Slashdot Mirror
Earthlink Refuses To Install Carnivore
A reader wrote in with story on C|Net that Earthlink has said that it will *not* install Carnivore, the FBI mail snoop program. Earthlink has said that it will cause disruptions to their customers, and thus refuses to install it. I'd say that's valid. Cringley has a story where he suggests that Carnivore is really about giving the government the power to shut down the Internet.
With all these free services out there, I'm glad I'm paying for something.
--
www.worldforge.org
This is great! I'm glad that someone is standing up for what is right in this situation. I'm not cracker/hacker whatever term you prefer but the government has no business reading my email no matter what its about!
Never knock on Death's door:
The Anti-Blog
go earthlink,they have great service nice bandwidth, plus 'blink' you gotta love blink. now they're standing up to the Fed, wooohooo, customer for life baby. on a serious note though, i'm glad to hear this, even though the issue is technical (protecting service to customer) as opposed to our rights to privacy. the internet started out as a place to be free in expression and a place to be heard but with every free speech news article I read I fear this is becoming less and less so.
U.S. Attorney General Janet Reno said she will review the FBI's Carnivore system for intercepting email from criminal suspects to address privacy concerns.
Boy! I hope she gets Al Gore to help her out... She'll probably need it and since he invented the internet, I'm sure he can help her understand how it works.
---
I believe the article says that they did install it but due to incompatibility issues with the operating system it was removed. Since it basically broke their service it was removed. They didn't say that they wouldn't install one. Although I could be wrong. Been there before.
Wow, they have some serious balls. Perhaps they should think of going into porn when the FBI shuts their asses down. Very cool though. It's good not to just submit to monitoring, but what will happen to them now?
Eh...
The article says they are not putting it on because it is incompatible with there system, would cause disruptions, and needs some technological modifications. They are CONCERNED about privacy issues, but didn't say no based on that. Unless this is just a delay tactic to try to build a case against Carnivore, it'll probably just go away once the FBI patches the system
Bet the FBI is calling Microsoft tech support right now . . .
Linux Guy/Wandering Bard/Resident Kilt Wearing Whisky Swiller
At a typical big-name colocation center, you get one or two 100 Mbps ethernet drops, or a gigabit ethernet drop, and maybe a few WAN drops into your cage. The ethernet drops go to some big honkin switch somewhere which you share with zero or more other customers, depending on the size of your installation. In at least the colocation centers I have dealt with (Exodus, Level 3, and Concentric), using promiscuous mode on any interface connected to a shared switched segment gets you shut down fast. So I wonder what Cringley is talking about when he says that every box in the colo center could be a sniffer.
Remember, the RIAA and MPAA are both carrying out their little crusades in the name of 'business' reasons.
"See, we plan ahead! That way, we never have to do anything now."
I think Monty needs to go out more often and get some fresh air. Sit in the sun a bit, get some colour. Maybe even go to the movies or something.
Looks like he's been coding for way too long.
I've used Earthlink until I recently obtained SWBELL DSL. (Why did I switch? Because paying an extra $20.00 a month for a different ISP didn't seem very logical. Of course Bell is being sued for this very reason, but..) Their service has been great. I've never, ever got a busy signal. Customer service was always good. They had proprietary connect software, but you were NOT required to use it. And they supported alternative operating systems. (At last count I ran OS/2, BeOS, Linux, NT 4, and 2000.) I think it's great that one of the largest ISPs would refuse to put Carnivore in place. If one stands up, maybe more will, and perhaps this beast can be put to rest. Hell, if the FBI wanted to put a machine on *my* WAN they'd sure as hell have to give me a warrant or judgement specifically authorizing it.
My reality check bounced.
I'm glad that Earthlink has done this; with any amount of luck, it will set a precedent that other ISPs will follow. This whole Carnivore deal is a disaster looking for a place to happen, and thankfully, Earthlink said "not here". I find it difficult to believe that any rational person would think that using this thing is OK. Wouldn't it be quite a bit easier for the FBI, etc. to get the ISP to forward a suspect's mail to them? Not that I agree with this tactic either, but it's a hell of a lot less invasive than sifting through the headers of everybody's mail in order to find the mail you want. I suppose that the FBI could be insanely paranoid and worry that the ISPs are all part of an evil worldwide conglomerate that is conspiring to keep information from them.
---------
"There's no swimming in the heavy water, no playing in the acid rain.
"To hope's end I rode and to heart's breaking: Now for wrath, now for ruin and a red nightfall!"
glad to see that someone is standing up. its even cooler they have a valid reason to. does it make anyone else sick how much power the government thinks they have?
JediLuke
JediLuke
-Do or Do Not, There is no Try
I think it's great that the FBI is using Carnivore, though. I mean, what better way to promote the usage of newer, secure protocols such as IPsec, Secure Shell, SCP, and privacy suites such as Pretty Good Privacy? And what better way, I ask you, to promote the retirement of older, flaky, insecure protocols like telnet and FTP?
Well, something will eventually make people switch. Might as well be the Feds.
Still, I think Earthlink is justified in denying the FBI the ability to shut off their service at random. That's just too much power, plain and simple. I hope they take this to court and win.
Free music from Jack Merlot.
You'll install it, you have no choice. But I doubt you'll be nearly as brazen in the announcement that it was installed as you were in your announcement that it would not be.
Accuse me of having little faith, but I believe that until we rearchitecture the network to utterly defeat measures like this (transparent crypto?) the government will continue to use its machinery to coerce and manipulate the key internet players. Witness the "NSA key" in Windows 95/98/NT/W2K. Note how long until we found out about Echelon. Read how cryptography.. essentially a collection of mathematical formulas.. is classified as "munitions". The CDA, the DMCA, and a plethora of riders to innocent-sounding bills that we probably still haven't become public knowledge.
Someday, someone is going to need to devise a technical solution to these political problems. This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press. Literally, with the click of a mouse button, we can go public with thousands of pages of information, blow the lids off back-office politics, and empower the average citizen to take back their democracy and demand their rights. This is why of all the new laws being passed, it is against "computer crime" (civil disobedience by another name) is being targetted with the most extreme forms of retribution our legal system has to offer. $300k fines? 10 years in jail? These are punishments that most people conviced of felony manslaughter don't get.
Good luck Earthlink.. but this ain't how you're going to beat them. If you want to beat them, adopt IPv6, and give your customers end-to-end encryption. Then.. go ahead and let them install omnivore. A boat load of good it'll do them then!
Wow.
I must say, I'm impressed.
Most corporations don't often show much in the way of morality or ethics, and you can't really expect them too. Any publicly held company has to report to their shareholders, and if they start taking moral stands at the risk of stock value, they can get hit with due dilligence lawsuits from their shareholders. Most companies that espouse morals and principles do it as part of a corporate image, which in turn drives profits. (i.e. Microsoft exists to innovate and make computers better, Apple is brought to you by Einstein, because they think different)
So it's very rare the companies have the metaphorical balls to do shit like this. I don't know much about Earthlink, but they have my respect now.
I hope they don't get raped by the gov for this.
The issue is the lack of independent inspection of what is in this Carnivore box. The ISP only has the FBI's word that it is not doing any improper snooping. Who knows what else it might be scanning for.
Reno has promised to check things out, but even granting her good intentions she is at the mercy of reports prepared by her underlings.
If such boxes are to be built and installed then the software they run should be open to inspection and the precise description of the files to be snooped should be part of the warrant. (I take it these things do need a warrant....)
Paul.
You are lost in a twisty maze of little standards, all different.
That is nice to know that a comapany will be willing to go up agains the FBI to protect its costomers interests. I only hope that there are no major ramification agains them, you know how the govoment can be when it dose not get it's way. I wonder when the IRS will look to audit them
Why would they want to do that? There's no real reason that I can think of, unless they want to destroy the U.S. economy in one fell stroke.
Instead, I suggest that they're using Carnivore as the thin edge of a very big wedge. Sure, they could sniff email traffic without a big black box. But by using a box, they get access to ISP premises every time they get a wiretap order.
With big ISPs, they'll probably be installing those things several times a year. Eventually they'll be able to say "hey, why don't you just let us leave this thing plugged in?".
Then, rather than having to go and plug in their big black box every time they get a wiretap order, they'll have the boxes all plugged in all the time.
And that's when we'll find out that those boxes can do stateful packet inspection if asked. Next thing you know, they'll be able to physically prevent you from seeing "unauthorized" data on offshore servers. Kiss that data-haven goodbye.
. . . but then again, I'm feeling paranoid today.
I have no
Doesn't it bother anyone that Earthlink is doing this because of customer disruption rather than privacy concerns?
Encrypt your email -- screw the FBI.
--
Wooden armaments to battle your imaginary foes!
It is rather sad the amount of truth in this article. Of course the US govt would only shut ... and all the traffic that goes through the US from Europe to South America/Asia and vice versa.
:/]
down the US side of it
Having gone through the case files of what the FBI has done in the past.. I dont trust it any further than I could through an elephant. [Not to say all FBI people are evil mind sucking people.. just enough in high places to sour the reputations of the genuine law-abiding and upholding ones below.]
Stephen Smoogen [going to check in 5 years to see whats in my secret file
-- SJS smooge at smoogespace dot com
Yeah. Just where do citizens get the idea that they actually have a say in their own government? Its not like 200 years ago we threw out an oppressive regime that did not represent us JUST so we could vote and have elections and have LIMITS on police powers.
at least the government is technically democratically accountable to their actions
It's a good thing that there isn't some megalomaniacal corporation that's trying to do the same thing by implanting subliminal messages into their OS to make us into tame little sheep (which by the way causes the system to crash often).... :)
- passion
I do love how we all feel that the Internet is a god-given right.
On a day to day basis, I think most of us forget that the internet evolved out of a government program and not through open-source advocacy.
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion. No, they can not block you from sending or receiving, but they can look if they have substantial evidence. And yes, there are laws to make sure that they aren't looking unless they have substantial reason to be looking.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
so instead of whining about your god given right to snoop-free internet access, actively protect yourself by encrypting your emails if your privacy is so important to you.
Power the Goverment wants power to control what people do and see. I do believe there is some concern about safety, but this is more on keep people in check making sure we are a danger to ourselves.
Somebody has to, and they're in a better position than most.
/.
/. If the government wants us to respect the law, it should set a better example.
Letters were private,
Then e-mail came. Smile, people,
You're on camera!
Donate background CPU time to fight cancer.
To all of those who are posting the 'one more reason to use encryption' posts, do you honestly think that big brother won't just set up they're box to save and store all encrypted communication? or add the sender and reciever to a special 'potential trouble' list. And yes, they can tell if it's encrypted, because encryption, or at least good encryption, does obey a certain statistical pattern (i.e. plaintext will be have a high percentage of recurring character, while ciphertext should be totally random). Granted, compression does something simialer, but still -- I'm on enough lists as it is!
I found this quote on cnet's article about the aclu's objection especially telling "Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company's customers, with the 'assurance' that the FBI will record only conversations of the specified target," read the letter. "This 'trust us, we are the government' approach is the antithesis of the procedures required under our wiretapping laws."
Show up at every ISP with a SWAT team and shut off the power.
Cut the big pipes that carry traffic up and down the east coast (or cross-country... hey, it wouldn't bring the internet down, but it would slow it up considerably.)
Face it, the US government has the resources and manpower to do just about whatever it wants to the US portion of the Internet. Problem is, NONE OF THOSE OPTIONS WOULD BE LEGAL! And neither would using the Carnivore's to cut off a legitimate ISP. I can't believe a court would allow that under anythign but the most severe circumstances. As the Microsoft case has shown, most federal judges (even those like Jackson with little technical expertise) are pretty bright guys. They can catch on to the issues quickly and see what's truly important.
So relax. I mean it. Life's too short...
"Fifty million Americans can't be wrong," said Rep. Billy Tauzin. Gore - 50,999,897 Bush - 50,456,002
As a canadian customer of @Home (don't knock it, it's the only game in town), I wonder if my own email is flowing through some american justice/intelligence agency's hands on a daily basis? It wouldn't surprise me in the least to learn that I'm sharing the same infrastructure as the american customers of @Home - and in that case it would seem obvious that @Home wouldn't bother separating our traffic out. Most of the time we canadians can sit up here and shake our heads at the U.S. government's thick-headedness with regards to the internet, safe in the assumption that for the most part they can't touch us. In this case however, it looks like they just might have their grubby hands sifting through our lives too. This is not to imply that the canadian government's intrusion would be any more preferable (in fact, probably quite the opposite - CSIS is not well-known for respecting privacy or having proper oversight), but at least in theory they are accountable to me in some way. The FBI and CIA are not.
"So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
Even IBM's new monster machine couldn't sort through all of the spam that earthlink gets fast enough to not slow the service down.
Every single day it's "Find Out About Anyone Fast!" or "Find [Out] About (Anyone) Fast!"
You can't even add rules to outlook fast enough to keep up with it all. It'd be a full-time job.
Hmmm... There's already talk about CPO, Chief Privacy Officer, how about a CSO - Chief Spam Officer... Somebody who sets the spam rules for an entire corporation...
What's with the "Officer" anyway? We're not in the military...
Remember that "the" government can only shutdown the Internet in the US. It does not have the power to "shut down the Internet"!
http://www.blitzbasic.com/
Graphics3D 640, 480
You mean besides the fact that the FBI's request is a violation of the fourth amendment?
Cringeley is right to be concerned about the CPOF implications of having FBI-controlled boxen sitting at the edges of American ISPs, though. Think about this in the context of the Internet Gambling Ban headed down the pike. Or the Drug information censorship act (aka, "Methamphetamine Anti-Proliferation Act", now buried in a bankruptcy-reform bill in conference). Sure the courts will probably strike down the prior-restraint provisions of the latter, but imagine a bill that doesn't address the publishing, but merely gives the FBI authority to "kill-file" a certain class of sites at the ISP level, without actually restricting the right to publish per se.
Having consulted on a computer crime case for the FDLE, I've seen the "us-against-them" mentality inside the investigative law enforcement community first hand. "Them" doesn't mean just "criminals" either - from the LE perspective, there are only 3 types of people in the world: cops, convicts, and suspects. That the FBI (with their sterling history since the days of J. Edgar) would be on the leading-edge of such surveillance/enforcement techniques is wholly unsurprising to me.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
As cool as it is for Earthlink to stand up to the Feds, I have to wonder how long it can last. If Reno signs off on this software the FBI should have no trouble getting a court order forcing Earthlink to allow the software to be installed following the "Better to disrupt a few users than to let a criminal get away". If this does happen Earthlink will undoubtedly challenge it in court...I wonder what the outcome would be...
I stole this sig from a more creative user.
From the text of the story it's pretty obvious that EarthLink didn't refuse to install the Carnivore system out of any concern for the privacy of their users, but because it didn't *function* with the system and caused disruptions to service. Users would notice the disruptions and complain, causing EarthLink a headache. Of course, most users probably don't know enough to care about their privacy online, so they won't raise a fuss about having every piece of E-mail they send out scanned by the FBI and EarthLink won't have a headache about that.
Sorry to rain on the parade, but it's a little early to be celebrating a moral victory just yet.
--Brogdon
This tagline is umop apisdn.
It filters packets, finds e-mail going to and from identified criminals, and saves that e-mail for later decryption and analysis.
Wow, why don't they just go after these foul pesky identified 'criminals' if they know where their e-mail is coming from!?
Hey, does this mean I should stop uploading MP3s onto Usenet?
Pope
Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
It doesn't mean much now, it's built for the future.
Now, I'm not going to debate the merits/dangers of carnivore here, I just want to point out a few 'inacuracies' from Cringley's column.
Every ISP I've ever seen, been in, or worked at used (at the very least) layer 2 switches to isolate colo'd servers. Some would even go as far as layer 3 switching and subnetting. How on earth does Cringley think that any colo'd server could sniff an entire ISP's network?
I used to think that Cringley had at least a modicum of clue, but now I wonder. In an earlier part of his column, he suggests that every router could be set up to re-direct E-mail to the FBI with 'just a few lines' of configuration in the router. What a bunch of crap! Filtering E-mail requires access to the application layer, not the network layer as most ISP's routers would look at. And to suggest that such a scheme would inflict no penalty on teh routers is just ludicrous. Jumping from layer 3 routing to layer 7 routing would be a serious hit, especially on a GB level router.
sigh.... Unfortunately, I suppose there are people in this world that are ignorant enough to write stuff like that, let alone buy it.
Think outside the... Hey, where'd the friggin' box go?
Vive La Liberte! joel
Such is the infinite Grace of Popeye.
I know next to nothing about the secure protocols mentioned above. I'd like to know more about how to use PGP, SSH, and others, but don't know anything about them. What's a good place to learn about the secure protocols offered and how to implement them?
Quidquid latine dictum sit, altum viditur.
I only post comments when someone on the internet is wrong.
I take issue with Cringley statement that implies that all ISP's are dumb enough to allow co-lo to sniff the network. Some perhaps, but as someone who's worked at a number of ISP's I can say that most co-lo's are segmented into their own network. Usually at the very least by the use of a switching hub. The worst I've seen is some co-lo's sharing the same network, but I've never seen co-lo's allowed on the same network as the production ISP boxes. Give ISP's some credit!
Firstly, kudos to Earthlink for standing up to the FBI. I'm not a US citizen, but we all know this sort of activity goes on all over the world (can anyone say Echelon?). Ultimately though, what we have to remember is that email is an incsecure medium in its standard form. How do we protect our privacy? Well, using GNU Privacy Guard is a good place to start. If we all encrypted all our emails governments wouldn't be tempted to try this sort of thing - because they'd know it wouldn't work.
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
If you can sniff a connection, you can send TCP RST's to both ends.
-russ
Don't piss off The Angry Economist
The funny thing is the fact that the NSA has been monitoring communication for awhile now. What we have with Carnivore is an opportunity to educate the public about the duplicity of both government and business. Yes, you can monitor and there are enough weak points to do so without the fanfare but shutdown is a whole new thing. The net has the myth of chaos and freedom -- 2 things that business and government are suspicious of. Combine that with a lack of knowledge and a lust for power - pretty heady stuff. Let the FBI and The Man to have publicity fiascos so that people start getting the message - you are not as safe as you think. Also, it pushes the people already online to go for freer networks.
I think that cringly(sp?) is a little off on his deduction. In Theory, the government could shutdown the internet but shutting down thier routing thus all traffic coming in or out stops at thier sealed box. But, I do not believe that is the purpose.
Right now the internet is out of control in the minds of the govt. It is the one thing that they haven't figured out how to tax. So, they put these boxes in the major areas, track you and figure out what you are buying, where you are coming from and then they can apply the appropiate tax to you. Govt gets its money and you get to be tracked and watched like a bad TV series. Nice eh?
I may be off but I may be right....and that's the scary thing.
Accuse me of having little faith, but I believe that until we rearchitecture the network to utterly defeat measures like this (transparent crypto?) the government will continue to use its machinery to coerce and manipulate the key internet players.
Somehow I think that there won't ever be any way to "utterly defeat" measures like this - what you have to remember is that the government has its own store of geeks working on these projects, and since they've got a) better equipment and resources and b) a lot more time I think they'll defeat any half-baked measures you do manage to implement.
Someday, someone is going to need to devise a technical solution to these political problems.
Rubbish. Political problems have political solutions. You can't just write a piece of code to deal with it. This kind of blinkered techno-centric attitude is typical of /.ers who spend all their time online rather than interacting with other people.
This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good.
LOL! You're full of it today.
We are in control of the ultimate modern day press. Literally, with the click of a mouse button, we can go public with thousands of pages of information, blow the lids off back-office politics, and empower the average citizen to take back their democracy and demand their rights.
What, like /.? You make me want to cry, I honestly think I've gotten dumber by reading your drivel. Nobody cares about what you say or do, because people have more important things to think about than whether you can download MP3s for free or not.
is why of all the new laws being passed, it is against "computer crime" (civil disobedience by another name) is being targetted with the most extreme forms of retribution our legal system has to offer.
It's because of the vast damage that hackers can do with their illegal backdoor penetrations of other people's sites. And unless this sort of thing is clamped down upon, hackers will continue to do it because they think that a) they're better than anyone else and b) the real world and other people's livelihoods are just some kind of fantasy game.
If you want to beat them, adopt IPv6, and give your customers end-to-end encryption. Then.. go ahead and let them install omnivore. A boat load of good it'll do them then!
For all of six weeks until the FBI cracks it.
I haven't read this must rubbish for a while, Siggy. Back to karma whoring eh?
---
Jon E. Erikson
Jon Erikson, IT guru
When so many companies have no qualms about pulling user's sites when there is one person who disagrees with it, or when they get a CaD letter from a lawyer, it is great to see a company standing up for its users. If a company like EarthLink has the guts to stand up against the FBI, maybe other companies will to.
But do they have my best interest in mind? I doubt it...
wish
---
If the government wanted to shut down the internet in a hurry all they'd have to do is pay MS a few million dollars and they'd send out the Secret Signal and revoke all of the browser and server licenses.
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion.
I get so tired of people using the word "right" when they mean privelege.
The FBI doesn't have any "rights" whatsoever, constitutional or otherwise. They have priveleges, vast priveleges extended to them by congress and upheld by courts who are more concerned with expediency than they are the constitution, much less individual civil liberties.
These priveleges include wiretapping. However, if the various government agencies continue to abuse these priveleges, congress or the courts could pass a law, or make a ruling, to place additional limits on that privelege, or revoke it entirely.
Not that either institution is likely to display such courage, but they could if they so chose.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
Again, we have the privelege of being able to use encryption to prevent snooping.
We desperately need a constitutional amendment guaranteeing us a right to privacy, including encryption and control of our data.
Our forfathers took the right to privacy to be a given, and only really anticipated one possible abuse of it, which they explicitly disallowed in the constitution. Had they taken the subject up more generally this wouldn't be a problem, but alas, they considered privacy in large part to be a given and didn't explicitly write it into the constitution as a right. While they could extrapolate many threats to our democracy, they never dreamed of the kinds of intrusions into our private lives we now take for granted, and are no doubt spinning in their graves as I type this. As a result, a right we all perceive ourselves is woefully missing from our most fundamental law, with the kind of auful results we read about here on slashdot nearly every week.
Alas, I am about as optomistic about congress and the states enacting a constitutional amendment to protect our privacy as I am about NASA getting a reasonable level of funding. The chances in both cases are unfortunately nil.
The Future of Human Evolution: Autonomy
Taking a stand with the FBI is a risky position if you are a smaller ( 20,000 users) ISP. Earthlink has the legal and financal means to defend actions it believes are wrong.
A head systems admin at a major University once warned me about crossing the FBI. It's a very quick way of going out of business. He made it very clear that the FBI is aware of the economics of ISP's. If you're down for more then a few minutes you'll start to lose customers. ISPs that go against the feds find out pretty quickly that all they have to do is confiscate all your equiptment as evidence. Maybe after a year or so you'll get your stuff back.
I can picture the feds in front of the judge now: "Well your honor, we wanted to place a monitor on the network but they would not allow us to. The only recourse we have is to take the computers and examine the hard drives."
Bam, Feds come knocking on your door, they leave with a bunch of computers, next week all your customers are gone and you've got bills to pay.
According to the people who founded the US, anyway.
Why would the government try to shut down the Internet (or the Intranet, for those in the know *wink* *wink*) when Al Gore invented it?
Thank you, Mr. Moderator, you may now rank accordingly.
Earthlink may look good today, but don't think their interests are entirely on your side. In the past, they have privately expressed interest in collecting all sorts of personal data on their users and their users' use of the internet (what web sites you visit, what newsgroups you read and post to, who you exchange email with). My guess at the time (I was working for a software vendor whose product Earthlink was interested in, which they wanted modified to collect this data) was that they wanted to invade everyone's privacy for purely commercial reasons, to resell the information to direct marketers. Keep this in mind before you start thinking that Earthlink is all of a sudden this great defender of privacy.
Here's a scenario: If I accept as a given that my email is likely passing through FBI hands, then it has at least the possibility of being monitored. So I must wonder how long it will be before I am turned back at the border for some off-handed sarcastic comment about american policies which I make in the context of a private discussion? My relatively leftist/anarchic views conflict on a daily basis with mainstream american policy, so I may well already have a file open on me in some FBI database. A chilling thought.
"So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
Shut the Internet down.
How many times do you Americans have to make this mistake?
THE U.S. ARE NOT THE ONLY COUNTRY THAT ARE CONNECTED TO THE INTERNET!!!
Okay, so if the FBI does this, they can shut down all sites in the USA. Although many sites will stop working then, how about the rest of the world? Not a problem there!
So I think speaking of 'Shutting down the internet' is a little exaggarating.
Every expression is true, for a given value of 'true'
there's also laws in place to prevent cops from pulling me over for no reason, dragging me downtown, giving me unwarranted tickets, and just being harassing jerks in general.
yet this still occurs fairly regularly (and no i'm not saying all cops are bad, just that there are a lot of bad ones and i tend to run into them), to people all over (luckily i've avoided being taken downtown
the point is, they shouldn't have this kind of power. if they need to read my e-mail, and they have reason to believe i've done something naughty fine, get a warrant, and go in and get my e-mail then. they should not have the power to read everyone's e-mail any time they want.
power corrupts, absolute power corrupts absolutely.
period.
...dave
Think different? I'd be happy if most people would just think...
The FBI for coming up with this thing or Sprint for even allowing them to connect it in the first place.
I just love how law enforcement feels how they can invade the privacy of everyone because there are only a few people who are causing the problems.
This is just plain lunacy, pure and simple.
I hope the feds do get the system working on earthlink. Then I'll sign up for an account and send e-mail back and forth to a hot mail account about drug deals, child porn or even plots to overthrow the goverment. Maybe if I e-mail some ufo conspiracy stuff I'll get to meet Scully and Mulder!
It's more likely they'll spend huge amounts of time and money reading how little billy has finally learned to use the toilet. In my experience most e-mail people send is so boring you could use it to put the enemy to sleep.
Yet another federal program created to waste any budget surplus!
please crack one of these so-called "Black Boxes"?
If it's running Windows xx then we can crack the security, and if it's running a Linux variant we can subpoena the source-code from the FBI.
Of course, if it's running Solaris, we're buggered.
But I wouldn't mind getting a look at the working of one of these...
Okay, just for a moment, let's cut all the X-Files government conspiracy paanoia bullcrap and look at this thing at face value.
(Note: This is all educated guesswork, I'm quit probably wrong on some of it) It grabs the header of the email, checks the To: and From: fields (and probably the CC, BCC, ETC fields) to see if there's a match against the address fo whoever it's looking for. Probably does a check on IP addresses, too. If it is, it checks the subject line to see if it's something useful, and then (wether or not it seems useful, otherwise, it'd be easy to get around), puts the message into a file for humans to look at later.
Okay, so, this 'box' has the ability to see who you're sending emails to and their subject. For practical reasons, it probably has some more of spam-beater set up, and more than likely doesn't have a lot of output unless the person being watched is doing a lot of emailing.
The point of all this? Anyone doing anything to get the FBI interested in them will be smart enough to have a web-based anonymous email adress somewhere. The rest of us are, unless the FBI is a dark and sinister agency with a need for power, not going to have anything happen to us. No harm, no foul.
Unless, of course, those Carnivore boxes include mini-tacnukes, designed to help bring down the 'net permenantly. But then, that's just a conspiracy theory...
Well, duh; most people look out for their own interests first. The trick is finding enough common ground to work with.
For instance, I don't think that software companies lobbied against Clipper, crypto export regs, etc because they care about my privacy. They did it because the government's policies interfered with their ability to make money. That doesn't change the fact that the lobbying work was beneficial.
There isn't all that much common ground here (Earthlink's objection is stated to be technical, not political), but it does have the beneficial effect of making things a bit more difficult for the government.
/.
/. If the government wants us to respect the law, it should set a better example.
... if the wartime powers act is invoked.
if we go to war (not that far fetched in our day and age, where America has more than a few countries unhappy with it) then the FBI could be empowered to do such a thing under national security.
Check out Magic Firesheep!
I have to take exception with the basic assertion that you can do all this without specialized hardware. For the job they're talking about, special hardware is an absolute necessity, which is why they want to drop a box in.
In my work with VoiP trunking gateways, we use a real sniffer, an HP LAN Analyzer, for both 100 Mbps and Gigabit LAN sniffing. These boxes are highly specialize hardware costing $40000USD. They have 10s of MEGABYTES of fast RAM and analysis happens after the sniff is complete. If the FBI wants to do capture and analysis and filtering in realtime, SPECIAL HARDWARE IS AN ABSOLUTE NECESSITY!
The privacy issues are a real concern but the bottom line is that to do the job they are advertising, they absolutely do need a box. A Linux box, or even a farm of them running your overclocked Alpha/SCSI/133 front-side bus/ just plain ain't gonna make it.
Frank W. Miller
They already have. Huh? To quote The Matrix
Why do you think the second amendment is there, and why do you think the government is trying to take it away?
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
I mean, isn't it really a good thing(tm), since it's indirectly pushing hard for strong crypto's acceptance to stop this stupidity?
At least with corporations, I have the power to tell them that I don't agree with them
The US government can't shut down the Internet. It can shut it off for everyone in the US (if it doesn't violate your constitution) but the Internet hasn't been a US thing for a while now. That was the whole point behind it, no single point of failure, and that includes countries now.
That said, Carnivore is a horrible idea. If the telco can restrict snooping access to particular lines by selecting only the ones used by the persons under investigation, that's fine. Using an undocumented, un-accountable black box to snoop everything going through an ISP is not acceptable; it's tantamount to letting the cops snoop everything on an entire phone exchange because of a single suspect using it.
Amusing thought: How secure are the Carnivore boxen, and how much egg would the FBI have on its face if someone successfully hacked them? If the FBI isn't having nightmares over this possibility, they're not smart enough to be running something like Carnivore.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
That's true, but the internet has no impact on that freedom. Barring you access to internet has no more affect on your right to free speech than a publisher refusing to publish your book.
Not that I agree with the origional poster.
Finkployd
Oh how I wish it weren't so...
Sausage king of chicago
microsoftword.mp3 - it doesn't care that they're not words...
is a minister at church. (Well, former now, but back when he started he was a minister) He was behind the iron curtian before it fell (Or maybe just after), so he had direct expirence with goverments. He kept telling those of us on the net to use pgp. Of course this was 5+ years ago, so gnupg didn't exist.
So use gnupg for God, use it for yourself, but use it.
Although the article does not state as much, it implies that Carnivore will be installed at Earthlink as soon as the bugs are worked out.
-p.
What would be the phone equal to this sniffer? Maybe capturing all calls to a telecomminucations company? This sounds like excess.
Here is Califoria I was under the understanding that we had a right to our privicy. Also, as the head of one of these ISPs who would you want someone reading all of your personal mail.
Nope tracking the bad guys can be better done tapping their home phoneline, which would step on less people's privicy.
What about other countries. I guess they know we snoop and spy on their private citizens, so I guess they're okay with it? Nope, again.
We'll need better protocols, mail user agent, mail transport agents, to combat this. We need liberty in the US! We don't have it.
For all we know this information, which will be of great value to large companies, is making it right into the pockets of large companies. The FBI is working hard to make the world a place safe for Hitler politics. Only the guilty need feer a lack of privicy. Sure.
That information will be used by the highest bidder. In the US we placed money aside for when people get old. This was solial security. The next government to take office just spent the money.
Our goverment is not to be trusted. From the dealings with the native tribes of this land to now, they are killers, liers, cheats, fool, and boardering on evil.
At a time there were great minds heading the US government. They shaped it into a form which would make the tide of coruption slow to a halt. That was one of the design concerns, it seems.
The people of the US enjoy many freedoms and liberties that are denied to us now. They were not taxed, spied on, didn't need a licence to go point A to point B, they could own property and have all the rights to it. What else have we lost over time. What rights?
Where and when is a good time to draw the line?
-- James Dornan AKA Tiger Smile
-- Prepared at the direction of, or to be sent to Legal Counsel, in anticipation of litigation. Attorney Client Pri
Statistical patterns in data have been used for a while in computer forensics.
It's called "ASCII Profiling" and was used against the Black Baron (Story here) about a third of the way down, "Shadow Copies".
Curiously enough, I'm working on something related to this...
...at least about two, very major technical issues:
More technically astute readers may take exception to this idea of private Carnivore boxes since there are ways to isolate ISP traffic and keep one box from seeing all the packets on the ISP network. But at most ISPs, THOSE TECHNIQUES AREN'T USED
Every ISP uses switches. Show me an ISP, let alone a Tier 1 colocation facility, that's using hubs, and I will laugh myself to death. Not only that, but even the smallest ISPs have more than one broadcast domain. Therefore, not every client sees every packet on the network.
"From a network architecture standpoint, the best location for Carnivore is right after the ISP's router"
I'm sorry, I may die laughing from this. The guy thinks Earthlink has "a router"? Let alone AboveNet, Exodus, GlobalCenter... Most decent sized ISPs have tens or hundreds of connections to the internet. There is no one spot that every packet goes through, which is a good thing. Maybe at the smallest dialup POPs, but even if the government could take out every dialup connection, it would hardly count as "shutting down the internet."
This article seems like fearmongering at its least informed, from someone who doesn't understand how ISPs or colocation facilities work. I'm against Carnivore as much as anyone, but let's at least be technically accurate in our paranoia, shall we?
-b
If I wanted a sig I would have filled in that stupid box.
I don't like this state of affairs any more than anyone else. But I do feel the need to point out that there *is* a legitimate reason for the methodology the feds have chosen.
Can you say "Chain of Custody?"
Evidence in criminal investigations is precious stuff. Plenty of cases have been lost by prosecutors when defense attorneys pointed out that the evidence being used against their client *might* not be kosher. Documents could have been altered. Drugs switched. DNA evidence botched. Or any of a zillion other scenarios.
Because of this, law enforcement agencies try their best to enforce an airtight chain of custody on any evidence they acquire. You work in the lab and need to re-test those drugs? The property clerk has to sign off that he let the drugs out of his hands and into the hands of an authorized person. The lab tech has to sign their life away that they now possess the evidence and will handle it in accordance with the law. And there better not be even ten minutes when that evidence is out of the control of a sworn law enforcement officer! That's all it takes to get a case thrown out.
In the case of wiretaps, what's the FBI to do? If they know that evidence may come into existence in the future (which is why they set up the wiretap in the first place), they must make sure that they establish custody of the evidence as soon as possible and never let it out of their hands. Serving a court order on an ISP that says "Hey, would you guys please keep track of this person's email for us? We'll be back to pick it up later." just won't cut it. Any defense attorney worth his salt will point out that email (or whatever) logs *could* have been altered by the ISP employees. In such a scenario, then, the law enforcement officers in the case *cannot* certify that such alteration did not occur because they were not in custody of the evidence at all times.
Defendant goes free. Slam dunk for the defense.
So what's the FBI to do? If 'net taps are legal, how on earth can they be carried out without breaking the chain of custody of the evidence?
Any genius here wanna answer that one?
Personally, I think we need to just make sure that the data gathered is rendered meaningless through ubiquitous encryption. But till that happens and law enforcement agencies give up on the whole concept of 'net taps, I don't see what else they can do *but* try to install boxes that only they control.
Yer right.. I did...
So that means FBI agents can get Earthlink for their personal ISP at a reduced rate....hmmm
This is another view of the world.
it is the fact that the government keeps on expanding its powers that is every bit the problem. As for whether the government invented the internet, it laid the foundation but private work was responsible for most of what we now call the internet. Basically it doesn't matter who made the initial investment, it has an independent life of its own now.
The FBI also is not an agency that I choose to trust. I lost any faith I had in them when I was 11 or 12 and saw Waco on the evening news. I mean come on folks then there was ruby ridge, do we want to trust an agency with our privacy that has no respect for human life?! And no I'm not a republican, I am a libertarian.
In a shock development, noted Karma whore Signal "Siggy" 11 has become a troll! Perhaps demoralised by the constant pressure of the fatwa or "trollslap" launched by his enemies, he released a post full of trollworthy statements. In one post, he combined:
- The incorrect technical statement: Witness the "NSA key" in Windows 95/98/NT/W2K
- The moronic political view: Someday, someone is going to need to devise a technical solution to these political problems
- The ludicrous hyperbole: This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press.
- Another maddeningly silly technical statement: until we rearchitecture the network to utterly defeat measures like this (transparent crypto?)
Clearly, Siggy's move into trolling will put pressure on the established slashdot trolls to compete. In a CNN inteview, streetlawyer, speaking for the notorious inchfan troll collective said Rob Malda was unavailable for comment.-- the most controversial site on the Web
That's true, but the internet has no impact on that freedom. Barring you access to internet has no more affect on your right to free speech than a publisher refusing to publish your book
If Earthlink refuses to sell you internet access, it's the same as a publisher refusing to publish your book.
The FBI (or other government agent) has no right to restrict your internet access (however if you are convicted of a crime it could be a penalty).
While the freedom of speech does have limitations on time and place and method, the supreme court has stated explicitly that the internet is deserving of the very highest level of protection under the first amendment because of it's unprecedented ability to facilitate speech on such a large scale.
So yes, barring access to the internet DOES impact your freedom of speech, no less than barring your access to all libraries or all bookstores...
I'm an investigator. I followed a trail there.
Q.Tell me what the trail was.
Recursive: Adj. See Recursive.
Doesn't it bother anyone that Earthlink is doing this because of customer disruption rather than privacy concerns?
Boy ol' boy, you've got me laughing right now. You actually think that people who are posting "Go Earthlink!!!" read the article to see what it actually says?
Don't you know that slashdot ALWAYS posts the perfect view of an article in the paragraph of the headline page? I mean, it'd be silly to waste your time to read (or even SKIM) an article to see what the author is saying, before posting something about it!
---
--
Time is Nature's way of keeping everything from happening at once... the bitch.
$ cat < /dev/mouse
Clever? What single-dimensional world of strategy do you live on? "I'm not going to try and put your king in checkmate." Who would believe that crap? Who would be stupid enough to believe that people would believe that crap? Something subtler to think about: Does Earthlink, perhaps, have snooper stuff of its own for commercial reasons that it doesn't want detected? Maybe, but who cares, all they can do is send you target ads. Think about the excuse they gave--it would interfere with their service. Would it? Probably not, or at least it wouldn't be difficult to make it so that it wasn't. (They are quite wealthy, you know). I think they were looking for a graceful way to say no to the FBI because they feared customer backlash. If they wanted to hide it, why even say anything? What has AOL said? Nothing. Do they have Carnivore? More than likely. I am an Earthlink user and I don't care why they said no as long as they did. I sent them an e-mail today applauding the decision, but warning them that I would no longer be a customer if they did install it. I ask that all other Earthlink users do the same. It's funny, but in this way we can essentially "bribe" the government (a "bribe" by proxy via Earthlink) to protect the rights they're supposed to be protecting anyway.
FWIW, here is the FBI's policy.
By the way, a sniffer looks for crime, not just tracks it, if the analogy holds... I guess no one liked "Digital Storm."
Last year while I was at school, a friend of mine was playing around wiht network programming. He wrote a relativly simple piece of software. It simply listens to the network and responds to every TCP packet by spoofing the recipient's IP address and closing that connection. He didn't think it would work, but he ran it. It worked. He then realized that he had sshed into his box in his dorm room across campus to do the coding, and that his connection had just been killed. He quickly called one of his suitemates and had them press the power switch. Thankfully, CWRUnet Services never took action against him. It was basically an accident. But, think about it. For a brief period of time, all broadcast traffic on our network came to a schreeching halt. Thankfully, our network is mostly switched ATM. But, if one were to hang a box with a similar tool installed on it off of an ISP's external line, even if it weren't acting as a gateway (ie, even if traffic didn't need to pass through it to get to its destination), it could effectively cut off all connections to and from the ISP. Put such a box on a larger pipe, and you have an internet off switch. Of course, it doesn't work for UDP, so we could all still play Quake3 :)
Now, I don't know that the government would want to be able to turn off the internet. As I understand it, it was originally designed as a communications system that could survive a nucleur exchange. But, I'm not a politician.
vi is my shepard, I shall not font.
Poking around the C-Net stories, they proposed this to be an open sourced project. That way, we would know exactly what it is doing and we could trust it. We have to think about who we actually talking to here. I mean, they still want to place these boxes at the ISP's location. Is there any way that we can monitor the code being ran? In my opinion I would not run the system on my network unless I can compile the code myself and monitor the systems activity.
It raises all sorts of questions like: How do we know they didn't skimp on cost and the Network Card is going to flood my network in a week or two? There are ways around it, but I still would not trust any equipment on my network that I have not personally checked to make sure the equipment is good.
I like the idea of the open sourced project, but we would have to think of a way it could not be abused by either the FBI or the hackers out there. Possibly a MD5 checksum on the code every once in a while in addition to other checks.
Either way, the idea is still scary...
OK, the little black box has been programmed to look for Joe BadGuy. Joe BadGuy is under suspicion for something, we would like to review his email/surfing habits. Example is set in an ISP/Dial-up environment. Joe BadGuy dials in recieves his dynamic IP, and continues to sift through his email and surf. How would the box recognize which pakets are his, or how would it know which IP is his, if they are dynamically allocated? Is the Blck Box tied to a login register with the ISP, or does the ISP have caller ID on all dial-ins and send a message to the box that Hey! Joe BadGuy has called in and is on #.#.#.# Anybody shed somelight on my infantile example.
The electric yellow has got me by the brain banana
The people up in washington, think that are the govenment and can doing anything they want to. Wrong, I am the govenment you are and every American citizen is the government. I dont know about everone else but a system like this just makes me sick. I am going to write a few people in washington when I get home. I suggest everyone else do the same. I think that is time we quit being bullied around and do something about it. It is funny how history repeats it self. You would think we would have learned by now.
What if authors said, NO I own the copyright to that book, you can't let people just borrow them for free. We would have no libaries and would no where close to where we are today.
The FBI is saying their intention is to watch crimals is BULLSHIT, the people that we allow to abuse their power are scared, becuase the internet is not something that they can have complete control over. A team will not work if one person tries to have complete control. We all must be willing to play on the same team, if this great country is to survive.
When this country was in it infanticy the main worry was a central government that was too strong and would not be a team player. Well people we are there. It is time we do something about. Use our power as the government and fix this problem. The government is not some big misterious being that we have have no control over. We are the government and it is time that we quit wineing about it and do something about it.
Where are we going and why are we in a handbasket?
That's true, but the internet has no impact on that freedom. Barring you access to internet has no more affect on your right to free speech than a publisher refusing to publish your book.
:-)
That depends upon who's doing the barring.
I assure you, if the government ordered ALL publishers to refuse to publish your book, that would be viewed as an unConstitutional violation of your freedom of speech and of the press.
If each and every single publisher decided seperately to refuse you, that's not a violation of your freedom, it's an indictment of your writing ability.
--
I think you may be a little bit optimistic about the Canadian government. I'm Canadian as well, and if you think that Chretien, Staff Sergeant Smith (Suharto in Vancouver, remember?) and pretty-boy Allan Rock are at all worried about the impact of giving the FBI access to data in Canada, you're mistaken. In fact, I wouldn't be surprised if the Canadian government allowed the FBI full access to that database that they made of everyone's tax information, for example, and every other database that they have on us as well. A politician is a politician - they'd just be helping out their bud
At least in the U.S. people raise a hue and a cry when the government steps on their toes. Can't say the same for us in Canada even when they dance the $#@% fandango on our heads.
But
Sarge
And while I'm at it... assuming the people would stand for it if they did shut the Internet down, so what? I'd have to get a real job, and everybody would have to go back to reading books and watching television, and auntie Mabel wouldn't be able to sell her Hummel collection on e-Bay or email all of her friends smarmy overforwarded Flash animations.
Good.
I've been following the whole carnivore thing since just before the story appeared on /. since I saw it on some other news service a few hours earlier. The one thing that keeps bothering me that no one seems to have mentioned is that the FBI is going about this the wrong way.
Afterall when they get a warrant to tap someone's phone they don't go to the Central Office and tap every line hoping they can pick up some of the person's conversations by listening for keywords. Instead they tap the line that feeds that person's home/business line(s). I don't see any reason why they can't do internet wiretaps in the same way. I can't be any more work to "decode" a modem signal or other data transmission than it is to search literally gigs of information per second. In fact in the long term it's probably easier and would take less computing power. So why can't they just tap the lines of the person they want to listen to.
Just like with a tradional wiretap if the suspect being watched uses a phone at some strangers house chances are the feds won't be able to listen in. But so what that's a limitiation they've had to live with for years in order to protect our privacy since we do still live in a country which believes in the presumption of innocence.
The only explanation I can come up with is that this is a thinly veiled attempt by the FBI to try and take away more of our constutional rights without going through the proper channels. It's happened before so I see no reason it can't be happening now.
While I'm no fan of Reno I seriously hope she managed to prove she deserves her job by putting a stop to this nonsense now and pointing out that there's no reason tradional wiretapping measures can't be used for this purpose.
--- Juggle juggle@hitesman.com
I sent them an e-mail today applauding the decision, but warning them that I would no longer be a customer if they did install it. I ask that all other Earthlink users do the same. It's funny, but in this way we can essentially "bribe" the government (a "bribe" by proxy via Earthlink) to protect the rights they're supposed to be protecting anyway.
All of us non-Earthlink users should also email our ISP's and indicate that if they have not installed Carnivore - don't! Otherwise we will take our business to another ISP that does not yield so easily to intrusive government.
Remember, You are unique...just like everyone else.
The FBI's stated mission is to protect U.S. citizens from foreign and domestic enemies by investigating violations of federal law. That is really and truly what they try do to, and for the most part people join the FBI to protect and to serve. And if you are trying to defend the U.S. against its enemies, you you need to be able to find them. And to be able to find them, you need to update your surveillance techniques. And if the criminal activity is happening or being coordinated on-line, then the investigation and surveillance has to happen there.
So the FBI starts advocating things like Clipper chips and Carnivore and starts lobbying for laws that require digital telephone switches have an evesdropping port built right in, and things like that. Can these tools be used to spy on criminals? Darn tootin'. They are fantastic for that. The problem is, though, that these tools can be misused as well.
As a civil libertarian, I believe that the U.S. Constitution serves primarily to limit governmental power. It does this because its framers recognized that government power is abusable in such a way that its abuse is not just possible, but inevitable. So we do indeed need to be wary when the FBI wants to put a full-blown sniffer in front of every ISP's switch. We all take it as a given that this powerful spying tool would eventually be turned against peacable citizens.
But what is the FBI's current intention for Carnivore? I suspect that in addition to its stated (albeit redundant) purpose as an Internet wiretapping tool, it is designed as a weapon against cyberterrorism; specifically, it is used to identify and terminate distributed denial-of-service attacks.
We all saw what happened a few months ago when the DDoS attacks happened against CNN and other high-profile sites. We all saw the havoc it wreaked and how hard it was to track down the perpetrators. But with Carnivore installed in front of the switch, the FBI could watch an attack develop real-time and terminate it immediately: First, they get sample packets from CNN. Then they broadcast a message to all Carnivore boxes to copy and block any packet going to CNN that matches the attack profile. Once the attack is contained, they swoop in with search warrants and arrest everybody who sent an attack packet.
So that's what they are trying to do. Cringely was only partially correct: the FBI's goal is not to shut down the Internet; it is to defend the entire Internet at one time.
Unfortunately, though, we can't let them do this, because as soon as the tool is in place, the RIAA will start pressuring the government to start actively patroling for MP3s, and the whole Carnivore matrix will become the web in which our freedom was finally ensnared.
On the other hand, I would like to see a Carnivore-type system put in place by an industry consortium. It still strikes me as the best way to defend against DDoS.
--
This is not my sandwich.
How about making the FBI do a little legwork and tap at the customer's end, not the entire ISP network. Sniff that broadband connection or listen to the phone lines (contrary to popular belief, modems *ARE* tappable - there are special-purpose boxes to listen to and reconstruct bidirectional traffic from a traditional analog phone tap). Don't tap the entire ISP with a black box. There are other ways to gather wiretap intel; what makes me suspicious is that the FBI chose the "tap everyone and sort later" model, to say nothing of the suspicious nature of a "black box" with full access to an ISP's network traffic.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Just to completely assuage those concerned with privacy, Janet Reno's review will be conducted at Waco, Texas and Ruby Ridge, Idaho, as these places were known in the past for bringing out the most citizen-friendly side of the Justice Department.
Earthlink does have a DSL service. Their dialup service can be flakey at times but is generally good and I think the flakiness is mostly due to our crappy phone lines.
------------
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
Okay, perhaps I should clear this up. We are currently Earthlink customers who were former Mindspring customers who were former Sprynet customers who were former Compuserve customers. :) Damn mergers.
------------
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
That would effectively throw North America back into the information Stone Age, and the mantle of technical leadership would be picked up by more advanced countries like Botswana, Kyrgizstan, and Paraguay.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
# telnet pooh.cc.iastate.edu ... ]
Trying 129.186.140.1...
Connected to pooh.cc.iastate.edu.
Escape character is '^]'.
[ Trying KERBEROS4
[ Kerberos V4 accepts you ]
[ Kerberos V4 challenge successful ]
Using encryption for Input and Output
Shut up, be happy. The conveniences you demanded are now mandatory. -- Jello Biafra
Given that it's being reported that one large ISP (earthlink) is having problems installing this system.. How many providers have this system already in place??
... under court order". In other words, this is an activate-on-warrant system meaning its expected to already be installed at each location.
I thought this was a install-on-warrant system, but going back through earlier articles: 'She [Reno] emphasized that the system can only be activated
Can anyone who works at large-ish ISP's in the know confirm or refute the installation of carivore boxes on-site?
I imagine the smaller ISP's won't need these boxes installed as their larger upstream providers will probably already have them in their route-path.
I think its time to get serious about PGP, and SMTP over TLS/SSL for those of us with our own mailservers.
The whole government doesn't have to be corrupt or involved in a conspiracy; it just takes a few unethical people working inside the government to abuse this system to their own ends.
-- Greg
PS: The first installation should be done at the white house. Apparently they have problems losing their emails. Perhaps the FBI can pick up their files while they are there. They can also give a safety awareness and suicide prevention class; as it seems like so many people involved with the administration seem to have accidents or kill themselves in odd ways.
Can I be invited to Reno's next BBQ?
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
I called not too long ago, and inquired about something else that was raising concern - Predictive Networks. I asked if they'd ever heard of this company, or have any plans to do business with them. The initial person I contacted didn't have any information, but they did have someone return my call within a couple of hours. In speaking with the second individual, she stated that customer privacy is very important, and that they'd never consider such an option. Earthlink's refusal to install Carnivore means one thing...they're SERIOUS about this! Good deal!!!! It's great to see a company that isn't "just" a company- a company that actually stands for something.
I'll reply to someone else's message to get my point across:
Yes, but Carnivore goes beyond simply tapping one person's phone line... If phones still had party lines, this would be the equivalent of the FBI picking up the phone every time someone has a conversation, listening until they figure out who is talking, and then if it isn't the person they want, they supposedly hang up. I don't know about you, but that wouldn't make me too happy....
Okay, so, in what immediate way would it really *matter* if they hear you? You don't plan on nuking LA's I-405 at rush hour (if I wanted to kill a large number of people and generally bring traffic from bad to impossible, that would be my plan). What horrible things at this point in time would happen if the FBI/CIA/DMV heard every word you said, every character you typed, and a good portion of the information on the intake?
I've never liked the idea of this sort of thing simply because I don't want to give the government the power to become anything other than a government for the people-- in other words, I don't like giving them the power to be (pardon the drama of it all) an evil oppressive government, behind our backs, in a way that is nearly within "the system" (yes, let them do it with a constitutional amendment and a press release
But this, the future possibilities, often doesn't seem to be the stated concern to the privacy advocates. Or at least, it's only one. The one I see paraded around is usually stuff like the reply I quoted-- the ability for the government to overhear us talking about flavor #22 at Baskin Robbins, why we hate Dr. Laura, or about our spouse's general cluelessness of the affair we're having.
I don't like Carnivore any more than anybody else, but I really don't think the FBI gives a damn about me or what I'm saying.
Wisdom:
Imminent Death Of The Net Predicted!
Commentary:
Some would emphasize privacy -- who is reading what. This is not the true way.
Emphasize content -- what is being read. This is the true way.
Would Mr. Cringely's articles attract commercial advertising if they were not inflamatory?
The owner of the ISP where I work would close the doors before he let the FBI put a box in that did active filtering. Infact, I think he would close the doors even it did *passive* filtering. Handing over our logs when handed a court order is one thing, but giving them access to everything going in and out? No way. He'd tell them what they could do with themselves and shut down the Internet part of the business. This is line that shouldn't be crossed. If they *really* want information of this sort, they can get it without the box. And you are correct, that type of active filtering would slow down traffic, to what extent would depend on the box itself.
You know the only sensitive thing about what's in that "box" the FBI wants to install at the ISPs?
.. but the list of suspects, the sites the FBI wants monitored, would be right there in the clear, available for any ISP employee (and any hacker) to copy and distribute.
The list of criminals, of course! There's probably no due process (e.g., there might be suspects there). They're trying to protect the list! Sure, the ISPs could run some sniffer code simply enough
Which I'm sure all would agree is not a Good Thing.
As for the boxes having the potential of being switches, of shutting down the Internet, what a load of hooey! All the ISP has to do is unplug the damned thing.
I'd be concerned about privacy issues, yes, like who authorizes the names on the lists. Are the judges with the court orders in fact informed? Can anyone check on them? If the FBI has a pet judge, can ANYONE's name get on that list?
That's what the issue is. Ignore that Cringely idiot. He may have good points at time, but he can be dumb as a brick too.
And I won't even touch how completely ridiculous the idea is in the first place ... well okay I will. Why in the WORLD would the FBI try to shut down internet connectivity for the US? And why would they need these boxes to do it? If they don't have the legal right to do so, ISPs and their well-payed laywers wouldn't let it happen (guess what, ISP technicians can unhook the Carnivore box and go about their business). If somehow the FBI did initiate some digital martial law where they had the right to do this, why would they need the boxes? They could just walk into the ISP with their nice shiny guns and start unplugging ATM cables.
These Weekly World News /. news bits are great fun, but please don't take them seriously.
You know what to do with the HELLO.
You know what to do with the HELLO. ...
Help create an open-source world
Link
Sean Remove zebras from e-mail address to reply.
I am an engineer for a tier-1 ISP. What could I do to convince my superiors to refuse these boxes on our routers as well? As far as access goes, we would know about them if they were there, and I can say that there are not any of these on our system that I know of. I would never allow any of these on our systems, and I know that none of the other engineers here would either -- including our director.
What could be done to convince the rest of our company, notably the paper pushing desk working administrative staff such as HR, executives, legal, ect., to go allong with this? They would not understand and would go along with this completely blind. As far as I am concerned, if one of these boxes were allowed on our network, I would seek employment with another company imediately.
Last week the mail servers on the @home network went crazy!
Anyone know if they were installing Carnivore, or was it just another day at the comcast monkey cage... err NOC.
They misplaced my e-mail for 4 days, and I was recieving some other user's e-mail... not good!
[Connection closed by foreign host]
Earthlink is a Scientology company, and naturally Scientology doesn't want the FBI access to their basic means of computer based communications since they have been the target of investigations ranging from fraud to murder.
Steve's Computer Service, Hobbs, NM
I think the government is going way to far anyway. This Carnivore thing is the government wedging itself into the power of the internet. If they can look at any packets going through/from/to a server, what keeps them from dictating what is allowed through what could be called "United States 'Netspace"? Heck, the government atempts to regulate everything that moves physically within the borders of the US, why not throught the electronics of the US as well?
:)
Once they get in and regulate what they want, its too easy for them to, as the article put it, "Shutdown the Internet". If we dont stop their atempts to regulate everything through US Servers now, they'll push for more control, give an inch, they'll take a mile.
All I know is, if they end up trying to shutdown the internet or control it, I know there'll be alot of computer techs out there extremely mad.
The fact that these boxes exist is not a problem. Think about this for a moment:
- This software probably finds and filters *email* in a number of ways. Firstly, it probably can be configured to search through emails for specific keywords and (more likely) to search for emails from a specific address.
So, all the general public needs to defeat this invasion of privacy is the list of keywords they are looking for. Then, we send the list in an email many many times past the box. It will simply throw up.
Could you imagine 1 email a day filled with "cocaine", "guns", and "world trade center" passing this federal snooping device? Sure, they would think you were a criminal and arrest you.
Could you imagine 2 emails a day filled with "explosives" and "federal building" and "marijuana" passing this snooping box? They would think you guys were terrorists and arrest you both.
But what about 2 MILLION emails a day, filled with "heroin", "preteen", "crack", and "jobs"????? They would shit their pants at the revelation! They would think it was a REVOLUTION!! And that's what it is!
All I ask is that each of you send one email a day with words from this yet to be published list. Hell, someone could even write a tiny mailer program that sits in the background and sends one randomized mail a day generated from this list. One mail a day times 100 million internet users--god damn, they wouldn't last a minute!
Or you can get a copy of PGP with like 128k keys which even the nsa can't break. Not that I know anythink.
Just remember. Humans are people too.
Cool! Amazing Toys.
People nodded agreeingly when NATO bombed TV headquarters in Beograd, because it was spreading "propaganda".
Noone spoke too loud when it became clear that military officers from Psycologic Warfare controlled and cencored CNN newsbroadcasts
real-time during NATO's war against Serbia.
People were shocked by Ceausescu's regime when told how Securitate sampled prints from typewriters. Yet.. there's Echelon, and there's no reason to believe that Carnivore type software won't be forced upon ISP's in the very near future.
How about the listening devices to tap cellular calls? And isn't Carnivore just a consequence of the Communications Assistance For Law Enforcement Act from 1994? The last part is to be implemented within Sept. 30th 2001. Just in time for Carnivore to mature.
How about the NSA key? How about Enfopol? The western world is incredibly more efficient in it's total control and deprivation of privacy than the east block ever was. If there are any old commies left they must be green with envy. But in spite of the end of the cold war, CNN still maintin their "cold war" column, whipping life into old paranoia. Seems the McCarty periode never really ended - and those who yell "democracy" the loudest are the ones with most to cover up.
Isn't the concept of total control... totalitarian? Aren't the ones who use a dictators tools.. themself dictators? I don't feel free when someone unknown peek over my shoulders at all times. My freedom is rapidly being reduced to the "freedom to remain silent" - and only that. I feel terrorized. Really.
The FBI shouldn't even have the authority to implement drastic new technologies like this. I wonder if AoL and Earthlink have considered that customers knowing they (as the "large providers") have tapped email will drive consumers elsewhere. I find it equally likely that people will shrug it off with the "I don't break the law" attitude. If this keeps up, I wonder how long it will be before they do keywork searches of all emails.
.sig: "president bomb gun drugs: support your local FBI". Although I've already seen people doing it, trying to break Echelon ;)
Time for a new
Hopefully Earthlink will stand up to them on real principles, if need be.
Here's another link about this, at Capitol Hill Blue.
Some ISPs might put all their mail servers on one big fast Ethernet so everything routes there, which makes it easier to do centralized management and some security, but traffic that isn't going to those mail servers doesn't go to that segment. This means that if you dial in to ISP A, and use your web client to access a web server at ISP B, or your POP client to access a mail server at ISP C, or your email sender to send mail to an SMTP server at ISP D, you're probably not going through ISP A's POP server Ethernet, you're just going through the LAN connections that get you to the routers going to those other ISPs. If it's all in one building, the carnivores might hang a bunch of promiscuous taps on every segment there and go into some big hacked multiprocessor router-thing, but anything less won't cut it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I have no
I work for an ISP in Alabama as the Assistant Net Admin. Myself and the Net Admin both agree that the government has no reason to be in or near our servers! My thoughts ... Carnivore,.. byte me!!!
If it can go wrong it wnetscape: Segmentation Fault, Core dumped
The government is supposed to work for the people. When it starts to interfere in their lives in order to "protect" them, it becomes their enemy. A police force that can be called on the phone if you are robbed is a good thing. But would you want a police officer checking in on you randomly to make sure you weren't being robbed? We're not there yet, but we're pretty close. We don't need a government with power to spy on its citizens, and certainly not one that can do so without telling them. There are other ways to do things. Perhaps they are more difficult. But this is a government for the people, remember? Shouldn't it go out of its way to accommodate them? Sometimes wiretaps are necessary. But they must be used very sparingly. This system makes it to easy for the government to invade our privacy. How sad is it when a corporation is willing to stand up for natural rights that the US government isn't willing to protect?
it's green.
What this comes down to is that the government wants an easy way to stop "dangerous" activity, even if it means stepping on the toes of its citizens. The ISP is protecting the rights that the government has ignored.
it's green.
Amen brother! Same story here.
ICQ#2584116
-- d'arcy poirot
If I have a switch that is broken and sending packets into the void, this is what I do:
I unplug it.
The FBI's black box is no different than a malfunctioning switch. The ISP tech walks over to the rack, unplugs their precious box, and look, we have connectivity again. You need an IQ of about 5 to be able to figure this out.
I have two completely contradictory statements about this whole mess, and I'm not sure which one I want to go with here...
1.) Why does the government have the right to interfere with a private method of communication? They can wiretap our phones, read our email, video tape anything and everything. The only truely secure method I see of communicating anymore is driving out to the desert, stripping naked, and whispering with your friends. I don't really mind my email being read as I do nothing of importance, but this is just another step towards total invasion of privacy. Who knows how much longer it will be before we all have microphones installed in our voice boxes and video cameras and transmitters that run of bioelectricity put in us all as were born for full time monitoring by big brother?
2.) Maybe theres a legitamite use? Who knows what this could stop. Im all for losing a little bit of privacy if it would of meant something like...stopping the Oklahoma city bombings or something. But the line still has to be drawn somewhere..
---------------------------
"I'm not gonna say anything inspirational, I'm just gonna fucking swear a lot"
---------------------------
Most lawyers I've talked to have said that judges should not issue warrants unless the search net is as narrow as possible. Thus Carnivore or any other sniffer should never copy traffic from innocent Internet users on the segment, only that to or from the "suspect"--i.e., the wiretap must be on the segment most restricted to the suspect.
However, the FBI has in the past been able to get around this requirement for wiretaps. Several years ago the FBI arrested a man in New England who attempted to buy missles for the IRA. The Boston Globe revealed that the suspect used random pay phones in Nashua, New Hampshire. The FBI apparently tapped all the pay phones in the area, and used voice recognition technology to filter the conversations from the suspect out of all the conversations copied. The lawyers I talked to said that such a practice would not be constitutional, since it involved wiretaps on too many innocent people. However, it apparently held up in court. The U.S. government also supplied the technology to the Colombian government to track down "narcoterrorists" using cell phones. In that case, the wiretaps must have been extensive, network-wide.
I believe the question is not whether or not Carnivore is technically feasible, nor whether or not it is legal when it is intended as a wiretap authorized by a court, but rather whether or not it invades all our privacy. If the FBI wiretaps my conversations I should be allowed to go to court and get a hearing about it. Just because a criminal is using the network segment at the same time should not authorize the FBI to wiretap me.
Will Reno understand this issue and overrule the FBI? Don't count on it.
I happen to have a lot of respect for the net community, but I am kinda dissapointed when I see a lot of people go on in rants about "The government is doing this or that".... I have a few questions: If the government has the technology to spy on us, don't you think they are doing it already? and if they do have the technology, why would they make it public and create outrage in the community? For God's sake! take a Valium and email me in the morning! Like an earlier post said, I gues you have nothing to worry about unless you are a criminal. ......
Dammit Jim! we've been here before! -- Bones.
Unless the Feds do something egregiously clever, there's no way they could just flip a switch and turn off an ISP. Oh, sure, they could take down its uplink... but unless someone was sleeping on the job, I'm sure the ISP could just wire around the dumb black box. Think about it.. one wire splice around the thing, and it can't shut off your internet anymore, now can it?
Of course the whole snooping thing is a different bag of worms altogether...
The FBI has their own blurb on Carnivore. It's worth reading - it exlains the checks and balances on the FBI's ability to use Carnivore (heavily restricted by the legal system). Also another note is that the FBI does use advanced algorithms, sort of like the ones the credit card companies use for fraud or that the IRS does for tax evasion, to actually catch "suspicious" activity. They probably don't want that info leaking out otherwise people could workaround their algorithms. That justifies a co-hosted box as opposed to letting an Open Source zealot do it for them :)
--
______________________________________________
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
The article suggested to me that there were technical issues (as opposed to legal or political ones) that influenced Earthlink to deny Carnivore. Perhaps it is the case that if the technical issues are resolved, they might allow Carnivore in.
Unlike many thousands of smaller ISPs, Earthlink is a 5-9's kind of operation. They have architectured their network to ensure a minimum of downtime. I've been a subscriber for a few months and have experienced no outages (aside from the IRC server being attacked, but that's not really in the 5-9's realm). Building a network like that is no easy task. You have to make it so that NO single failure can bring it down. No... you have to make it so that you can have one each of everything fail and it still be fully functional.
I've designed a couple of smaller networks like this, and there are a lot of technical issues involved. If Carnivore were to be in them to be able to monitor the network, and assuming it was just operating in sniff mode (which is all it should need to do) it would still have to have multiple connections at multiple switches, and almost certainly multiple boxes all over the place. Deploying something like Carnivore while also NOT disrupting the network would be a major project.
There is also the issue of how to get a sniffing tap into the network in the first place. In a small network I recently designed, it would have to tap into 4 different switches to be able to capture everything. My design at least did have switches, most of which can set up port 0 as promiscuous (though if it has a bandwidth lower than the whole switch, you lose packets). Earthlink is way larger than what I built, and has so many points of presence and so many points of exit, that I would imagine that Carnivore would have to be deployed in perhaps as many as 100 instances, each of which having perhaps approaching 100 fiber connections. That kind of scale may well not even be practical (aside from the fact that the ISP is probably already using the promiscuous port for other purposes).
There are other approaches that reduce the scale, such as policy routing port 25 through different paths. But even then you have to have first a point where port 25 is diverted from, and then a point where port 25 can be re-injected without being re-diverted again, and that forces an architecture with more hops than most ISPs have (an architecture that also doesn't scale to 5-9's very well, either).
I suspect Carnivore has technical limitations when you consider the scale of some of the networks like Earthlink/Mindspring/Netcom and others like AOL. Then what about all of those smaller ISPs. If the big ISPs let Carnivore in, many people will shift to the smaller ISPs (not necessarily because they have something to hide, either) so it would end up having to be deployed nearly everywhere (though maybe it can be done at the upstream backbone).
I just don't see it being that simple to do. Anyone else have any more technical details on this black box?
now we need to go OSS in diesel cars
Not if you set up a route-map that black holes all packets coming from the sniffing interface.
now we need to go OSS in diesel cars
You mean like Earthlink would have to unplug their own sniffers from the promiscuous ports of the switches to be able to plug in Carnivore?
now we need to go OSS in diesel cars
After such a court order is issued, then they (hopefully) will end up fighting it, and maybe in about a week it will be reversed for causing harm to the functionality of the business ... if these technical issues truly are what is involved.
now we need to go OSS in diesel cars
The question of why the FBI would want to shut down the Internet reminds me of a quote from DUNE. Paul Atreides says "He who can destroy a thing controls a thing." Can you imagine the power available to the FBI if they have the ability to literally bring the US to its knees? How could we as citizens fight the FBI? They would have the ability to destroy all of us. Granted, they might never actually bring the Net down, but are you willing to gamble on that?
In addition, this is a little bit like all those keys and safeguards you have in place to prevent nuclear missile launch. There is no such plan in place hear. If the Director of the FBI wanted to shut down the Internet, he could. No one could stop him. There are no secret codes, keys, accountability to Congress. Shutting down the Internet would be as devasting, if not more, as launching our entire arsenal of nuclear missiles at Russia.
If they install these boxes in every American ISP they would have the ability to shut down the internet (in America). It's a moot point whether or not they'd want to. It's like having the FBI put bombs in everybody's home. Sure, they would probably never blow everyone in America up, but the point is they could.
Hey, I'm just as paranoid as any of you, but Cringeley thinking the FBI wants the ability to shut down the internet is delusional. Even if it did (and the first big hurdle is why?), the second a carnivore box started inhibiting packet flow thru the ISP, the techs would think that it's malfunctioned and sever it from the network (maybe with extreme prejudice). Since the Carnivore boxes are only going to be installed under court-ordered surveillance, how would the FBI even be able to get one into every ISP? Are they going to claim that there's a suspect connected to every ISP in the country? Cringeley's argument is just hogwash.
Carnivore is a sealed box that is installed at the network operations center of an Internet Service Provider.
I look forward to the first SlashDot article on "How I hacked Carnivore: Making one Federally-Funded, Kick-Ass Tivo Box!"
For those who don't live in the US or are a tad clueless, Timothy Mcveigh is a mentally disturbed man who was convinced that the goverment had implanted a computer chip in his rear to monitor his location and everything he did. Because of this he filled several 50 gallon drums with diesel fuel and nitrogen fertilizer making quite the bomb, lit the fuse and stole another car to get away.
I don't condone McVeigh's actions. I don't feel that killing several hundred goverment workers and blowing up a daycare is a rational way to deal with the problems caused by big brother, noting that McVeigh did not have a computer chip in his buttocks.
But the goverment or goverment subsidaries (like the F.B.I.) cannot pass legislation or get court orders to install big brother in every ISP in america and then expect noone to care. People care about their privacy. Most won't do anything. Some will kill 400 people with a truck bomb.
In conclustion, the goverment is creating their own enemy. Innocent people do not deserve to die because of some asshole who cannot respect peoples privacy. But they will if things like this continue.
Kris
botboy60@hotmail.com
Nerdnetwork.net
Kris
botboy60@hotmail.com
Nerdnetwork.net
This guy is an idiot and his theory don't make sense. Why? well if the FBI shut down the internet, how will the USA be sure that all the nuclear missile launch facilities will get the signal to destroy the other side in case of attack? This would be to much of a treat to national security (ie. not being sure to be able to anhiliate the soviets or something). I tought this is what the internet was orriginaly designed for, that if the USA would get bomb, that when they would signal the launch of the counter-attack, if a link was down, the signals could be routed elsewhere, and the other side be destroyed too. Trust me, this guy is on crack or something!
...Micro$oft tactics!
Yes, you heard me right. Microsoft has shown us the way. All we need to do is "enhance" various software and protocols that the carinovore program relies on. We can break compatibility and say we are fixing bugs and adding more whizzbang features.
I don't know. It seems like the U.S. government bodies just can't wait to supply countries like China with the technology to suppress democratic movements. First in a country noted for free speech they try to narc the internet protocols, or introduce snooper technology. I can just see third world countries taking notes on "How to find all those dissidents". ... just follow the latest braindead pseudo-current affairs program on channel 7 or whatever.
Australia seems bent on similar ideas. But the government here is a bunch of complete losers and dolts. They fucking wouldn't know what the internet is anyway
Anyway I digress. The point is that all of these proposals are think tank exercises, at the very least for prototypes of suppression that will be taken up by other countries.
Bitter and proud of it.
You can also use decoy tactics -- sending a lot of fake encrypted messages in addition to your real ones. Some of my mathematician friends' ideas of a good time involve sending large blocks of white noise to suspicious overseas addresses. "Gotta keep the NSA on their toes." This has the added advantage of defeating traffic analysis (sometimes it's enough just to know when and where messages are sent, without knowing their contents).
And of course, if all traffic is encrypted then encryption won't be grounds for suspicion. This is a major goal of Phillip Zimmerman, who said in an interview:
Speaking of wiretaps, can the gov't have a telco break a connection with the same level of authority that they can get a tap?
Would it be legal for the FBI to demand their box to be connected in such a way as to allow remote shutdown of an ISP or subscriber, and have an ISP which gave them full monitoring but no ability to disrupt being considered in violation of the law (by saying that such a hookup is insufficient to meet their requirements, etc)?
Any lawyers care to comment?
Also, if they get a warrant to seize data and email, does that mean they can destroy it? In the real world, seizure implies that the intended owner or recipient loses the item seized, since in the physical world both they and the FBI can't have it (physical impossibility). In the virtual world, it would be natural that they both could have it, and a warrant to seize would mean the email is copied. But what does the law say? If the FBI gets a warrant, can they also stop the intended recipient of a message for getting it by deleting it from the ISP? Seziure laws weren't written to cover a world where "items" can be copied, rather than moved....
Just because it CAN be done, doesn't mean it should!
Any hackers out there interested in having a whack at one of these boxes...
Just find out what they actually do. Have a snoop on the snoop (I tend to believe they are what they claim to be, even feds have morals)
And just to reiterate what some other posters have said, until quatum computing happens, 128bit encrypted email messages will remain safe... What a simple solution, we just need PGP to spread a bit further, get it OEM on some systems, and it would become a automatic thing to do when sending an email for all users.. and that would be great, mate.
"For spirit of Minjin, who feeds on the souls of those who graze too late"
Interesting. The British government is currently ramming its so-called Regulation of Investigatory Powers (aka RIP) Bill through a largely supine Parliament. "Regulation" in this instance being a weasel word for providing legislative justification for a communications interception infrastructure designed to maximise scope and administrative convenience and to minimise judicial supervision and democratic accountability.
Amongst other things, the RIP Bill requires ISPs to install remote monitoring equipment on their infrastructures. No information has been forthcoming about the design, construction, or source of these boxes. So it's been odd that the government has been so vehement that the cost estimates for this part of the bill which have been made by people with knowledge of the industry are totally exaggerated.
And now we hear the the FBI has some sort of el-cheapo on-site tapping box that can't do its job without causing trouble to the ISP's normal traffic.
Nah - there can't be any connection, can there?
This is somewhat off-topic, but I think it does pertain.
For the past year, I've been getting spammed by folks using open relays at Earthlink (most of the offenders are on UU.NET). Now, I've tried to bring this to the attention of abuse@earthlink.net, and I've even gone so far at to call them and try to get them to close their relays. The spams continue. (BTW: Earthlink has a phone line just for spam complaints: 1-888-356-7726, or 1-800-ELN-SPAM. Called it too. No results.) Since we all know open relays are considered harmful, why hasn't Earthlink closed them?
I submit that it is because Earthlink doesn't give a rat's pink furry asshole about their customers, the Internet, your rights, or anything but making money: closing the relays would cost them money, so they don't.
From what I read of the story, Earthlink didn't say "Bugger off, we won't let you eavesdrop on our customers!", they said "Your hardware is crashing our system (costing us money), let US do the monitoring for you."
Hardly being "Champions Of Freedom" if you ask me.
BTW: If anyone else is getting spam from Earthlink's open relays: save it, send it to abuse@earthlink.net, and think about contacting the MAPS RBL: I am working on getting together enough evidence to satisfy the RBL's requirements to get Earthlink blackholed.
www.eFax.com are spammers
Following is the text of a reply from EarthLink stating their now "official" policy re: Carnivore.
It's interesting to note that, instead of citing tech problems as the reason for not permitting Carnivore's installation, they now claim that "We do not allow the installation of Carnivore on our network because it has the potential to compromise the privacy of our legitimate users and the performance of our network.", thereby seeming to have considered privacy the paramount issue. I don't know if this is simply spin control, or what. They further refer to an "internal solution" that will satisfy, somehow, the FBI without compromising privacy, but do not go into detail as to exatctly what this "solution" might be.
THEY (Earthlink) may, as stated, "sleep well knowing that our customers are safe from unauthorized surveillance.", but I'm not sure how well their subscribers will. After all, the first FBI efforts to install Carnivore happened a while back and, to my knowledge, no Earthlink/Mindspring subscribers were ever informed then. If this hadn't hit the press, it's my bet they never would have been.
"Thank you for your inquiries into the FBI's "Carnivore". We have received many inquiries, many Kudos and many sneers for what has been in the news in the last couple weeks. Much of the information that the press has published has been inaccurate or misleading. Earthlink takes the following stance
(in
quotes below).
"We do not allow the installation of Carnivore on our network because it has the potential to compromise the privacy of our legitimate users and the performance of our network. We have an internal solution which allows us to comply with court orders without the presence of government personnel or equipment in our buildings. The government accepts this solution since they
still receive the requested information about the criminal suspect, and we sleep well knowing that our customers are safe from unauthorized
surveillance."
Sincerely,
Mary Youngblood
Privacy Policy
Earthlink/Mindspring Abuse Team Manager
I later discovered why it was a very good thing that I didn't pursue the position; it would be reasonably likely that there would be, at some point, a six month assignment to the listening post at CFS Alert, the "most northern permanently inhabited settlement in the world." As of 26 November 1992, the Special Service Medal is awarded to personnel who have completed 180 days of honourable service at the station.
Alert is so far north that it cannot communicate with geosynchronous satellites. Way, way, way, way, north...
If you're not part of the solution, you're part of the precipitate.