olympic games and helps track down illegal malitias, hate groups, etc. then Im all for it!
    • okay, cameras in everyones houses will help stop drug use, domestic violence etc etc etc. At what point does it go to far. before it begins
    • >as long as you are not a fedral criminal you have nothing to worry about

      Tell your uncle that, after Richard Nixon and J Edgar Hoover's reign, the FBI has got a HELL of a job ahead of them if they plan to convince anyone
      of the truth of that statement.

    • ... there was an article [mises.org]recently on mises.org on the FBI's "great tradition" (GWB's term). I don't know that I want those people protecting me from olympic park bombings (they did that one real well...) or tracking me down for imaginary crimes.


      "If you're not a criminal you have nothing to worry about" - famous last words. See this story. [slashdot.org]

    • Frankly, if that helps stop bombs from going off at olympic games and helps track down illegal malitias, hate groups, etc. then Im all for it!

      This is exactly the non-sense that keeps average people in support of things like Carnivore: the false sense of security. Hard-core terrorists have been using encryption for a while, and aren't going to be bothered by Carnivore.

      Terrorism is the boogeyman that they always bring out to justify increased surveillance. The end result is a loss in privacy and no effect on stopping intelligent criminals.

    • Frankly, if that helps stop bombs from going off at olympic games

      And we all know how well *that* case was handled by the Feds.

      There's just a litany of mistakes(and worse) that the FBI has done. Some of them may not have changed things in the end but they do point to a certain attitude of "We don't give a sh*t."

      Like the thousands of pages they just sort of forgot to give to McVeigh. If they pull these sort of stunts in a high-profile case like this, imagine what they're doing with anonymous cases involving people who may really be innocent.

      Frankly, I'd rather not have people like that have something like Carnivore. The FBI, as an agency, has shown repeatedly it can't be trusted and until it gets cleaned up from the top-down, people have every right to be suspicious.
    • as long as you are not a fedral criminal you have nothing to worry about.

      I belive that this was the mantra of the fascists in the earlier part of this century as well.
  • If only we could influence the US Congress like the end of Tom Clancy's Debt of Honor [amazon.com]...


    Harrison Ford as US President would be a wonderful bonus ;-)

    • Uhhh I just finished Debt of Honor... and without giving away the ending to anyone that hasn't read it yet I'll post in pig-latin.

      reay ouyay uggestingsay eway illkay hetay ongresscay? Tiay ouldway akemay orfay oodgay elevisiontay, nday CNN ouldway ebay ovelay ouya orfay tiay... utbay hey'lltay ustjay eplaceray 'em.

      So what does that accomplish?
    • Just who do you think would replace the congress critters, eh? That scenario (Executive Orders) would require having a real MAN in office, not some pot-headed, DWI convicted, playboy like dUHbya. Dream on.

      Maskirovka

  • There's an article about the persecution of a CIA officer [washingtonpost.com] in connection with the Hanssen spy case. They picked out the wrong man and harrassed him and his family for two years. Competent investigation would have demonstrated his innocence quickly.

    Then there is the article on Al Gore, Sr. [washingtonpost.com] He drew the FBI's fire for complaining about the treatment of a woman accused of the "crime" of having engaged in premarital sex.

    You might want to check out your favorite bookseller for books on the FBI as well.

    People who say "If you're innocent, you do have anything to worry about" should consider who is deciding what is innocent and what is not.

  • by ethereal ( 13958 ) on Friday August 24, 2001 @11:24AM (#2213765) Journal

    This seems a little suspicious to me - from what I've heard, most of the wireless providers are well on their way to providing the federally-mandated wiretapping access. They can't be very far off from completing the technical setup that is involved. It seems like the Feds are useing the missed deadline (which really was an artificial deadline anyway) as a convenient excuse to expand their wiretapping powers. It's not like there were crimes that just had to be wiretapped on September 30; as long as the wireless carriers get things rolled out reasonably soon I don't see how the government could legitimately complain.

    And yes, anyone can tap wireless, but the issue is what can be used in court. If the government is sucking in more information, then there's more of a chance that a bad judge somewhere can be found who will let unrelated intercepted information into evidence.

    Of course, since you have no privacy right on a land-line phone either [politechbot.com], maybe Carnivore isn't such a big deal either :)

  • I seem to remember back when digital cell phones first becauem populare inthe USA, that the FBI authored, and sponsored a bill in congress that would allow them to force digital cell phone providers with the means to descamble the digital signals. You see, digital cell phones are actually difficult to snoop since the signals are digital, unlike the older analog phones. The FBI was mad that they coudlnt' use their radio-shack scanners to snoop your conversations, they actually have to put forth effort int he form of computer systems that took time to descramble the dgital signals, and by then the call was over. Further complicating the issues was the fact that just descambling the signal wasn't really enough because you conversation was embeded amonst hundreds of other conversations.

    If memory servers me right, the FBI got what they wanted, and this only amounted to them having to get a warrant, and then the phone company could then be forced to comply with the goverment spooks.

    AS I read the article, this provision appears to take that law to the next step. Premtive sniffing ability. The FBI has a huge convinence by this, as when they get a warrent, they simply open their ears, as opposed to the insecure method of askignt he phone company to allow this.
  • Carnivore FUD (Score:4, Interesting)

    by sourcehunter ( 233036 ) on Friday August 24, 2001 @11:35AM (#2213821) Homepage
    Look folks, I have some friends who work at the FBI - not agents, but the guys who actually setup and maintain the carnivore system, go on raids WITH the agents to make sure the computers are handled successfully, and parse through 100's of GB of data after a raid to determine what is of and what isn't. (this goes against common misconception #1 that the agents actually sort through the data - they do not - they have a computer guy do it).

    One day, I asked my friends about carnivore.

    Carnivore is a very simple system - TCPDump, a filter, and a sort utility. It is a black box administered from remote, setup at their office.

    The filter is setup to only record a handfull of things - a) email communications to or from a suspect as specified in a warrant or b) packets to or from a certain IP address designated by the warrant.

    It does not capture and save every packet going across the wire - that would be illegal.

    Let me say that again, as it bears repeating - It does not capture and save every packet going across the wire.

    Yes, in a TCPDump, all packets are going to be pulled that hit the network interface, but the filter will only save the packets that meet a certain criteria.

    They developed this with the WHOLE IDEA of making DAMN sure they stay within the confines of their warrants - because otherwise, they are breaking the law. Also, they would have to go through 100's of GB of data if they captured EVERY packet at a standard ISP. At an ISP like mindspring, the amount of data captured would be unfathomable.

    The computer guys actually know how to set the thing up properly, so you don't have to rely on the standard Liberal Arts/Criminal Justice major FBI agent to understand what he or she is doing. All the agent might do is drop the big black box off at an ISP, plug in the power cable and network cable, and walk out.

    Don't get me wrong - I personally don't like the FBI or its agents. I've had run-ins with them in the past, and the ones I met I didn't like. The guys who deal with this AREN'T agents... they are computer geeks, like you and me. They read /., the game, they program in Perl and other ub3r-1337 h4x0r languages. They know what they are doing, AND they do EVERYTHING in their power to make sure ONLY those communications that they NEED and are supposed to HAVE get captured.

    • It appears that the FBI has been less than candid about the technical aspects of what carnivore can and does do. There are lawsuits and congressional investigations proceeding in an attempt to weed out this very issue. We would be remiss if we assumed that we knew exactly how this system does and does not work.


      However, there is evidence [epic.org] to support the fact that both filtered and unfiltered traffic are archived and later sorted.

    • "It does not capture and save every packet going across the wire - that would be illegal."

      It is also illegal to fail to respond to a legitimate Freedom of Information Act request, yet the FBI and CIA do it all the time. What is your friends' justification for that behaviour? If the FBI won't follow that law, why will they follow the law where Carnivore is concerned?

      sPh
    • I wouldn't mention this except that some might not get it, but the subject above is sarcasm.

      Seriously. Why should it make me feel better that the people who are using this system understand technology? What difference does that make, exactly? As far as I'm concerned, that just makes them more capable of committing abuse.

      But maybe you're implying that geeks are morally superior beings who would never do anything bad. Which I agcree with. Because no geek has ever done anything like try to lock out competing programs through incompatability, create huge databases tracking customer behavior, or prevent people from exercizing their fair-use rights. Or build nuclear weapons, for that matter. Oh, geeze. There I go being sarcastic again.

      It's okay, because it's geeks? Sorry, but I don't buy it for a millisecond. Because I know how this works. Let me ask you a quick question, which I will alert you in advance is to test whether you are a hopelessly naive person with no grasp of human nature:

      The geek you speak of is sitting at his Carnivore terminal tracking communications by a suspect when his manager walks up to him and says "We haven't gotten anything from this guy's email yet... Can you expand your search to include these neighbors, aquaintences, and relatives? And this unrelated person we think might be dirty." Does the geek answer:

      A) "No, sir. That would be both illegal and immoral"

      B) "Yes, sir!"

      Hint: The answer is the same as when the geek is at MS and the manager asks "Do you think you can break Samba's compatability in the next release?"

    • One day, I asked my friends about carnivore.

      And you beleived their answers? Sucker.

      Never believe anything you are told by an employee of any "law enforcement" agency.

      The guys who deal with this AREN'T agents... they are computer geeks, like you and me.
      Not like me, friend. I got ethics, and working for a paramilitary law enforcement agency would be far outside 'em.
  • This whole scare over Carnivore and other related issues is just uninformed noise. Monitoring email or wireless traffic is no different than authorized telephone wire taps. They are a necesarry tool for law enforcement, and I consider them completely acceptable as long as there is proper discretion and judgement applied to their use, and a reasonable set of checks and balances exists. Law enforcement and intelligence agencies operate within the bounds of our laws; if they violate these laws there are severe forms of reprimand. Given that, would be more dangerous not to allow them the tools necesarry to do their jobs.
  • But Sobel and Altschul said Carnivore cannot separate address information from the content of a message in a packet, and so authorities must be trusted to weed out data they are not allowed by law to have.

    This is like saying to a kid, "We'll sit this cookie and these lima beans in front of you, but we're trusting you to only eat your lima beans and not even look at that cookie!"

    And what about how using Echelon to spy on US citizens [icdc.com] was circumvented by intercepting the information and giving it to foreign groups, which would do the same with their info? Who's to say that this info isn't going to be handed over just like that?

    • Do you have any idea how strict the regulations are regarding intelligence collection and dissemination? Do a little research and you'll find out that someone working for the government can go to jail for a very long time for collecting information illegally. The laws don't leave much gray area there. How about doing a little honest fact checking and not spreading rumors and propaganda. If you're genuinely curious fas.org has useful information and for further clarification there's always Freedom of Information Act requests.
      • "Do you have any idea how strict the regulations are regarding intelligence collection and dissemination? Do a little research and you'll find out that someone working for the government can go to jail for a very long time for collecting information illegally"

        Sort of like the Detroit police department? While what you say is technically true (a) the perp would have to be discovered (b) the crime would have to be reported (very unlikely due to the "code of silence" in all tight-knit professions (c) management would have to take action {see (b)} (d) the action would have to be prosecuted.

        I do see the need for law enforcement, and I do respect the job that most law enforcement officers carry out.

        Unfortunately, the power inherent in law enforcement is so, well, powerful, that when it is abused the results are very bad for the victim. And I am afraid there are quite a lot of documented abuses (Richard Nixon, J. Edgar Hoover, and the IRS anyone?).
  • I belive the public will eventually see the need for more encryption in their everyday lives.... For example, the digital phones introduced a higher level of security compared to the analog phones, and I recall thsi being a selling point for those. Now in thsi day and age, the public will soon find the need to encrypt every form of comunication they participate with. Eventually web servers, for example, will be strong enought to use pure ssl for all communications, once the ability to generated the shear volume of random seed is at the proper level.

    What I'm gettign at is that RC4, or RC5, encryption will eventually be a feature on all cell phones as the cost of fabricating the chips to do this fall to reasonable levels. The 802.11 folsk have already done this for my WaveLAN card, and some European comanies have also started selling crypto-phones, crypt-walkie-talkies, and other high-end comm gear. The problem is that the crypto must be a point to point system, never needing to relly on the public key of the tower, bt tower to node crypto is also a good counter-measure on teh part of the phone companies.

    Of cource the FBI, and NSA, percieve the use of crypto as only being used for criminal activity. I mean to say that if you have to encrypt your communications, then what exactly do you have to hide? The gotch-a is that if everybody were to use crypto by default, the issues would be moot. The infrastyructure to decypher everyones cell phones would take a cluster of quantume computers or something drastic like that. And the Entire cell phone using public would essentially be considered criminal by the FBI, and NSA, as that is ther presumtion about keeping secrets from them.

    As it stands now, cell phone towser trunk all their customers conversations into a massif data-stream in the CO office, and you cannot simply single out the bad apples of the bunch. The very nature of the technology prevents that as to gain some compression advanges in the digital technology.
    • The NSA doesnt give a damn about crypto. if its out there, im willing to bet they can crack it. the FBI on the other hand cant crack it so they need laws. The FBI has never been extremely technically knowledgeable. the NSA they have the best and the brightest with the machinary behind them
    • I think that any crypto built into hardware sold to consumers will be deeply flawed. So far, this has been true. The crypto is too strong for the casual hobbyist, but easy for the government to crack. You mention 802.11 encryption. Recently, researchers at AT&T implemented a previous theorized attack that allows a notebook computer to penetrate 802.11's WEP (wired equivalent privacy) crypto.

      Eventually they will get smart enough to make crypto that isn't obviously flawed. The flaws will only be visible to those in on the secret. This is called 'red threading'. Anyhow, the fundamental problem is that making chips is hard and expensive, and chips are opaque to users. Chip makers are very vulnerable to pressure from government agencies. However, so far I don't think they need much pressure - industry associations keep standardizing on bad, flawed cryptosystems.
  • Why would that be a concern if you got nothing to hide? I mean, Big Brother is not so bad if you are a lay abbiding citizen and even if you are not, I don't think he cares much about you smoking drugs or going over speed limit.
    • Then you won't mind if Big Bro installs a GPS device in your car to track how fast you're driving. If you go over the limit, automatic fine!

      After all, you're just a law abiding citizen, right?

      (FYI, a rental car company(ACME) did just that.)

      And if this system helps the government track your movements as a bonus, well, we can trust them to discard this information.
  • The FBI has already got a Wireless Carnivore [i-want-a-website.com]. It only effects CPIP right now, but it's a disturbing start.
  • "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
  • I've been thinking about Carnivore a lot lately and it's not so repulsive as I first imagined it to be. They probably should have picked a much more PR name for this then the connotation that Carnivore invokes, but I digress. From what I've read Carnivore only filters/captures data (wireless or otherwise) from specifically targeted individuals. It would reason to stand that the villains of tomorrow will use the Internet (are already using the Internet) to plan, coordinate, and research their illegal activities.

    If Carnivore can stop someone from shooting up a school where my kid is, without ever having to look at my data, then I have no beef with Carnivore. Yes, the thought of the Feds being able to snoop on your online data is scary, but it's the price we have to pay for safety. They need a warrant to enter your house, and they need a warrant to use Carnivore to snoop on your data, it's really nothing new.
    • From what I've read Carnivore only filters/captures data (wireless or otherwise) from specifically targeted individuals.


      From what I've heard, Bill Clinton did not have sex with that woman Monica Lewinsky and Gary Condit is a dedicated family man.

    • If you wish to stop school shootings you do not do it by infringing my personal rights. The government is using sick examples for a reason to infringe everyones rights.
    • If Carnivore can stop someone from shooting up a school where my kid is

      Honestly, do you really think Carnivore would stop that? If the Feds had cause to think a kid was going to shoot up a school, they won't need Carnivore to prove it. Or, more likely, they won't be checking the kid's e-mail until *after* the fact.
    • Seriously. Which are you?

      In one sentence, you say you hope Carnivore can stop school shootings. In another in the same paragraph, you say you think they'll only search the emails of people for whom they have a warrant.

      Do you see the problem? Even if the school shooters were sending out emails with the subject "Re: Upcoming massacre of our peers" (ludicrous in and of itself), the email would never be found because the FBI wouldn't have a warrant for a couple of school kids who as of yet had done nothing wrong! The only way they'd find it was if they were searching _all_ email for keywords. So to get your supposed benefit, they will be looking at your data.

      The price we have to pay for safety? No. No. No. I'm sick of explaining. If you want safety, turn your house into a fortress and never let yourself or your kids venture outside. Leave me and my rights alone.
  • Plutonium, uranium, kiddie-porn, terrorism, bomb making, marijuana, pot, cocaine, J edgar hoover, herion, crack, blowing up, intern sex, kill the president, nuclear bomb, top-secret, russian, meth, lab, electronic bug, whitehouse, mueller bullet, iraq, bin laden, mob,...

    I have 2 words to say to you FBI and they ain't merry christmas!
  • Does any one know what would happen to someone not in the states if the FBI cought something interesting from me on the web for instance. Since i'm not from the states could they even touch me? I guess my government would have a thing or two to say about it since the jail time in the states vs sweden are a lot different etc. Does any one know?
  • Okay, how many of us, if we were inclined to do something illegal and talk about it or plan it via e-mail, would send messages Carnivore can see anyway? I don't think the criminals are that stupid, at least not those Carnivore puports to be searching for. I would also think the FBI would brag about any collars they made, in part, because of Carnivore. So where are all the terrorists they've captured?

    I think that Carnivore is another attempt at monitoring where a scare tactic was used to get it implemented. It doesn't work on those it's intended to work on, but works fine for those that should not be monitored.
  • Carnivore could intercept a copyright-protected transmission without permission from the copyright holder. The fact that it is not intended to do so (at least according to its supporters) and is not supposed to be used for that is moot; if it can, its mere existence is illegal under the DMCA.

    Of course, IANAL and with "justice" going to the highest bidder I'm not optimistic about this technicality being worth anything.
  • I mean, hello!? Carnivore saves furry little kittens [wired.com]. The real question is; why do Slashdotters endorse the virtual torture and murder of innocent little replicas of a baby kittens??
  • Civil liberties advocates and some lawmakers have expressed concerns because the system could scan private communication about legal activities of others besides those under investigation.

    Could scan? Could? It hasn't already? They say this like it's an option that can be turned on or off.

  • I don't know how other peoples phones work, but I know that my phones sms is email based anyway, which is what I suspect most networks in the US are using. IMHE (in my humble experience) the only time that I have ever met a network in the US that appears to be using any TRUE based SMS network was Powertel. Now I'm on the east coast, and I know that TRUE-GSM900/1900 sim based PCS systems have been more widely used there *or so I've been told* in my personal experience, out of five different carriers I've used, and dozens my friends have used, our 'SMS' messages have always been sent in email format, just without all the header junk. Seems like this won't really require THAT much modification to the Carnivore system if it works like they say it does.

    Of course [BOMB] I am not sure that [Terrorist] [Echelon] Carnivore isn't [2600] anything except a [hacker] paper tiger, [UN] or in this [FBI] case, a paper [Area 51] Dinosaur. :)
  • Briefly:

    I've worked with non-US federal policing agencies. They've had the challenge to protect _their_own_ datastreams from the bad guys. Try this sometime over 14.4 or 9600 bps links. Even 28.8. And try doing it with a large organization with hundreds of members where biometric keying or hardware keys would be prohibitively expensive and management of public keyrings would be very involved and extensive. No small feat.

    Encryption (due to overhead on embedded (read: often old) processors and via slow wireless links) can be pretty ugly. But the opposition (the Mob, other bad guys) can crack some of the low-overhead encryptions in real-time on common PC hardware.

    This set of problems will continue to plague cellphone users as well. The low data rate of most cell nets make practical encryption difficult and most users aren't up to the challenges of key management. Most can't even stop their VCR flashing 12:00 .

    It would be nice if some cell network came out with a system that was high bandwidth and that allowed the end user to load his own encryption and authentication software (and maybe that had some interface for hardware keys). But the odds of this happening are pretty low.

    Any anyone who thinks the public has nothing to worry about if they are not a criminal and that the cops can be trusted entirely because their are punishments.... oh boy are you naive!

    Most cops are good folks trying to do a crappy job and stop scum. But, who is or is not a criminal is sometimes debatable and if you'll note trends via DMCA and other legislation, this is more and more being defined in a corporate manner and not necessarily along lines we'd all appreciate.

    And not every cop is a good guy (they get some bad apples too). If you get taken advantage of, is it much consolation that they cop in question eventually gets punished (if that happens)? I think not.

    So, do you depend on the action of someone else (a politician passing legislation, a police watchdog agency trying to keep an eye on things, the integrity of the cop or the tech reading your email, etc) to secure yourself? I suppose you might if you enjoy playing the lottery or going to casinos. This is the equivalent of driving in a car without crumple zones or seatbelts because you're pretty sure the other drivers are competent and their is legislation to prevent them from doing wrong and punish them if they do.
    Does this seem sensible?

    Take some steps to defend yourself. Watch what you say in voice or email correspondences if they aren't heavily encrypted. Heck, just watch what you get involved in! And support the EFF and FSF and the ACLU and other liberty-defending organizations. Freedom is not a state of being, it is a continuum and where your country sits on that continuum varies... central control and strong government forces (and corporatist) forces pull one way... maybe citizens interested in freedom and quality of life should pull the other... often by the time you discover your Freedom has eroded to an unacceptable level, it is kind of late to do much about it.

    Tomb

    PS - No, I am not a crackpot. ;)
    • I don't understand the tradeoff between bandwidth and encryption that you posit. When you feed cleartext through a block cipher, the result is roughly the same size (rounded up to the block size, typically 8 bytes). If you use a stream cipher like RC4, the encrypted product is the same size as the cleartext. So encryption won't make a 14.4 link any slower.

      Maybe you're talking about public key encryption used to establish a session key? I don't think it's enough to really impact your bandwidth.
  • Didn't we just hear that wireless security was broken and an exploit published? I'm all for limits on law enforcement, but it's a bit silly if some guy driving by in a car can monitor your network, but the FBI can't...

    The issue with carnivore is that it will be put at ISPs on parts of the network where most people can't listen; for this reason it can invade privary, and thus requires a court order (in theory). But wireless networks can be passively sniffed without any government powers, so it's much less of an issue.

/earth: file system full.

Working...