Slashdot Mirror
Earthlink Refuses To Install Carnivore
A reader wrote in with story on C|Net that Earthlink has said that it will *not* install Carnivore, the FBI mail snoop program. Earthlink has said that it will cause disruptions to their customers, and thus refuses to install it. I'd say that's valid. Cringley has a story where he suggests that Carnivore is really about giving the government the power to shut down the Internet.
U.S. Attorney General Janet Reno said she will review the FBI's Carnivore system for intercepting email from criminal suspects to address privacy concerns.
Boy! I hope she gets Al Gore to help her out... She'll probably need it and since he invented the internet, I'm sure he can help her understand how it works.
---
I believe the article says that they did install it but due to incompatibility issues with the operating system it was removed. Since it basically broke their service it was removed. They didn't say that they wouldn't install one. Although I could be wrong. Been there before.
The article says they are not putting it on because it is incompatible with there system, would cause disruptions, and needs some technological modifications. They are CONCERNED about privacy issues, but didn't say no based on that. Unless this is just a delay tactic to try to build a case against Carnivore, it'll probably just go away once the FBI patches the system
At a typical big-name colocation center, you get one or two 100 Mbps ethernet drops, or a gigabit ethernet drop, and maybe a few WAN drops into your cage. The ethernet drops go to some big honkin switch somewhere which you share with zero or more other customers, depending on the size of your installation. In at least the colocation centers I have dealt with (Exodus, Level 3, and Concentric), using promiscuous mode on any interface connected to a shared switched segment gets you shut down fast. So I wonder what Cringley is talking about when he says that every box in the colo center could be a sniffer.
Remember, the RIAA and MPAA are both carrying out their little crusades in the name of 'business' reasons.
"See, we plan ahead! That way, we never have to do anything now."
I think it's great that the FBI is using Carnivore, though. I mean, what better way to promote the usage of newer, secure protocols such as IPsec, Secure Shell, SCP, and privacy suites such as Pretty Good Privacy? And what better way, I ask you, to promote the retirement of older, flaky, insecure protocols like telnet and FTP?
Well, something will eventually make people switch. Might as well be the Feds.
Still, I think Earthlink is justified in denying the FBI the ability to shut off their service at random. That's just too much power, plain and simple. I hope they take this to court and win.
Free music from Jack Merlot.
Wow.
I must say, I'm impressed.
Most corporations don't often show much in the way of morality or ethics, and you can't really expect them too. Any publicly held company has to report to their shareholders, and if they start taking moral stands at the risk of stock value, they can get hit with due dilligence lawsuits from their shareholders. Most companies that espouse morals and principles do it as part of a corporate image, which in turn drives profits. (i.e. Microsoft exists to innovate and make computers better, Apple is brought to you by Einstein, because they think different)
So it's very rare the companies have the metaphorical balls to do shit like this. I don't know much about Earthlink, but they have my respect now.
I hope they don't get raped by the gov for this.
The issue is the lack of independent inspection of what is in this Carnivore box. The ISP only has the FBI's word that it is not doing any improper snooping. Who knows what else it might be scanning for.
Reno has promised to check things out, but even granting her good intentions she is at the mercy of reports prepared by her underlings.
If such boxes are to be built and installed then the software they run should be open to inspection and the precise description of the files to be snooped should be part of the warrant. (I take it these things do need a warrant....)
Paul.
You are lost in a twisty maze of little standards, all different.
Why would they want to do that? There's no real reason that I can think of, unless they want to destroy the U.S. economy in one fell stroke.
Instead, I suggest that they're using Carnivore as the thin edge of a very big wedge. Sure, they could sniff email traffic without a big black box. But by using a box, they get access to ISP premises every time they get a wiretap order.
With big ISPs, they'll probably be installing those things several times a year. Eventually they'll be able to say "hey, why don't you just let us leave this thing plugged in?".
Then, rather than having to go and plug in their big black box every time they get a wiretap order, they'll have the boxes all plugged in all the time.
And that's when we'll find out that those boxes can do stateful packet inspection if asked. Next thing you know, they'll be able to physically prevent you from seeing "unauthorized" data on offshore servers. Kiss that data-haven goodbye.
. . . but then again, I'm feeling paranoid today.
I have no
I do love how we all feel that the Internet is a god-given right.
On a day to day basis, I think most of us forget that the internet evolved out of a government program and not through open-source advocacy.
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion. No, they can not block you from sending or receiving, but they can look if they have substantial evidence. And yes, there are laws to make sure that they aren't looking unless they have substantial reason to be looking.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
so instead of whining about your god given right to snoop-free internet access, actively protect yourself by encrypting your emails if your privacy is so important to you.
To all of those who are posting the 'one more reason to use encryption' posts, do you honestly think that big brother won't just set up they're box to save and store all encrypted communication? or add the sender and reciever to a special 'potential trouble' list. And yes, they can tell if it's encrypted, because encryption, or at least good encryption, does obey a certain statistical pattern (i.e. plaintext will be have a high percentage of recurring character, while ciphertext should be totally random). Granted, compression does something simialer, but still -- I'm on enough lists as it is!
I found this quote on cnet's article about the aclu's objection especially telling "Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company's customers, with the 'assurance' that the FBI will record only conversations of the specified target," read the letter. "This 'trust us, we are the government' approach is the antithesis of the procedures required under our wiretapping laws."
As a canadian customer of @Home (don't knock it, it's the only game in town), I wonder if my own email is flowing through some american justice/intelligence agency's hands on a daily basis? It wouldn't surprise me in the least to learn that I'm sharing the same infrastructure as the american customers of @Home - and in that case it would seem obvious that @Home wouldn't bother separating our traffic out. Most of the time we canadians can sit up here and shake our heads at the U.S. government's thick-headedness with regards to the internet, safe in the assumption that for the most part they can't touch us. In this case however, it looks like they just might have their grubby hands sifting through our lives too. This is not to imply that the canadian government's intrusion would be any more preferable (in fact, probably quite the opposite - CSIS is not well-known for respecting privacy or having proper oversight), but at least in theory they are accountable to me in some way. The FBI and CIA are not.
"So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
Cringeley is right to be concerned about the CPOF implications of having FBI-controlled boxen sitting at the edges of American ISPs, though. Think about this in the context of the Internet Gambling Ban headed down the pike. Or the Drug information censorship act (aka, "Methamphetamine Anti-Proliferation Act", now buried in a bankruptcy-reform bill in conference). Sure the courts will probably strike down the prior-restraint provisions of the latter, but imagine a bill that doesn't address the publishing, but merely gives the FBI authority to "kill-file" a certain class of sites at the ISP level, without actually restricting the right to publish per se.
Having consulted on a computer crime case for the FDLE, I've seen the "us-against-them" mentality inside the investigative law enforcement community first hand. "Them" doesn't mean just "criminals" either - from the LE perspective, there are only 3 types of people in the world: cops, convicts, and suspects. That the FBI (with their sterling history since the days of J. Edgar) would be on the leading-edge of such surveillance/enforcement techniques is wholly unsurprising to me.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
until our secret administrative courts run a few of your employees through the ringer.
Ringer? You don't mean wringer, do you?
BTW that's a good use for collecting all the info on everybody you can -- when the need arises you can always lean on them (aka blackmail).
until we rearchitecture the network to utterly defeat measures like this (transparent crypto?)
You cannot. A TCP/IP network is a "dumb" network and does nothing for security. Besides, you can always sniff at the router, provided you have access.
Crypto solves this problem, but it has nothing to do with network architecture.
Someday, someone is going to need to devise a technical solution to these political problems.
Sorry. Technical solutions to political problems are very, very rare. After all, that's why they are political problems and not technical. Technology may open new ways to solve social and political problems, but it does not solve them by itself.
empower the average citizen to take back their democracy and demand their rights.
Meaningless blabber. What does "take back democracy" mean? Demand which rights? The right to sue anytime something bad happens to you? One of the problems with the Western public is that is is very happy to surrender rights for entitlements.
give your customers end-to-end encryption.
An ISP cannot "give" encryption to customers. Crypto lives at the ends of the link and the ISP only has control over the link itself. You can advise people to use crypto, but you cannot force them to use it (hint: most people consider crypto to be too much of a hassle).
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion.
I get so tired of people using the word "right" when they mean privelege.
The FBI doesn't have any "rights" whatsoever, constitutional or otherwise. They have priveleges, vast priveleges extended to them by congress and upheld by courts who are more concerned with expediency than they are the constitution, much less individual civil liberties.
These priveleges include wiretapping. However, if the various government agencies continue to abuse these priveleges, congress or the courts could pass a law, or make a ruling, to place additional limits on that privelege, or revoke it entirely.
Not that either institution is likely to display such courage, but they could if they so chose.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
Again, we have the privelege of being able to use encryption to prevent snooping.
We desperately need a constitutional amendment guaranteeing us a right to privacy, including encryption and control of our data.
Our forfathers took the right to privacy to be a given, and only really anticipated one possible abuse of it, which they explicitly disallowed in the constitution. Had they taken the subject up more generally this wouldn't be a problem, but alas, they considered privacy in large part to be a given and didn't explicitly write it into the constitution as a right. While they could extrapolate many threats to our democracy, they never dreamed of the kinds of intrusions into our private lives we now take for granted, and are no doubt spinning in their graves as I type this. As a result, a right we all perceive ourselves is woefully missing from our most fundamental law, with the kind of auful results we read about here on slashdot nearly every week.
Alas, I am about as optomistic about congress and the states enacting a constitutional amendment to protect our privacy as I am about NASA getting a reasonable level of funding. The chances in both cases are unfortunately nil.
The Future of Human Evolution: Autonomy
Taking a stand with the FBI is a risky position if you are a smaller ( 20,000 users) ISP. Earthlink has the legal and financal means to defend actions it believes are wrong.
A head systems admin at a major University once warned me about crossing the FBI. It's a very quick way of going out of business. He made it very clear that the FBI is aware of the economics of ISP's. If you're down for more then a few minutes you'll start to lose customers. ISPs that go against the feds find out pretty quickly that all they have to do is confiscate all your equiptment as evidence. Maybe after a year or so you'll get your stuff back.
I can picture the feds in front of the judge now: "Well your honor, we wanted to place a monitor on the network but they would not allow us to. The only recourse we have is to take the computers and examine the hard drives."
Bam, Feds come knocking on your door, they leave with a bunch of computers, next week all your customers are gone and you've got bills to pay.
Filtering E-mail requires access to the application layer...
Bzzzzt. Incorrect. Thanks for playing.
All email is transmitted from place to place using the well-known SMTP port (port 25). All a router has to do is forward any packets with that destination port (incoming OR outgoing) in their header to the original destination and the FBI's destination, where the individual packets can be put back together into the complete email using all the other fun stuff in the various packet headers. It's like making a copy of every email that gets sent to or from that network. Of course, there really wouldn't be any way for a simple router to know WHO those emails are for; they're not capable of, say, doing a "grep" operation on the actual contents of the data of the packets to find the "To: " field of the email. This of course would mean that every email that goes through that network would end up in the FBI's evil little hands. EVERY EMAIL. Similarly, if they were to forward ports 20 and 21, every FTP packet could be forwarded to the FBI as well as its actual destination. For port 23, every byte of every telnet session. For port 80, every bit of a webpage. You get the idea. And what else is in every TCP/IP packet? Yep; the destination IP address. So the FBI could also know precisely what machine was on the receiving end of every packet, too... isn't that great?
Now, there's no guarantee that these Carnivore boxes wouldn't do the same thing, of course, but if they only forward emails from/to a particular address (because they DO have access to the Application layer), that would be much better than having to set a router to forward ALL emails to the FBI's minions. Not that I'm saying Carnivore isn't evil... it quite clearly is. "I'm from the government; I'm here to help" isn't one of the All-Time Greatest Lies for nothing, you know.
Unfortunately, I suppose there are people in this world that are ignorant enough to write stuff like that, let alone buy it.
...and other people who, having only part of the knowledge required to accurately pass judgement on someone, are ignorant enough to dispute it. Know your facts before speaking...
"The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."
That said, Carnivore is a horrible idea. If the telco can restrict snooping access to particular lines by selecting only the ones used by the persons under investigation, that's fine. Using an undocumented, un-accountable black box to snoop everything going through an ISP is not acceptable; it's tantamount to letting the cops snoop everything on an entire phone exchange because of a single suspect using it.
Amusing thought: How secure are the Carnivore boxen, and how much egg would the FBI have on its face if someone successfully hacked them? If the FBI isn't having nightmares over this possibility, they're not smart enough to be running something like Carnivore.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
Although the article does not state as much, it implies that Carnivore will be installed at Earthlink as soon as the bugs are worked out.
-p.
In a shock development, noted Karma whore Signal "Siggy" 11 has become a troll! Perhaps demoralised by the constant pressure of the fatwa or "trollslap" launched by his enemies, he released a post full of trollworthy statements. In one post, he combined:
- The incorrect technical statement: Witness the "NSA key" in Windows 95/98/NT/W2K
- The moronic political view: Someday, someone is going to need to devise a technical solution to these political problems
- The ludicrous hyperbole: This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press.
- Another maddeningly silly technical statement: until we rearchitecture the network to utterly defeat measures like this (transparent crypto?)
Clearly, Siggy's move into trolling will put pressure on the established slashdot trolls to compete. In a CNN inteview, streetlawyer, speaking for the notorious inchfan troll collective said Rob Malda was unavailable for comment.-- the most controversial site on the Web
The FBI's stated mission is to protect U.S. citizens from foreign and domestic enemies by investigating violations of federal law. That is really and truly what they try do to, and for the most part people join the FBI to protect and to serve. And if you are trying to defend the U.S. against its enemies, you you need to be able to find them. And to be able to find them, you need to update your surveillance techniques. And if the criminal activity is happening or being coordinated on-line, then the investigation and surveillance has to happen there.
So the FBI starts advocating things like Clipper chips and Carnivore and starts lobbying for laws that require digital telephone switches have an evesdropping port built right in, and things like that. Can these tools be used to spy on criminals? Darn tootin'. They are fantastic for that. The problem is, though, that these tools can be misused as well.
As a civil libertarian, I believe that the U.S. Constitution serves primarily to limit governmental power. It does this because its framers recognized that government power is abusable in such a way that its abuse is not just possible, but inevitable. So we do indeed need to be wary when the FBI wants to put a full-blown sniffer in front of every ISP's switch. We all take it as a given that this powerful spying tool would eventually be turned against peacable citizens.
But what is the FBI's current intention for Carnivore? I suspect that in addition to its stated (albeit redundant) purpose as an Internet wiretapping tool, it is designed as a weapon against cyberterrorism; specifically, it is used to identify and terminate distributed denial-of-service attacks.
We all saw what happened a few months ago when the DDoS attacks happened against CNN and other high-profile sites. We all saw the havoc it wreaked and how hard it was to track down the perpetrators. But with Carnivore installed in front of the switch, the FBI could watch an attack develop real-time and terminate it immediately: First, they get sample packets from CNN. Then they broadcast a message to all Carnivore boxes to copy and block any packet going to CNN that matches the attack profile. Once the attack is contained, they swoop in with search warrants and arrest everybody who sent an attack packet.
So that's what they are trying to do. Cringely was only partially correct: the FBI's goal is not to shut down the Internet; it is to defend the entire Internet at one time.
Unfortunately, though, we can't let them do this, because as soon as the tool is in place, the RIAA will start pressuring the government to start actively patroling for MP3s, and the whole Carnivore matrix will become the web in which our freedom was finally ensnared.
On the other hand, I would like to see a Carnivore-type system put in place by an industry consortium. It still strikes me as the best way to defend against DDoS.
--
This is not my sandwich.
And I won't even touch how completely ridiculous the idea is in the first place ... well okay I will. Why in the WORLD would the FBI try to shut down internet connectivity for the US? And why would they need these boxes to do it? If they don't have the legal right to do so, ISPs and their well-payed laywers wouldn't let it happen (guess what, ISP technicians can unhook the Carnivore box and go about their business). If somehow the FBI did initiate some digital martial law where they had the right to do this, why would they need the boxes? They could just walk into the ISP with their nice shiny guns and start unplugging ATM cables.
These Weekly World News /. news bits are great fun, but please don't take them seriously.
You know what to do with the HELLO.
You know what to do with the HELLO. ...
Help create an open-source world