Slashdot Mirror
Earthlink Refuses To Install Carnivore
A reader wrote in with story on C|Net that Earthlink has said that it will *not* install Carnivore, the FBI mail snoop program. Earthlink has said that it will cause disruptions to their customers, and thus refuses to install it. I'd say that's valid. Cringley has a story where he suggests that Carnivore is really about giving the government the power to shut down the Internet.
U.S. Attorney General Janet Reno said she will review the FBI's Carnivore system for intercepting email from criminal suspects to address privacy concerns.
Boy! I hope she gets Al Gore to help her out... She'll probably need it and since he invented the internet, I'm sure he can help her understand how it works.
---
I believe the article says that they did install it but due to incompatibility issues with the operating system it was removed. Since it basically broke their service it was removed. They didn't say that they wouldn't install one. Although I could be wrong. Been there before.
The article says they are not putting it on because it is incompatible with there system, would cause disruptions, and needs some technological modifications. They are CONCERNED about privacy issues, but didn't say no based on that. Unless this is just a delay tactic to try to build a case against Carnivore, it'll probably just go away once the FBI patches the system
At a typical big-name colocation center, you get one or two 100 Mbps ethernet drops, or a gigabit ethernet drop, and maybe a few WAN drops into your cage. The ethernet drops go to some big honkin switch somewhere which you share with zero or more other customers, depending on the size of your installation. In at least the colocation centers I have dealt with (Exodus, Level 3, and Concentric), using promiscuous mode on any interface connected to a shared switched segment gets you shut down fast. So I wonder what Cringley is talking about when he says that every box in the colo center could be a sniffer.
Remember, the RIAA and MPAA are both carrying out their little crusades in the name of 'business' reasons.
"See, we plan ahead! That way, we never have to do anything now."
I've used Earthlink until I recently obtained SWBELL DSL. (Why did I switch? Because paying an extra $20.00 a month for a different ISP didn't seem very logical. Of course Bell is being sued for this very reason, but..) Their service has been great. I've never, ever got a busy signal. Customer service was always good. They had proprietary connect software, but you were NOT required to use it. And they supported alternative operating systems. (At last count I ran OS/2, BeOS, Linux, NT 4, and 2000.) I think it's great that one of the largest ISPs would refuse to put Carnivore in place. If one stands up, maybe more will, and perhaps this beast can be put to rest. Hell, if the FBI wanted to put a machine on *my* WAN they'd sure as hell have to give me a warrant or judgement specifically authorizing it.
My reality check bounced.
I think it's great that the FBI is using Carnivore, though. I mean, what better way to promote the usage of newer, secure protocols such as IPsec, Secure Shell, SCP, and privacy suites such as Pretty Good Privacy? And what better way, I ask you, to promote the retirement of older, flaky, insecure protocols like telnet and FTP?
Well, something will eventually make people switch. Might as well be the Feds.
Still, I think Earthlink is justified in denying the FBI the ability to shut off their service at random. That's just too much power, plain and simple. I hope they take this to court and win.
Free music from Jack Merlot.
You'll install it, you have no choice. But I doubt you'll be nearly as brazen in the announcement that it was installed as you were in your announcement that it would not be.
Accuse me of having little faith, but I believe that until we rearchitecture the network to utterly defeat measures like this (transparent crypto?) the government will continue to use its machinery to coerce and manipulate the key internet players. Witness the "NSA key" in Windows 95/98/NT/W2K. Note how long until we found out about Echelon. Read how cryptography.. essentially a collection of mathematical formulas.. is classified as "munitions". The CDA, the DMCA, and a plethora of riders to innocent-sounding bills that we probably still haven't become public knowledge.
Someday, someone is going to need to devise a technical solution to these political problems. This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press. Literally, with the click of a mouse button, we can go public with thousands of pages of information, blow the lids off back-office politics, and empower the average citizen to take back their democracy and demand their rights. This is why of all the new laws being passed, it is against "computer crime" (civil disobedience by another name) is being targetted with the most extreme forms of retribution our legal system has to offer. $300k fines? 10 years in jail? These are punishments that most people conviced of felony manslaughter don't get.
Good luck Earthlink.. but this ain't how you're going to beat them. If you want to beat them, adopt IPv6, and give your customers end-to-end encryption. Then.. go ahead and let them install omnivore. A boat load of good it'll do them then!
Wow.
I must say, I'm impressed.
Most corporations don't often show much in the way of morality or ethics, and you can't really expect them too. Any publicly held company has to report to their shareholders, and if they start taking moral stands at the risk of stock value, they can get hit with due dilligence lawsuits from their shareholders. Most companies that espouse morals and principles do it as part of a corporate image, which in turn drives profits. (i.e. Microsoft exists to innovate and make computers better, Apple is brought to you by Einstein, because they think different)
So it's very rare the companies have the metaphorical balls to do shit like this. I don't know much about Earthlink, but they have my respect now.
I hope they don't get raped by the gov for this.
The issue is the lack of independent inspection of what is in this Carnivore box. The ISP only has the FBI's word that it is not doing any improper snooping. Who knows what else it might be scanning for.
Reno has promised to check things out, but even granting her good intentions she is at the mercy of reports prepared by her underlings.
If such boxes are to be built and installed then the software they run should be open to inspection and the precise description of the files to be snooped should be part of the warrant. (I take it these things do need a warrant....)
Paul.
You are lost in a twisty maze of little standards, all different.
Why would they want to do that? There's no real reason that I can think of, unless they want to destroy the U.S. economy in one fell stroke.
Instead, I suggest that they're using Carnivore as the thin edge of a very big wedge. Sure, they could sniff email traffic without a big black box. But by using a box, they get access to ISP premises every time they get a wiretap order.
With big ISPs, they'll probably be installing those things several times a year. Eventually they'll be able to say "hey, why don't you just let us leave this thing plugged in?".
Then, rather than having to go and plug in their big black box every time they get a wiretap order, they'll have the boxes all plugged in all the time.
And that's when we'll find out that those boxes can do stateful packet inspection if asked. Next thing you know, they'll be able to physically prevent you from seeing "unauthorized" data on offshore servers. Kiss that data-haven goodbye.
. . . but then again, I'm feeling paranoid today.
I have no
Doesn't it bother anyone that Earthlink is doing this because of customer disruption rather than privacy concerns?
Encrypt your email -- screw the FBI.
--
Wooden armaments to battle your imaginary foes!
I do love how we all feel that the Internet is a god-given right.
On a day to day basis, I think most of us forget that the internet evolved out of a government program and not through open-source advocacy.
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion. No, they can not block you from sending or receiving, but they can look if they have substantial evidence. And yes, there are laws to make sure that they aren't looking unless they have substantial reason to be looking.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
so instead of whining about your god given right to snoop-free internet access, actively protect yourself by encrypting your emails if your privacy is so important to you.
Somebody has to, and they're in a better position than most.
/.
/. If the government wants us to respect the law, it should set a better example.
Letters were private,
Then e-mail came. Smile, people,
You're on camera!
Donate background CPU time to fight cancer.
To all of those who are posting the 'one more reason to use encryption' posts, do you honestly think that big brother won't just set up they're box to save and store all encrypted communication? or add the sender and reciever to a special 'potential trouble' list. And yes, they can tell if it's encrypted, because encryption, or at least good encryption, does obey a certain statistical pattern (i.e. plaintext will be have a high percentage of recurring character, while ciphertext should be totally random). Granted, compression does something simialer, but still -- I'm on enough lists as it is!
I found this quote on cnet's article about the aclu's objection especially telling "Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company's customers, with the 'assurance' that the FBI will record only conversations of the specified target," read the letter. "This 'trust us, we are the government' approach is the antithesis of the procedures required under our wiretapping laws."
Show up at every ISP with a SWAT team and shut off the power.
Cut the big pipes that carry traffic up and down the east coast (or cross-country... hey, it wouldn't bring the internet down, but it would slow it up considerably.)
Face it, the US government has the resources and manpower to do just about whatever it wants to the US portion of the Internet. Problem is, NONE OF THOSE OPTIONS WOULD BE LEGAL! And neither would using the Carnivore's to cut off a legitimate ISP. I can't believe a court would allow that under anythign but the most severe circumstances. As the Microsoft case has shown, most federal judges (even those like Jackson with little technical expertise) are pretty bright guys. They can catch on to the issues quickly and see what's truly important.
So relax. I mean it. Life's too short...
"Fifty million Americans can't be wrong," said Rep. Billy Tauzin. Gore - 50,999,897 Bush - 50,456,002
As a canadian customer of @Home (don't knock it, it's the only game in town), I wonder if my own email is flowing through some american justice/intelligence agency's hands on a daily basis? It wouldn't surprise me in the least to learn that I'm sharing the same infrastructure as the american customers of @Home - and in that case it would seem obvious that @Home wouldn't bother separating our traffic out. Most of the time we canadians can sit up here and shake our heads at the U.S. government's thick-headedness with regards to the internet, safe in the assumption that for the most part they can't touch us. In this case however, it looks like they just might have their grubby hands sifting through our lives too. This is not to imply that the canadian government's intrusion would be any more preferable (in fact, probably quite the opposite - CSIS is not well-known for respecting privacy or having proper oversight), but at least in theory they are accountable to me in some way. The FBI and CIA are not.
"So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
Even IBM's new monster machine couldn't sort through all of the spam that earthlink gets fast enough to not slow the service down.
Every single day it's "Find Out About Anyone Fast!" or "Find [Out] About (Anyone) Fast!"
You can't even add rules to outlook fast enough to keep up with it all. It'd be a full-time job.
Hmmm... There's already talk about CPO, Chief Privacy Officer, how about a CSO - Chief Spam Officer... Somebody who sets the spam rules for an entire corporation...
What's with the "Officer" anyway? We're not in the military...
How hard is it to route traffic around the 'Carnivore' box -- um...two clicks of an RJ-45 cable. Remember what happened when radio stations were knocked out in WWII by the Germans?
--
Wooden armaments to battle your imaginary foes!
You mean besides the fact that the FBI's request is a violation of the fourth amendment?
Cringeley is right to be concerned about the CPOF implications of having FBI-controlled boxen sitting at the edges of American ISPs, though. Think about this in the context of the Internet Gambling Ban headed down the pike. Or the Drug information censorship act (aka, "Methamphetamine Anti-Proliferation Act", now buried in a bankruptcy-reform bill in conference). Sure the courts will probably strike down the prior-restraint provisions of the latter, but imagine a bill that doesn't address the publishing, but merely gives the FBI authority to "kill-file" a certain class of sites at the ISP level, without actually restricting the right to publish per se.
Having consulted on a computer crime case for the FDLE, I've seen the "us-against-them" mentality inside the investigative law enforcement community first hand. "Them" doesn't mean just "criminals" either - from the LE perspective, there are only 3 types of people in the world: cops, convicts, and suspects. That the FBI (with their sterling history since the days of J. Edgar) would be on the leading-edge of such surveillance/enforcement techniques is wholly unsurprising to me.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
This poses a few interesting questions, even for those of us outside the US. It is quite possible (and in some cases quite likely) for my email to be routed via the US on it's way from my UK based ISP to some other (non US) ISP (for obvious reasons the UK-US links are generally bigger and better than UK-somewhere else). Now, if the FBI 'accidentally' snoop my message to (say) someone in Australia, what happens? A US agency has (illegally?) snooped on email between two non-US citizens, both located outside the USA. Surely that's a matter for governmental concern (US and otherwise).
Suppose my mail is to a friend elsewhere in Europe, this would surely contravene European privacy laws. Where does the legislation end? Is it purely a case of where (all) the intermediate servers are, or on the end points of the communication?
It filters packets, finds e-mail going to and from identified criminals, and saves that e-mail for later decryption and analysis.
Wow, why don't they just go after these foul pesky identified 'criminals' if they know where their e-mail is coming from!?
Hey, does this mean I should stop uploading MP3s onto Usenet?
Pope
Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
It doesn't mean much now, it's built for the future.
Now, I'm not going to debate the merits/dangers of carnivore here, I just want to point out a few 'inacuracies' from Cringley's column.
Every ISP I've ever seen, been in, or worked at used (at the very least) layer 2 switches to isolate colo'd servers. Some would even go as far as layer 3 switching and subnetting. How on earth does Cringley think that any colo'd server could sniff an entire ISP's network?
I used to think that Cringley had at least a modicum of clue, but now I wonder. In an earlier part of his column, he suggests that every router could be set up to re-direct E-mail to the FBI with 'just a few lines' of configuration in the router. What a bunch of crap! Filtering E-mail requires access to the application layer, not the network layer as most ISP's routers would look at. And to suggest that such a scheme would inflict no penalty on teh routers is just ludicrous. Jumping from layer 3 routing to layer 7 routing would be a serious hit, especially on a GB level router.
sigh.... Unfortunately, I suppose there are people in this world that are ignorant enough to write stuff like that, let alone buy it.
Think outside the... Hey, where'd the friggin' box go?
I take issue with Cringley statement that implies that all ISP's are dumb enough to allow co-lo to sniff the network. Some perhaps, but as someone who's worked at a number of ISP's I can say that most co-lo's are segmented into their own network. Usually at the very least by the use of a switching hub. The worst I've seen is some co-lo's sharing the same network, but I've never seen co-lo's allowed on the same network as the production ISP boxes. Give ISP's some credit!
If you can sniff a connection, you can send TCP RST's to both ends.
-russ
Don't piss off The Angry Economist
I think that cringly(sp?) is a little off on his deduction. In Theory, the government could shutdown the internet but shutting down thier routing thus all traffic coming in or out stops at thier sealed box. But, I do not believe that is the purpose.
Right now the internet is out of control in the minds of the govt. It is the one thing that they haven't figured out how to tax. So, they put these boxes in the major areas, track you and figure out what you are buying, where you are coming from and then they can apply the appropiate tax to you. Govt gets its money and you get to be tracked and watched like a bad TV series. Nice eh?
I may be off but I may be right....and that's the scary thing.
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion.
I get so tired of people using the word "right" when they mean privelege.
The FBI doesn't have any "rights" whatsoever, constitutional or otherwise. They have priveleges, vast priveleges extended to them by congress and upheld by courts who are more concerned with expediency than they are the constitution, much less individual civil liberties.
These priveleges include wiretapping. However, if the various government agencies continue to abuse these priveleges, congress or the courts could pass a law, or make a ruling, to place additional limits on that privelege, or revoke it entirely.
Not that either institution is likely to display such courage, but they could if they so chose.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
Again, we have the privelege of being able to use encryption to prevent snooping.
We desperately need a constitutional amendment guaranteeing us a right to privacy, including encryption and control of our data.
Our forfathers took the right to privacy to be a given, and only really anticipated one possible abuse of it, which they explicitly disallowed in the constitution. Had they taken the subject up more generally this wouldn't be a problem, but alas, they considered privacy in large part to be a given and didn't explicitly write it into the constitution as a right. While they could extrapolate many threats to our democracy, they never dreamed of the kinds of intrusions into our private lives we now take for granted, and are no doubt spinning in their graves as I type this. As a result, a right we all perceive ourselves is woefully missing from our most fundamental law, with the kind of auful results we read about here on slashdot nearly every week.
Alas, I am about as optomistic about congress and the states enacting a constitutional amendment to protect our privacy as I am about NASA getting a reasonable level of funding. The chances in both cases are unfortunately nil.
The Future of Human Evolution: Autonomy
Taking a stand with the FBI is a risky position if you are a smaller ( 20,000 users) ISP. Earthlink has the legal and financal means to defend actions it believes are wrong.
A head systems admin at a major University once warned me about crossing the FBI. It's a very quick way of going out of business. He made it very clear that the FBI is aware of the economics of ISP's. If you're down for more then a few minutes you'll start to lose customers. ISPs that go against the feds find out pretty quickly that all they have to do is confiscate all your equiptment as evidence. Maybe after a year or so you'll get your stuff back.
I can picture the feds in front of the judge now: "Well your honor, we wanted to place a monitor on the network but they would not allow us to. The only recourse we have is to take the computers and examine the hard drives."
Bam, Feds come knocking on your door, they leave with a bunch of computers, next week all your customers are gone and you've got bills to pay.
The FBI for coming up with this thing or Sprint for even allowing them to connect it in the first place.
I just love how law enforcement feels how they can invade the privacy of everyone because there are only a few people who are causing the problems.
This is just plain lunacy, pure and simple.
Well, duh; most people look out for their own interests first. The trick is finding enough common ground to work with.
For instance, I don't think that software companies lobbied against Clipper, crypto export regs, etc because they care about my privacy. They did it because the government's policies interfered with their ability to make money. That doesn't change the fact that the lobbying work was beneficial.
There isn't all that much common ground here (Earthlink's objection is stated to be technical, not political), but it does have the beneficial effect of making things a bit more difficult for the government.
/.
/. If the government wants us to respect the law, it should set a better example.
That said, Carnivore is a horrible idea. If the telco can restrict snooping access to particular lines by selecting only the ones used by the persons under investigation, that's fine. Using an undocumented, un-accountable black box to snoop everything going through an ISP is not acceptable; it's tantamount to letting the cops snoop everything on an entire phone exchange because of a single suspect using it.
Amusing thought: How secure are the Carnivore boxen, and how much egg would the FBI have on its face if someone successfully hacked them? If the FBI isn't having nightmares over this possibility, they're not smart enough to be running something like Carnivore.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
Well first off, try pgp.com hmm :)
Or search google.com for pgp
then try ipsec (which is a bit more complicated) and a few others.
Everyone and their mother should own a copy of PGP, otherwise your just unAmerican (hehe)
That's true, but the internet has no impact on that freedom. Barring you access to internet has no more affect on your right to free speech than a publisher refusing to publish your book.
Not that I agree with the origional poster.
Finkployd
- Although it's possible that your packets may route through the US, they probably won't go near a US box (which is where it looks like carnivore should be posted). The only reason for foreign to foreign email to end up on a US box would be if the US box was a secondary MX for the destination. foreign to foreign packets should get filtered out for security+volume reasons long before they get to local-only servers.
- That having been said, if the email gets 'accidently' intercepted by the FBI, there may not be a whole lot you could do. Although it's the CIA that normally does spying on foreigners, my understanding is that the CIA is specifically prohibited from spying on Yanks, but there is no such restriction against the FBI snooping around foreigners.
IANAL (My sister's a lawyer, but she doesn't talk to me).It gets worst because (Imigration based) precedents seem to indicate that constitutional rights only apply to people legally in the states. (or something like that). This may mean that, as a foreigner, your rights may be less than US residents would expect.
Free Software: Like love, it grows best when given away.
Although the article does not state as much, it implies that Carnivore will be installed at Earthlink as soon as the bugs are worked out.
-p.
I don't like this state of affairs any more than anyone else. But I do feel the need to point out that there *is* a legitimate reason for the methodology the feds have chosen.
Can you say "Chain of Custody?"
Evidence in criminal investigations is precious stuff. Plenty of cases have been lost by prosecutors when defense attorneys pointed out that the evidence being used against their client *might* not be kosher. Documents could have been altered. Drugs switched. DNA evidence botched. Or any of a zillion other scenarios.
Because of this, law enforcement agencies try their best to enforce an airtight chain of custody on any evidence they acquire. You work in the lab and need to re-test those drugs? The property clerk has to sign off that he let the drugs out of his hands and into the hands of an authorized person. The lab tech has to sign their life away that they now possess the evidence and will handle it in accordance with the law. And there better not be even ten minutes when that evidence is out of the control of a sworn law enforcement officer! That's all it takes to get a case thrown out.
In the case of wiretaps, what's the FBI to do? If they know that evidence may come into existence in the future (which is why they set up the wiretap in the first place), they must make sure that they establish custody of the evidence as soon as possible and never let it out of their hands. Serving a court order on an ISP that says "Hey, would you guys please keep track of this person's email for us? We'll be back to pick it up later." just won't cut it. Any defense attorney worth his salt will point out that email (or whatever) logs *could* have been altered by the ISP employees. In such a scenario, then, the law enforcement officers in the case *cannot* certify that such alteration did not occur because they were not in custody of the evidence at all times.
Defendant goes free. Slam dunk for the defense.
So what's the FBI to do? If 'net taps are legal, how on earth can they be carried out without breaking the chain of custody of the evidence?
Any genius here wanna answer that one?
Personally, I think we need to just make sure that the data gathered is rendered meaningless through ubiquitous encryption. But till that happens and law enforcement agencies give up on the whole concept of 'net taps, I don't see what else they can do *but* try to install boxes that only they control.
So that means FBI agents can get Earthlink for their personal ISP at a reduced rate....hmmm
This is another view of the world.
In a shock development, noted Karma whore Signal "Siggy" 11 has become a troll! Perhaps demoralised by the constant pressure of the fatwa or "trollslap" launched by his enemies, he released a post full of trollworthy statements. In one post, he combined:
- The incorrect technical statement: Witness the "NSA key" in Windows 95/98/NT/W2K
- The moronic political view: Someday, someone is going to need to devise a technical solution to these political problems
- The ludicrous hyperbole: This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press.
- Another maddeningly silly technical statement: until we rearchitecture the network to utterly defeat measures like this (transparent crypto?)
Clearly, Siggy's move into trolling will put pressure on the established slashdot trolls to compete. In a CNN inteview, streetlawyer, speaking for the notorious inchfan troll collective said Rob Malda was unavailable for comment.-- the most controversial site on the Web
çéLxÕÑætPÑä-£í8JöJ)Ê$ikÙb*SQË ©J2ÆZôñ)ä®×ýÜÀéqÚ:å}DecTÊ@ryptKèÑ6M~f£ÿ ékmeOjDöif*Û0youÄÀúÛcan£ÿ7çd õÊÓÅ3¼Üóßê£>rè15ìðgVÂÌÕòÝÇF|ä¾õÖN_ë=õó|)kæøiY5ôãv) hÄ øÊ*e+Úõî
Crack that.
Political problems have political solutions.
Yes, and they also have technical problems. Problem: intellectual property rights are overtaking personal rights. Solution: distributed filesharing system, aka Napster/GNUella.
Nobody cares about what you say or do, because people have more important things to think about than whether you can download MP3s for free or not.
The fact that online websites like slashdot continue to grow in popularity would seem to dispute that claim.
It's because of the vast damage that hackers can do with their illegal backdoor penetrations of other people's sites.
I don't see any world markets collapsing, companies going out of business, or people dying as a result of hacker activity. Sure, they boast that they could do that, but if you believe everything you read you get what you deserve. In truth, hackers cause headaches for business and government. Nothing more. Y2K nuts predicted hackers would go and destroy the world. Hrrmm.. I'm still here. Then they predicted they would go breaking into the 911 and emergency system and shut it down. Gee, why would they do that? Unsuprisingly, they didn't.
In supporting evidence of hackers (not crackers) spirit of exploration instead of damage, you'll note most breakins occur to educational instutitions, not commercial. This may be because they are curious about the system(s) they use every day. Go read "Hackers, heroes of the computer revolution" by Steven Levy. Another resource is to consult Appendix B of the Hacker Dictionary - here
No, hackers aren't dangerous because of what they do, they are dangerous because of what they know. THIS is why these laws are being passed. Thus far, the only big numbers damages from "hackers" have been over-inflated prices of "stolen proprietary information" and macro viruses which, quite frankly, is not hacker activity.
For all of six weeks until the FBI cracks it.
What confidence you have in the FBI! They must be able to do what thousands of academic professors dedicated to cracking these codes could not!
Speaking of PGP, is there a PGP Disk-like package that'll work cross-platform? That is, if set up a file as a virtual encrypted filesystem on a shared partition, it'll let me access the files from either Windoze or Linux? Or if I put that file on a ZIP, I could then access the files on a Mac (reading DOS format) too?
Encrypted filesystems (real or virtual) are great stuff, but so is the ability to access the same encrypted filesystem from different OS's.
-- Alastair
There is a cross-platform standard for reading a disk on every OS; it's called "tar".
Microsoft has chosen to make it difficult for you to use this standard, but free tools exist to allow it. You could carry them on a 2nd disk.
Said files could be encrypted with PGP or any other tool; you'd probably want to carry that on a disk too, since privacy-enhancing tools aren't considered important by the OS manufacturers either.
There is no cross-platform encrypted filesystem that works on everything; your best bet would be to carry your files around in tar format, decrypt them on the local disk when you need them, and securely wipe them off the local disk when you're done with them.
BTW, the primary obstacles to such a filesystem are Microsoft and Apple.
--
The people up in washington, think that are the govenment and can doing anything they want to. Wrong, I am the govenment you are and every American citizen is the government. I dont know about everone else but a system like this just makes me sick. I am going to write a few people in washington when I get home. I suggest everyone else do the same. I think that is time we quit being bullied around and do something about it. It is funny how history repeats it self. You would think we would have learned by now.
What if authors said, NO I own the copyright to that book, you can't let people just borrow them for free. We would have no libaries and would no where close to where we are today.
The FBI is saying their intention is to watch crimals is BULLSHIT, the people that we allow to abuse their power are scared, becuase the internet is not something that they can have complete control over. A team will not work if one person tries to have complete control. We all must be willing to play on the same team, if this great country is to survive.
When this country was in it infanticy the main worry was a central government that was too strong and would not be a team player. Well people we are there. It is time we do something about. Use our power as the government and fix this problem. The government is not some big misterious being that we have have no control over. We are the government and it is time that we quit wineing about it and do something about it.
Where are we going and why are we in a handbasket?
That's true, but the internet has no impact on that freedom. Barring you access to internet has no more affect on your right to free speech than a publisher refusing to publish your book.
:-)
That depends upon who's doing the barring.
I assure you, if the government ordered ALL publishers to refuse to publish your book, that would be viewed as an unConstitutional violation of your freedom of speech and of the press.
If each and every single publisher decided seperately to refuse you, that's not a violation of your freedom, it's an indictment of your writing ability.
--
I've been following the whole carnivore thing since just before the story appeared on /. since I saw it on some other news service a few hours earlier. The one thing that keeps bothering me that no one seems to have mentioned is that the FBI is going about this the wrong way.
Afterall when they get a warrant to tap someone's phone they don't go to the Central Office and tap every line hoping they can pick up some of the person's conversations by listening for keywords. Instead they tap the line that feeds that person's home/business line(s). I don't see any reason why they can't do internet wiretaps in the same way. I can't be any more work to "decode" a modem signal or other data transmission than it is to search literally gigs of information per second. In fact in the long term it's probably easier and would take less computing power. So why can't they just tap the lines of the person they want to listen to.
Just like with a tradional wiretap if the suspect being watched uses a phone at some strangers house chances are the feds won't be able to listen in. But so what that's a limitiation they've had to live with for years in order to protect our privacy since we do still live in a country which believes in the presumption of innocence.
The only explanation I can come up with is that this is a thinly veiled attempt by the FBI to try and take away more of our constutional rights without going through the proper channels. It's happened before so I see no reason it can't be happening now.
While I'm no fan of Reno I seriously hope she managed to prove she deserves her job by putting a stop to this nonsense now and pointing out that there's no reason tradional wiretapping measures can't be used for this purpose.
--- Juggle juggle@hitesman.com
There was only enough email to keep an FBI staff of 3 busy reading through messages. We just put the FBI on our cc: and it worked on the honor's system. Sometimes the FBI would reply back if they liked what they read.
Nowadays, all you young hoodlums can't do anything honest, and we need all kinds of expensive fancy equipement to keep tabs on who's doing whats.
BAGH!
-vax computer, vi, lynx. 'nuf said
I think you've read into the hype a bit too much. While the internet IS a massive network of different networks it can easily be shut down. Information on the net has to travel over a set of physical lines, control these lines and you can control information flowing on the internet. Sure you can use phone lines and short landline connections to network computers but theres no way it could handle the traffic the internet handles now. Outside the US data services are at a premium. Europe and Asia didn't have the National Science Foundation funding the development of internet communications. If someone wanted to shut down the internet proper they'd have to take out key nodes in the "web" and everyone would be reduced to long distance dialup connections if they had anything at all.
I'm a loner Dottie, a Rebel.
Are you somehow slow enough not to think logically yet smart enough to read? A box of this sort isn't some overpowered PC running on an Intel chip with Windows or Linux. This is a highly specialized piece of hardware. It's an uber-router that reads the content of mail packets rather than headers.
I'm a loner Dottie, a Rebel.
The FBI's stated mission is to protect U.S. citizens from foreign and domestic enemies by investigating violations of federal law. That is really and truly what they try do to, and for the most part people join the FBI to protect and to serve. And if you are trying to defend the U.S. against its enemies, you you need to be able to find them. And to be able to find them, you need to update your surveillance techniques. And if the criminal activity is happening or being coordinated on-line, then the investigation and surveillance has to happen there.
So the FBI starts advocating things like Clipper chips and Carnivore and starts lobbying for laws that require digital telephone switches have an evesdropping port built right in, and things like that. Can these tools be used to spy on criminals? Darn tootin'. They are fantastic for that. The problem is, though, that these tools can be misused as well.
As a civil libertarian, I believe that the U.S. Constitution serves primarily to limit governmental power. It does this because its framers recognized that government power is abusable in such a way that its abuse is not just possible, but inevitable. So we do indeed need to be wary when the FBI wants to put a full-blown sniffer in front of every ISP's switch. We all take it as a given that this powerful spying tool would eventually be turned against peacable citizens.
But what is the FBI's current intention for Carnivore? I suspect that in addition to its stated (albeit redundant) purpose as an Internet wiretapping tool, it is designed as a weapon against cyberterrorism; specifically, it is used to identify and terminate distributed denial-of-service attacks.
We all saw what happened a few months ago when the DDoS attacks happened against CNN and other high-profile sites. We all saw the havoc it wreaked and how hard it was to track down the perpetrators. But with Carnivore installed in front of the switch, the FBI could watch an attack develop real-time and terminate it immediately: First, they get sample packets from CNN. Then they broadcast a message to all Carnivore boxes to copy and block any packet going to CNN that matches the attack profile. Once the attack is contained, they swoop in with search warrants and arrest everybody who sent an attack packet.
So that's what they are trying to do. Cringely was only partially correct: the FBI's goal is not to shut down the Internet; it is to defend the entire Internet at one time.
Unfortunately, though, we can't let them do this, because as soon as the tool is in place, the RIAA will start pressuring the government to start actively patroling for MP3s, and the whole Carnivore matrix will become the web in which our freedom was finally ensnared.
On the other hand, I would like to see a Carnivore-type system put in place by an industry consortium. It still strikes me as the best way to defend against DDoS.
--
This is not my sandwich.
How about making the FBI do a little legwork and tap at the customer's end, not the entire ISP network. Sniff that broadband connection or listen to the phone lines (contrary to popular belief, modems *ARE* tappable - there are special-purpose boxes to listen to and reconstruct bidirectional traffic from a traditional analog phone tap). Don't tap the entire ISP with a black box. There are other ways to gather wiretap intel; what makes me suspicious is that the FBI chose the "tap everyone and sort later" model, to say nothing of the suspicious nature of a "black box" with full access to an ISP's network traffic.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
That would effectively throw North America back into the information Stone Age, and the mantle of technical leadership would be picked up by more advanced countries like Botswana, Kyrgizstan, and Paraguay.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
You know the only sensitive thing about what's in that "box" the FBI wants to install at the ISPs?
.. but the list of suspects, the sites the FBI wants monitored, would be right there in the clear, available for any ISP employee (and any hacker) to copy and distribute.
The list of criminals, of course! There's probably no due process (e.g., there might be suspects there). They're trying to protect the list! Sure, the ISPs could run some sniffer code simply enough
Which I'm sure all would agree is not a Good Thing.
As for the boxes having the potential of being switches, of shutting down the Internet, what a load of hooey! All the ISP has to do is unplug the damned thing.
I'd be concerned about privacy issues, yes, like who authorizes the names on the lists. Are the judges with the court orders in fact informed? Can anyone check on them? If the FBI has a pet judge, can ANYONE's name get on that list?
That's what the issue is. Ignore that Cringely idiot. He may have good points at time, but he can be dumb as a brick too.
And I won't even touch how completely ridiculous the idea is in the first place ... well okay I will. Why in the WORLD would the FBI try to shut down internet connectivity for the US? And why would they need these boxes to do it? If they don't have the legal right to do so, ISPs and their well-payed laywers wouldn't let it happen (guess what, ISP technicians can unhook the Carnivore box and go about their business). If somehow the FBI did initiate some digital martial law where they had the right to do this, why would they need the boxes? They could just walk into the ISP with their nice shiny guns and start unplugging ATM cables.
These Weekly World News /. news bits are great fun, but please don't take them seriously.
You know what to do with the HELLO.
You know what to do with the HELLO. ...
Help create an open-source world
The War Powers Act is already in effect: the US has been in a State of Emergency for most of a century.
I'm not totally clear on the details, because this is one of the favorite topics of the conspiracy nutjobs, along with the FEMA Secret Government, black helicopters, UN-run concentration camps, Y2K and the New World Order, and these people tend to GET VERY WORKED UP about it and USE LOTS OF SCARE-CAPITALS!! So it's hard to dig the actual facts out of the noise.
If I remember correctly, the way it works is, Lincoln created the War Powers Act (or maybe the Trading With The Enemy Act?) to declare martial law and wage war against the South. At the end of the civil war, it was terminated, but FDR invoked it again during the depression, in order to, I think, nationalize the banking system? Something like that, I think it had something to do with seizing control of privately owned banks and creating the Federal Reserve. So then it turns out that the act was never officially suspended, which means that every action of the President since 1933 is technically approved, by default, without any checks and balances from the other two branches, and the Constitution is, technically, suspended.
Of course, this situation has only rarely been taken advantage of -- as far as one can usually tell, the Constitution is still obeyed. It has been taken advantage of a few times, though, I think by Nixon and Clinton when running some private war or another, but I don't remember the details there. (Only Congress has the power to declare war, but presidents have a habit of going to war without asking We The People first.) I'm not sure where the Japanese-American internment camps fit in to the picture, but they might also have been possible because of this same act.
This one is somewhat less shrill that most, but it's very long and hard to follow: http://www.afcomm.com/afc/report.html
The Constitution of the United States isn't perfect, but it's a lot better than what we have today.
----------------------------
Oh by the way: http://www.freedomforum.org/newsstand/reports/sofa /foreword.asp
I hate it here.
Some ISPs might put all their mail servers on one big fast Ethernet so everything routes there, which makes it easier to do centralized management and some security, but traffic that isn't going to those mail servers doesn't go to that segment. This means that if you dial in to ISP A, and use your web client to access a web server at ISP B, or your POP client to access a mail server at ISP C, or your email sender to send mail to an SMTP server at ISP D, you're probably not going through ISP A's POP server Ethernet, you're just going through the LAN connections that get you to the routers going to those other ISPs. If it's all in one building, the carnivores might hang a bunch of promiscuous taps on every segment there and go into some big hacked multiprocessor router-thing, but anything less won't cut it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
That's BS and you know it. Both MS and Apple's OSes have publicly documented interfaces for custom filesystem modules.
What does that have to do with the fact that they don't *INCLUDE* any such filesystems with their OSes?
Or the fact that their documented interfaces are wildly different than those used by the majority of other OSes, making it a real PITA to code for them?
It's not BS, and I know it.
Fact: Microsoft could choose to work with the Unix world to support a standard.
Fact: They choose not to.
Fact: They change their own interfaces so often that not even the Microsoft-world encrypted filesystems (such as SFS) can keep up.
If you really want encrypted access to your files from Microsoft, Apple, and Unix, you basically have one choice:
NFS over secure tunnels. SSH is probably good enough, IPSEC is better. There are other options, but they're even more expensive.
I didn't make it that way, it just is.
If it wasn't, there'd BE a cheap cross-platform standard, because so many people want one. Microsoft would NEVER package such a standard, however, because it goes against their strategy of trying to get people to switch their whole networks to NT.
If you could access your encrypted Unix filesystems from NT clients with out-of-the-box, supported-by-Microsoft tools, you'd have less impetus to switch those servers to NT, and Microsoft would never allow that.
That's why they don't support standards worth a flip, it's why they try to break Samba every couple of service packs, and it's even why their telnet client sucks big green donkey dicks.
--
---
Or the fact that their documented interfaces are wildly different than those used by the majority of other OSes, making it a real PITA to code for them?
---
I've got news for you - in terms of marketshare, they are the majority of OSes.
By your logic. Unix/Linux should conform to the market leader. Didn't think so.
Don't blame the platform leaders if someone else doesn't develop a new file system. I don't know so much about Microsoft, but Apple hasn't significantly changed the manner in which you can access the filesystem. There have been a few file-system wide encryption tools out there already.
Hell, recent versions of MacOS include basic encryption features already - built into the OS.
- Jeff A. Campbell
- VelociNews (http://www.velocinews.com)
- Jeff
the article as I downloaded it, which struck me as a strange ending
for the artice... http error I guess.
Do we know the design of these boxes? For surveillance it is enough
to send the packets to the box, which does nothing to affect the
performance of the routers.
The article suggested to me that there were technical issues (as opposed to legal or political ones) that influenced Earthlink to deny Carnivore. Perhaps it is the case that if the technical issues are resolved, they might allow Carnivore in.
Unlike many thousands of smaller ISPs, Earthlink is a 5-9's kind of operation. They have architectured their network to ensure a minimum of downtime. I've been a subscriber for a few months and have experienced no outages (aside from the IRC server being attacked, but that's not really in the 5-9's realm). Building a network like that is no easy task. You have to make it so that NO single failure can bring it down. No... you have to make it so that you can have one each of everything fail and it still be fully functional.
I've designed a couple of smaller networks like this, and there are a lot of technical issues involved. If Carnivore were to be in them to be able to monitor the network, and assuming it was just operating in sniff mode (which is all it should need to do) it would still have to have multiple connections at multiple switches, and almost certainly multiple boxes all over the place. Deploying something like Carnivore while also NOT disrupting the network would be a major project.
There is also the issue of how to get a sniffing tap into the network in the first place. In a small network I recently designed, it would have to tap into 4 different switches to be able to capture everything. My design at least did have switches, most of which can set up port 0 as promiscuous (though if it has a bandwidth lower than the whole switch, you lose packets). Earthlink is way larger than what I built, and has so many points of presence and so many points of exit, that I would imagine that Carnivore would have to be deployed in perhaps as many as 100 instances, each of which having perhaps approaching 100 fiber connections. That kind of scale may well not even be practical (aside from the fact that the ISP is probably already using the promiscuous port for other purposes).
There are other approaches that reduce the scale, such as policy routing port 25 through different paths. But even then you have to have first a point where port 25 is diverted from, and then a point where port 25 can be re-injected without being re-diverted again, and that forces an architecture with more hops than most ISPs have (an architecture that also doesn't scale to 5-9's very well, either).
I suspect Carnivore has technical limitations when you consider the scale of some of the networks like Earthlink/Mindspring/Netcom and others like AOL. Then what about all of those smaller ISPs. If the big ISPs let Carnivore in, many people will shift to the smaller ISPs (not necessarily because they have something to hide, either) so it would end up having to be deployed nearly everywhere (though maybe it can be done at the upstream backbone).
I just don't see it being that simple to do. Anyone else have any more technical details on this black box?
now we need to go OSS in diesel cars
Tar doesn't fit the bill. And actually, 'ar' is better suited because the index gives you faster access to files buried at the back of the archive. (And I once implemented a system like this to get around a 40-file quota (but no limit on file size!) on a Cyber mainframe I once had an account on.)
But creating cleartext copies on the disk is a huge flaw, one might as well just not bother encrypting in the first place.
Consider: PGP Disk lets me create, say, a 100 MB file on a FAT filesystem which it'll then mount as a virtual disk. I can see the file if I mount the partition under Linux, what's needed is something that'll understand the loopback filesystem embedded in it so I can mount it. (For that matter, PGP Disk makes a Mac version too, supposedly -- can the Mac version read the Windows version? Everything below the hooks into the OS to make the contents of the file look like a filesystem could/should be common to all platforms, that's just whatever format the author chooses. But is such a cross-platform package available? (For that matter, is there open source available for mounting a file as a filesystem on Windows and Mac, encrypted or not? From there it's a simple step to encrypt the thing.)
(Of course, the truly paranoid will re-wire their drive controllers and make personal patches to the OS as well as using strong encryption, for the same reason that crypt(3) perturbs the DES algorithm: it makes it tougher for the folks that might have hardware solutions.)
-- Alastair
The FBI blurb did not describe the technical issues that are the reason why Earthlink did not allow Carnivore. If it is truly a plain sniffer, how could there be technical issues? The answer is there are such issues, such as determining where to sniff. Maybe the FBI wants the ISP to re-arrange the network so all traffic goes through a single switch where they connect to?
now we need to go OSS in diesel cars
Not if you set up a route-map that black holes all packets coming from the sniffing interface.
now we need to go OSS in diesel cars
You mean like Earthlink would have to unplug their own sniffers from the promiscuous ports of the switches to be able to plug in Carnivore?
now we need to go OSS in diesel cars
It is supposedly a sniffing box, rather than a box the traffic flows through. However even a sniffing box could deter traffic (I've seen at least one "firewall" that did sniff only and sent RST on suspect connections), although you can get around that, too.
now we need to go OSS in diesel cars
After such a court order is issued, then they (hopefully) will end up fighting it, and maybe in about a week it will be reversed for causing harm to the functionality of the business ... if these technical issues truly are what is involved.
now we need to go OSS in diesel cars
Hey, I'm just as paranoid as any of you, but Cringeley thinking the FBI wants the ability to shut down the internet is delusional. Even if it did (and the first big hurdle is why?), the second a carnivore box started inhibiting packet flow thru the ISP, the techs would think that it's malfunctioned and sever it from the network (maybe with extreme prejudice). Since the Carnivore boxes are only going to be installed under court-ordered surveillance, how would the FBI even be able to get one into every ISP? Are they going to claim that there's a suspect connected to every ISP in the country? Cringeley's argument is just hogwash.
Carnivore is a sealed box that is installed at the network operations center of an Internet Service Provider.
I look forward to the first SlashDot article on "How I hacked Carnivore: Making one Federally-Funded, Kick-Ass Tivo Box!"
Don't blame the platform leaders if someone else doesn't develop a new file system.
Huh? Everybody else *HAS* developed new filesystems, and worked damn hard to make it easy for them to interoperate.
Microsoft and Apple are the johnny-come-latelys here, not Unix. I'm blaming them for what they've failed to do, not any perceived failures of others, as you are mischaracterizing.
Hell, recent versions of MacOS include basic encryption features already - built into the OS.
Yep, and so does Windows 2000. Both of them incompatible with each other, and with the previously-existing standards.
Microsoft doesn't follow *ANY* standard fully. They don't even follow RFC 1521 properly in Outlook Express, their most popular email product.
They sure as hell don't do NFS without pulling teeth, and their "enhancements" make it just short of impossible for anybody else to make a properly-encrypted filesystem. Oh, you can make one that will protect the files from being read if the hard drive is removed, but you can't protect files from other users on the same server at all.
Only Microsoft (or somebody they've licensed the source to) can write that, and they won't follow any standards when they do; just roll their own, so it'll be incompatible with everything else, so they can embrace, extend, and extinguish. Business as usual.
They've been convicted of it again for the second time in 6 years. How many more will it take before you see it?
--
This is somewhat off-topic, but I think it does pertain.
For the past year, I've been getting spammed by folks using open relays at Earthlink (most of the offenders are on UU.NET). Now, I've tried to bring this to the attention of abuse@earthlink.net, and I've even gone so far at to call them and try to get them to close their relays. The spams continue. (BTW: Earthlink has a phone line just for spam complaints: 1-888-356-7726, or 1-800-ELN-SPAM. Called it too. No results.) Since we all know open relays are considered harmful, why hasn't Earthlink closed them?
I submit that it is because Earthlink doesn't give a rat's pink furry asshole about their customers, the Internet, your rights, or anything but making money: closing the relays would cost them money, so they don't.
From what I read of the story, Earthlink didn't say "Bugger off, we won't let you eavesdrop on our customers!", they said "Your hardware is crashing our system (costing us money), let US do the monitoring for you."
Hardly being "Champions Of Freedom" if you ask me.
BTW: If anyone else is getting spam from Earthlink's open relays: save it, send it to abuse@earthlink.net, and think about contacting the MAPS RBL: I am working on getting together enough evidence to satisfy the RBL's requirements to get Earthlink blackholed.
www.eFax.com are spammers
By your logic. Unix/Linux should conform to the market leader. Didn't think so.
SAMBA. But, MS doesn't want that, so It keeps shifting the spec around in circles.
BS :), or your just luckly. try putting some hurt on one of em.
I later discovered why it was a very good thing that I didn't pursue the position; it would be reasonably likely that there would be, at some point, a six month assignment to the listening post at CFS Alert, the "most northern permanently inhabited settlement in the world." As of 26 November 1992, the Special Service Medal is awarded to personnel who have completed 180 days of honourable service at the station.
Alert is so far north that it cannot communicate with geosynchronous satellites. Way, way, way, way, north...
If you're not part of the solution, you're part of the precipitate.