Slashdot Mirror
ACLU Files For Carnivore Info
Robert J. Berger writes: "A press release from the ACLU says they are using the Freedom of Information Act to seek all of the
codes, records, letters and memorandums related to the FBI programs dubbed 'Carnivore', 'Omnivore' and 'Etherpeek.' "The FBI is saying 'trust us, we're not violating anybody's privacy,"' said Barry Steinhardt, associate director of the ACLU. "With all due respect, we'd like to determine that for ourselves.""
Everyone should join the ACLU to help them support more activities like this...
EarthLink will do FBI's surveillances itself.
-- http://thegirlorthecar.com funny dating game for guys
Isn't this comment a tad contradictory, surely they are invading the privacy of the users of the ISP being scanned as all data is scanned and analysed? They should release the code just for the sake of ensure it is doing *exactly* for the right purposes, who knows what other things they could run searches for as it sifts through the data. Surely the temptation to flag any messages with "terrorist" "bomb" and the like could proove too tempting.
Just a thought...
Just skimming the Freedom of Information Act, one particular exemption catches my eye --
...would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law
I'd think the FBI might make the case that if the design of the *vore systems shows WHAT it monitors -- how it selects such -- then this clause might apply. Certainly, this would seem to allow the FBI to refuse to describe *which* ISPs are being monitored... But then, I'm neither a lawyer nor a Fed.
Only the dead have seen the end of war.
I used to use Etherpeek in my door room in college (I didn't know it was an FBI program)
Come on tho, you could see the traffic passing through your ethernet network, see who was logging in to prOn sites, steal their passwords for those prOn sites, etc.
It wasn't the greatest program tho since keeping a log became a crunch on hard drive space... those logs got long REALLY quickly.
Probably even more important now is finding out what ISP's have this installed now. So how about hearing from different ISPs who have been asked to install it? Is it just ISP in the US? Or is it ISP that are worldwide, (AOL and the likes). Is the FBI even allowed to place monitoring software that will possibly monitor email from those outside the US or is this outside their jurisdiction? Many more questions to be answered and this Freedom of Information request is just the first step
I'm a great believer in luck. The harder I work the more I have of it. - Thomas Jefferson
This great country of ours is founded upon certain constitutional truths, amongst which are the right to freedom, and the pursiut of happiness.
What then, are we as Americans to do about those elements that do not share our vision. Are we simply to allow them to conspire to bring about our downfall ?
I am sure that the FGI, and other government agencies have the wellbeing of the public at heart, and we should look leniantly on those few cases where they have crossed the line. It is understandable that occasionally a few zealots will take things a bit further than they should in support of a worthy cause. You only have to look at some of the claims made about Linux on this very forum to see how easy it is to become a fanatic :-)
So in short, this is another non-event. As I have said before on this forum, the private life of Joe Sixpack is OF NO INTEREST WHATSOEVER to the FBI, and the cliche is still true, ONLY CRIMINALS NEED WORRY ABOUT THIS.
You people should stop criticizing the very people who are trying to protect your safety even as our civilization is crumbling around us. Surely these people (the good guys) deserve our support ?
Etherpeek is the name of a commercial packet sniffer/network analysis tool.
k ing-glass-you'll-hear-better?
I sense a lack of imagination where the naming of secrets is concerned. What's next: Operation Trashpicker or Operation Hold-your-ear-against-the-wall-Here-use-this-drin
I guess even spies get bored.
k.
--
"In spite of everything, I still believe that people
are really good at heart." - Anne Frank
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
However, they often return something just as useful, in that the government redacts the information returned "for security purposes." While redact means edit, in such cases it is effectively, black out with a wide felt-tip marker.
If SlashDot were redacted the way most "important" data received through FoI requests, it would appear like this:
Posted by ***** on *****
from the ***** dept.
***** writes: "A press release from the ***** says they are using the Freedom of Information Act to seek all of the ***** related to the ***** " The ***** is saying ' *****
[
We need to remember there are other government agencies out ther that are snoopin' too. The CIA likes violating the rights of the US citizens and the NSA likes to violate everyones rights.
Stay tuned cuz the FBI are the losers of the bunch. The get caught all the time for their dirty work.
Hmmm, maybe it is just a cover up for what the CIA and NSA are working on?
I've lived in forign countries where the government owned all the land, took care of all the health care, (third world country so you can imagine what that was like) and could search homes or stop people without any reason at all.
I don't really believe that the government doesn't have our best interest in mind at least for the most part. There is no possible way the FBI could read all email, and I would go even farther to say there's no way they are going to get the software installed at all ISPs. There's dozens of Mom and Pa Internet shops that simply aren't going to do it. The FBI found a loophole where they can gather information a possibly catch criminals. I truely don't believe there's a consipiracy to label everyone as a bad guy.
Is what they are doing wrong? Yes I think so. Is it particulary dangerous to our freedom? Probably not, especially when compared to what goes on in some other countries. I'm glad the ACLU is stepping in but really what can they do about it? I'm sure that this sort of thing will still go on unless Congress opens an investigation and puts a stop to it. So if you are worried about the FBI reading your mail then encrypt it. Personally I have nothing to hide.
Never knock on Death's door:
The Anti-Blog
It has never ceased to amaze me how few liberties we would currently have, if it were not for private organizations, like the ACLU. The government cannot or will not protect us, so the ACLU has to.
I personally am extremely pleased to hear of their FOIA demand for information on this blatant 4th amendment violation. The FBI needs to stay the hell out of our mail. And it's also high time that this sort of privacy violation got wide mainstream media, so that is is less likely to occur in the future.
gitm
- The pen is mightier than the sword, the court is mightier than the pen, and the sword is mightier than the court.
Go get 'em, tiger!
Carousel is a lie!
Anyway, you can bet CIA, NSA, and probably FBI have been monitoring Internet transmissions illegally for years, just like they've been tapping phones illegally for years. The FBI may not be run by J Edgar Hoover anymore, but they're still the same organisation. In response to claims the CIA assassinated a Serbian official, the CIA said "We don't do that anymore." Bullshit. These are the same organisations, with the same goals, and they will continue their illegal activities against Americans and foreigners for a long time to come.
The ACLU is unfortunately not going to get much out of them.
This is the most disturbing violation of our rights. Apparently the Effa Be Eye thinks that the electronic transmissions we send to and fro are just ripe for the taking. They claim it's only suspected criminals, "Suspected"?
When activity like this is permitted then sooner or later we will all become suspects in their eyes.
I applaud the ACLU! If they can actually get something done then they deserve a pat on the back or better.
"Never wrestle with a pig, you both get dirty and the pig likes it."
Anyone with any influence who disagrees with the government is going to be tracked, bugged, and if they're influential enough, eventually shot. No, it's not the Soviet Union, but it's a lot more oppressive than you'd like to think. The minute you speak out about the oppression, you start to find out exactly how close we are to fascism.
(I'll believe it when I see it).
The FBI is sharing information regarding Carnivore with industry at this time to assist them in their efforts to develop open standards for complying with wiretap requirements. The FBI did so two weeks ago, at the request of the Communications Assistance for Law Enforcement Act (CALEA) Implementation Section, at an industry standards meeting (the Joint Experts Meeting) which was set up in response to an FCC suggestion to develop standards for Internet interception. [1]
What's interesting in this case is the FBI's press department, and their use of the word 'industry'. Usually, one would assume that they are referring to the 'computer' industry, but here, apparently, they are refering to the 'law enforcement' industry. See the CALEA web site, and you'll understand...
-jerdenn
Dunno if this is all over the country, but PacBell sends us here in California a list of legal notifications to have your phone tapped. They include beeping every 10 or so seconds, a verbal notification, and others.
Email, of course, doesn't need any notification of saving the conversation if it is the send or receiving party that is doing it. But if there is a third party tapping your email line, they don't have to notify you. I'm curious if it is easier for the FBI to wiretap email than it is phone conversations, ie do they have to install remote hardware near the point of the tap for phone conversations?
-- Moondog
Hey, predicting my death are ya? How's it gunna be? Please, not something boring like drunk driving or aids or lung cancer from all of those cigarettes I never smoked. At least let it be cool, like getting impaled by rebar shot from a railgun, or having my sole stolen by Microsoft.
A company called (foveon) or something like that has placed a black box by the RMI.Net dial-up equipment. They say its to track users online and build marketing data from it. I was totaly against it, but had no say in the decision. So I took a vacation during the installation. When I came back it was all setup and no one ever talked about it again. I think the whole thing stinks, but the FBI has a job to protect. Unless the technology is abused its for our own good. I have had legal orders to supply the local sheriff dept. with user info and log files in the past. It's always been legit and called for in my own opinion. But to allow the FBI to do it when ever they want? Hmmm....... I don't know, but what if the sysadmin is anti-social or has a problem with authority, will he/she cooporate when asked to surrender info? I have no problem if its legal and justified. But will all other sysadmins feel the same? Who has a better employee screening process? The FBI or your local ISP? :)
Right now the problem with encryption is two-fold:
1) PGP/GnuPG is still too complicated for an average computer user, not to mention Mom and Pop who just want to get their "internet experience".
2) Strong encryption doesn't come as a default option in any popular e-mail program that I know of. Intentional or not, this severely cuts down the number of potential encryption users from the start.
Teslakid
It isn't much.
My question, which was not covered on the Web site nor on any story I've read to date, is what the FBI expects of the ISP that has one of these things put on its site.
Perhaps a good Boardwatch article?
Whenever I spy on people (such as my 17 year old neighbors daughter), I always seem to land myself at the police department. But now the FBI can snoop on me without getting in trouble? Hrm. Bongo have idea. Bongo join FBI, learn about Omnivore, and intercept neighbors daughter emailing pictures of her diking out when she and friends had too much to drink! woot! Yay for democracy!
Teslakid
The ISP's should have the right to know what the the FBI is putting their systems. I would want to know exactly what information it is taking the amount of bandwidth it is going to from me. All that stuff I would demand to know before I put it on my network. The source would be great so I know how I can work around it if it gave me problems
These developments have greatly increased the communications interconnectedness of all the countries in the world, especially technologically advanced nations like the US and the Netherlands.
Does anyone have any idea why the Netherlands was mentioned specifically in this sentence?
If you say "I'll probably get modded down for this..." then I will mod you down.
One point not made in the Slashdot comment is that Congress is also interested in the issue. House Majority Leader Dick Armey has asked the FBI to stop using Carnivore until 4th Ammendment issues have been looked at, and the House Judiciary Committee is holding hearings on the matter on July 24th. That means that this isn't just a lonely fight of a few privacy advocates; some big guns in the government are at least interested and asking the right kinds of questions.
There's no point in questioning authority if you aren't going to listen to the answers.
One of the problems with sending encrypted mail is that I talk to a lot of non-geeks.. is there any support planned for GPG in Mozilla? Or some compaible alternative? This might be a chance to get encrypted communications more mainstream (I certainly make heavy use of SSH as is; It beats having to set up stupid display variables!)
How about the web though? If "the man" can see what you're surfing, I don't know if I might like that. Do slashdot comments count as mail? What about hotmail? Or for that matter, ICQ? The hordes use ICQ a lot, and I know more than one person that sends drug-related info over it (much to my concern). If they're going to tap that, then this isn't about an email sniffer, it's about a network packet sniffer looking for strings.
*sigh* Land of the free, indeed. Don't argue with the man, or he'll bust yo ass! It's not like you need to worry, unless you're a drug dealer/money laundrer/commie red pinko/branch davidian/mob leader/columbian national/insert group-of-the-month here
..don't panic
Really, is seeing the technical specs and source code going to help determine if the Carnivore system invades privacy? The FBI stated that all email traffic in an ISP goes through Carnivore. If that isn't invading privacy, what is?
I'll try and guess how Carnivore works (the software that is, IDNJS about networks). I assume it requires too much disk to log the entire text of every message (and be too cumbersome to search, and be a tremendous waste of cpu). I bet they just index every message and check it against a list of "flags" - names, phrases, addresses or other terms related to ongoing investigations. If a message turns up a flag, the Carnivore notifies HQ and the message is logged. I bet the From:, To:, Cc: and Bcc: addresses immediately become flags as well. Perhaps all email traffic immediately following the flagged message would be logged for a certain period of time. Encrypted messages are ignored, but the From:, To:, Cc: and Bcc: addresses can still be checked.
At least that's how I would build the system. Now, as a hypothetical exercise, how would you defeat it? Encryption helps, for sure. You'd need to change email addresses frequently, though. Or you could do what I do and live in a developing country. My ISP couldn't figure out if someone hacked into their system if their life depended on it, let alone figure out how to track anything.
All I can tell you is the FBI will become the world's top experts on spam, as 60% of the carnivore's food will be spam. I can imagine a team of 30-year-old college drop outs working in a basement outside DC, reading page after page of spam on some trusty 1983 VAX machines.
--- Never hold a dustbuster and a cat at the same time ---
Setting his threshold to 5, Sparky eliminated most of the trolls on /.
My ISP runs six OC48 lines into it's internal network. They claim the lines are running at about 70% use on average. I'm trying to imagine the size of a box that would handle that load...
Anyone have any thoughts on this?
-C
They haven't repealed the 4th Amendment yet. Isn't that an illegal search if there is no warrant?
Just because it CAN be done, doesn't mean it should!
Besides, there are much more valid reasons why Carnivore stinks. What the hell happened to eminent domain? If someone who gains unauthorized access to a web site is "stealing" server resources from the site, isn't the FBI "stealing" property that belongs to the ISPs here? What happens when the NSA decides that the security of the nation depends on them using my computer to help crack "terrorists'" encrypted messages? Kind of quartering soldiers in private homes, aren't we?
Also, you have privacy. Now this is a thorny issue; IP packets aren't private in a technological sense. However, I think the courts would look unkindly on a company that sniffed packets from a backbone and sold the data (anything I tell my doctor/lawyer over ICQ, for example) for mining. The fourth amendment, probable cause... is it legal for a cop who doesn't have a warrant to stand on my doorstep and then bust me because he saw a bong in my living room when I opened the door? Probably. After all, I had no expectation of privacy. "Just use encryption." "Just use the window." Man, fuck this government.
I've probably set off a couple of NSA sniffers already, so I'll give it a rest. God bless America; here's hoping she survives this generation's crop of power-hungry yahoos.
Maybe he's figured out what it's really for, in his latest article, Meet Eater.
His reasoning leads him to this:
"In this position, Carnivore can act as a listening and recording device, OR IT CAN ACT AS A SWITCH. If we ever hear a proposal from the FBI in which it plans to install Carnivores at all 6000 ISPs in the U.S., we'll be giving the government the power to do something it can't do right now.
"Shut the Internet down."
But they can get one. And, so far, we've no evidence that the system is a) always-on, and b) indiscriminate. Unless an inside whistleblower reveals that, say, communications HAVE been recorded and examined without a warrant... there's no clear evidence of a violation. It all depends on what capabilities the systems have, and more importantly, how they use it.
Only the dead have seen the end of war.
Is it just me, or does the ACLU go after the stupidest things (not to say that this is stupid)? When was the last time you heard of them really changing the life of or liberating the average American citizen?
A recent battle in Ohio comes to mind. The ACLU sues the state of Ohio for having "In God we trust" enscribed on a courthouse. Execuse me, but what do you swear upon when you testify in a legal court? The Bible. And isn't that same slogan printed on almost all of our legal tender?
No, he means GPG (aka GnuPG, the GNU Privacy Guard), a GPL'ed, open source alternative for PGP which does not use patented algorithims.
The Mozilla Crypto FAQ has a little bit of information on encryption and the News/Email client.
"Can of worms? The can is open... the worms are everywhere."
so far, we've no evidence that the system is a) always-on, and b) indiscriminate.
So far we also have no evidence that the system is NOT always-on and NOT indiscriminate.
"Innocent until proven guilty" applies to those that the government accuses. The government itself is a separate category, and the functionaries of governments (both the US and others) have a long track record of improper actions.
Government is granted extraordinary power. Strict scrutiny of government operations by the citizens is both proper and necessary to keep the government from exceeding both its own rules and its mandate.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I was going to moderate this thread, but I just couldn't, because I needed to let this rant out.
To all of the people who think the FBI is so wrong in this(including the above poster): Who the hell do you think you are?
We do not have a constitutional right to privacy. This is not a 4th ammendment issue either. If the FBI(or any organization, public or not), through legal means, asks an ISP to let them look through whatever records the ISP keeps, this doesn't violate the constitution in any way.
The FBI is doing nothing illeagal here. If you are going to send plaintext over a mixed network like the internet, its going to be routed through some computer that you don't have an privacy contrract with.
If you don't encrypt your email or network transmissions, anyone with enough money(power) can intercept it. And there is nothing illeagal about it(Contracts non-withstanding, but the buyer isn't at fault regardless).
[sarcasm]Remember, information wants to be free.[/sarcasm]
Hi all, Here is some info that you may find interesting. I have worked in and out of the architectural/design/building industry for the better part of the last 14 years. In that time I have worked on the design and build of many telcom centers and ISP's. For this work security is stringent and done on a per project, eyes only basis.Most of these places (I am generalizing due to very real security issues in the telcom industry) are designed with very highly secure areas where the main switch/com centers and computer rooms setup with the following (very generalized and non specific) criteria: 1. switch/control centers have to be on an 'open' wall so that they may be visually inspected for bugs and taps. 2. computer centers and the racks they mount to have to have 100% visible access as well. 3. walls of secure areas usually have leadlined wallboard and welded wire mesh installed from deck to deck behind the leadlined wallboard. 4. these installations usually use the box within a box within a box scenario (ie secure areas within secure areas within even more secure areas built just as above.) 5. highly secure and mostly invisible CSTV systems monitor every square inch of the space inside and out of these installs, capable of doing so in complete darkness(i have done quite a few casinos that use very similar CSTV systems which can see every player and dealer at any given time) These are not the only security measures involved in building a telcom but this is as far as i can go without having to post as an AC. The folks working inside these areas have to have all sorts of additional clearances/citizenship requirements etc. Building these installations is not easy due to the fact that even the staff of contractors doing the build out typically have to pass security checks and sign nondisclosure agreements as to what they have seen and built. Telcoms are not the only types of businesses that have to follow these stringent security measures. There are a great many 'local companies' all over that are really offices for other agencies. You may or may not be aware of this but many times when these places are built they use names of 'private' corporations etc. to hide thier real ownership. Ironically, the ISP's that I worked on didn't have such security in thier design criteria (usually they are mostly concerned with disaster proofing and service interruption proofing) but if things keep going as they are it would not surprise me if they had to implement these types of upgrades due to the *ivor boxes being located within thier facilities. If that happens we will see a lot of ISP's go under as this type of construction, whether new build or retrofit is really very expensive. To sum it up, let me say this: the freedom of information act is really an obscene joke. I have seen documents released for the purposes of building these installations where as much as 90% of the actual design criteria is totally blacked out, 5% is readable but 'classified' (and usually printed in nonreproducable photo blue) and the remaining 5% is as generalized as this post is. Even if *ivor information is released to us via FOI act it will be mostly useless and not yield any clues as to the level that security is going to be compromised by it. Hopefully, there are some IT folks out there who work in these facilities that can provide us some insight to the systems without compromising themselves and thier positions. After all, matters of National Security are not a joke and in the big picture a little loss of personal privacy may seem trivial compared to whats really at stake (read:I am not in agreemnet with them doing this but I do understandwhy they are doing this). If you want privacy in your email the answer is very simple: use strong encryption and exercise due diligence in deleting/scrubbing your email after reading it. If enough people use highly encrypted email bigbrother will not have the time to decrypt all of it enmasse.
Prospecting Stinks. Stop Wasting Time on Cold Calling.
Look; not only are the FBI monitoring your network traffic, so are the Internet pedophile police, your ISP, the ACLU, Russian spy satellites, the National Baseball League, and my Aunt Bonnie.
So please, all you sysadmins and DSL-packin' home-web-server 'l33t out there, please try to learn about the benefits of retiring legacy protocols like Telnet and FTP (which happen to send your password in plain-text), in favor of newer, robust, secure data types like SSH, scp, IPsec, and PGP.
And if you're really gonna get all worked up about "ooh, the FBI is spying on me using meat-eating computers co-located at my ISP", then consider using a secure operating system.
Free music from Jack Merlot.
The FBI is doing nothing illeagal here. If you are going to send plaintext over a mixed network like the internet, its going to be routed through some computer that you don't have an privacy contrract with.
Ok, you sound a little confused. I think the ACLU is trying to find out if the FBI is doing something wrong, by figuring out how this system works. If (for instance) it take everyone's email and stores it an FBI Drive, and they take it away to look through it all, searching for the email they are interested in, then I think the FBI is wrong. Especially if they keep all that mail along with the mail they were looking for. (You never know, they may need that other mail someday). It is trusting people like you that screwed oevr the most, only you don't even know it.
[sarcasm]Remember, the government is your friend, and they would never do anything to invade on your privacy.[/sarcasm]
Since Earthlink is only collecting that data when it is being ordered to by a court I think that isn't such a bad thing especially since Earthlink is in charge of the data collection, not the feds. That way there is a 99.9% less chance of a federal fishing expedition which ends up monitoring half of the earthlink users because carnivore decided 1/2 the messages were suspicious.
There are lot's of ways to get information out of it for lot's of different reasons: knowing the 10 most popular destinations of your customers can be damn useful information for laying out infrastructure and inking advertising deals, that is just good business to keep those kinds of records and it's arguably not harmful to anyone. Knowing the habits of users without knowing the users is useful but requires substantially more money and processing power, this is for the data miners (who would have thought that the serious porn hounds are also predominantly overclockers?!?) this part is gold, there is no way this type of information will ever be made illegal and if you have the technology to master it you're going to continue to make billions. And then there is the credit industry style reporting where specific users are mapped to their habits, which has its own useful and devious uses.
This stuff is done. You want to know half the sales pitch? A slick smooth talker from Oracle (a "shark" and not a "shithead" if you've ever worked there ;) comes and preaches the virtues of being able to build your infrastructure, better server your customers, then they go in to the cash you can make by selling the information if you want to go that route and the deal closer is protection. There have already been laws on the books that target ISPs as a way of controlling content. It's only a matter of time before an ISP is involved in a nasty legal battle because one of their customers did something with the net and someone lost a million dollars or got killed or worse; if you're an ISP you have to protect your business and that's all it is: a business with no nasty constitutional laws about privacy. (with the current legal landscape if you're a business you're really more akin to a target because suing is the way of the 21st century and individuals don't have money like businesses do) Now when you're a small to medium sized ISP with a hundred workers or so, the last responsibility you want to take on is policing your users and the last thing you want to happen is have the FBI come in and start mucking with your operation so that they can observe a suspect. These are fairly small businesses that are run on shoestrings and bailing wire, usually. You polish or clarify your privacy policy, buy a big mutha of an oracle database (I don't know of any specific cases but I imagine that you may not have to actually buy the database and the machine in some cases, deals can be worked,) hook it in and start monitoring. The FBI calls them up asking about Freddy Kiddie Porn Peddler and they can quickly provide them a detailed report of his activity, the FBI goes away and the ISP keeps running without any bumps. Don't believe me? how quickly and how detailed was the AOL 'core dump' when the Columbine thing went down? In hours, AOL had provided the FBI with extremely detailed information about the two shooters and AOL has millions of users. Ask Malda if he tracks IP addresses, I promise you that if the right AC posts the right message his IP will be pulled from the logs, the ISP will be contacted and he will be tracked down.
Carnivore is a logical extension of this policy. It's aggressive and proactive, that's the biggest problem. Instead of just recording every email and providing the FBI with a listing when they ask for it, they are looking for deviants. It's uncool but there is no regulation, the internet isn't the post office and doesn't provide privacy like that. It's all commercial ventures and commercial ventures do whatever it takes to keep making money and avoid problems and there are no constitutional rights to violate because they're businesses. The only way this is illegal is if the FBI tries to force it on ISPs but more often than not they will probably volunteer because the FBI will provide hardware or something stupid and then the ISP won't have to spend as much money doing their own email tracking. They could just as well walk in to a bar and tell the bar keep that he'll get a $100 bill for fingering people dealing drugs, he already knows who it is and he probably doesn't want that element in his business anyways. The FBI gets a nice little list of people to suspect. Only it's not drug dealers or porn peddlers they are after, it's terrorists and potential terrorists.
The only question in my mind is how far is the public willing to go? Most people have no real secrets, they are in to kink on the net and they don't want their family and friends to know. They are introverts and can't stand the idea of people knowing what they do, it makes them uncomfortable. Privacy and secrets are independent but our society thrives on the invasion of privacy and the supposed existence of secrets. We were captivated for a full year with the president getting a blow job, there are channels on cable the focus on gossip and celebrity worship, even the news is in an overload mode where an event happens and they don't stop covering it until there is nothing left to cover, privacy is invaded, and secrets are out. They fear Hoover-style FBI black mail, this is a potential problem but the potential is pretty small and as more and more people give in to what inhibitions they have about viewing porn and it becomes more socially acceptable nobody will care if you like the dirty shit. At that point it's your medical record and credit history, those are the biggest secrets most people have. Will people let the FBI snoop around in everything else if it stops Oklahoma City bombing number 2? Or Columbine 2? Who knows? If there is a few more school shootings like that and another major terrorist act like that then probably and who wouldn't give it up? And the news never steps in when the FBI stops something before it happens. The technology is there, the incentive for the businesses is there to use it, the FBI wants the information, other companies probably want it too.. Who knows? The ACLU stepping in is nothing more than a stunt to try and gain publicity for an organization that is trying to stay relevant (they seem a bit more selective these days when it comes to freedom and who can practice it) and a hiccup for the project. The FBI is simply asking businesses to provide information that they already have and keep. If you're a business who has started doing it then you can also just tell the ACLU to fuck off because it's classified information for your business.
Really folks, privacy isn't nearly the hot button everyone likes to think it is. I was one of the original cipherpunks and what did we do? We built fricking anonymous remailers. BFD! It stops practically nobody from snooping because the people who can do it can do the simple traffic analysis it takes, there still isn't real privacy in the picture. Netscape has built in encryption and authentication for email (SMIME) next to nobody uses it, there is a third part involved in the process but it's still there and it's substantially more privacy than none, for $10-15 your emails will automatically sign and encrypt themselves and nobody does it. It's an extra step to encrypt or decrypt your email with most mailers and it's not worth it for the quick notes to most people. The more I look, the more it looks like the people who are serious about doing the email encryption don't do email because they are these socially dysfunctional introverts (I know a guy who sets up sendmail to reject non-encrypted email! I can't understand this because my non-computer-nerd friends won't encrypt and I don't want to stop emailing them, he just doesn't get much email and doesn't care, I can do you one better than that, why don't you just shutdown your mailer and not do email at all?) It's a typical political issue, everyone has pgp, everyone has a pgp key, everyone wants to know who to secure a file or email stream ("just in case",) close to nobody ever does it. It's really not nearly as important as everyone would like to think and it's simply a matter of social adjustment before that is realized or the switch happens and it becomes a serious issue.
Summary: just how much does the Carnivore box monitor? Does it look only at IMAP/POP2/POP3/SMTP traffic, or is its charter far, far broader to capture at least the endpoints of communciations using other modes of operation? Does this mean that the FBI therefore has a trace of all your activity available to it? The rest of this article looks at just how much the FBI would have to monitor in order to trace all possible mail traffic conduits.
The telephone industry has been told they have to design switchgear to make ubiquitious wiretaps easier. That mandate has not, to date, been extended to Internet Service Providers...but I can see where the ISP business will be nailed in just this way. Unfortunately for law enforcement, such a law would only help them catch the really, really, stupid criminal or the casual criminal -- the hard-core types would enlist the aid of cybercriminals [no, not hacker you dimwit] to help them hide their tracks.
Frankly, the Internet marketplace provides a number of opportunities to thwart this sort of stuff. Some examples:
This is not intended to be a primer on how to "get around" the FBI Carnivore box. This is intended to show (a) how difficult the task is to monitor all mail given current technology, and (b) to show how combating the technology already in place may cause privacy concerns far greater than mentioned already.
The monitoring of paper mail is, by comparison, a far easier task: you have a handful of choke points (USPS, FedEx, UPS, DHL, and so forth) who need to be in the good graces of law enforcement to do their job. The monitoring of fax and modem traffic is done using pen-and-trace wiretaps, recognizing the unique wideband signals to identify the difference. (Did you know it's extrememly difficult -- read "expensive" -- to extract content from V.34 and V.90 traffic from a tap?)
In contrast, once you get access to the digital Internet. how do you monitor ALL the ways to exchange mail?
It this true? If so where can I get more information? I heard that some bbackward african state had the bright to legislate pi=3 but not a western country. Maybe it will help the folks in Lousiane prooving the earth is flat.
Help fight continental drift.
>>>We do not have a constitutional right to privacy
Okay, I'll assume you live in the US, and therefore cannot use that as an excuse for ignorance. You may remember hearing of a case about 25 years ago called 'Roe v. Wade'. The crux of the decision was based on the fact that people in the US DO have a constitutional right to privacy. It is not specifically written (AFAIK) but it has been interpreted thus.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
From what I've read of the system, it's a box that gets plugged in to the ISPs network and sniffs the traffic.
But don't most ISPs use ethernet switches rather than hubs?
If so, the Carnivore box would only receive traffic addressed to it (none) and maybe the occasional wayward packet.
Am I missing something? Are the feds doing some sort of MAC hacking or Tempest monitoring or other weird voodoo?
Does it really matter if it's the FBI or some pimple-faced youth at your ISP violating your privacy. Just face the facts: You have no privacy on the Internet without encryption, your only protection is the masses of other traffic.
If you have *ANY* intrest in privacy, then take steps to protect it. Install postfix+ssl on your mailservers, use GPG for your email.
I'm so sick of people who post GPG keys but never bother using them. In order to prevent suspicion because of using encryption, you must use it normally. If someone posts their GPG key, then USE IT, if they didn't want encrypted mail, they wouldn't post it!
Go grab my email and send me a GPG (/openpgp) encrypted email, include your key and I'll reply. The practice is good and it will certantly annoy sniffers. :P (http://www.linuxpower.cx/~greg/).
>Dunno if this is all over the country, but PacBell sends us here in California a list of legal notifications to have your phone tapped. They include beeping every 10 or so seconds, a verbal notification, and others.
:P)
These are standard notifications that a conversation is being *RECORDED* (by a corporation), not that it is being *TAPPED*. (What, you think the FBI is going to play a bunch'o beeps to warn the terrorists
> But if there is a third party tapping your email line, they don't have to notify you.
Unless that third party is acting under a court order, they'd be in violation of the Electronic Privacy act of 1991. Class 2 felony, I believe.
I understand your statement. I just believe that what your saying is "wrong" is actually "right." Oh well, we disagree.
This is EXACTLY the kind of thing the successor to the KGB mandates in every Russian ISP. So what's the difference? The FBI guys wear white hats? These people need to be stopped NOW. With this in place, any individual even making a joke about drugs, politics or blowing up Congress in email will be susceptible to surveillance and harassment. Once they have your name in their little (big!) file they're NOT going to delete it, and you can look forward to a life under surveillance. The concept that 270 million people need to be searched in order to capture the tiny percentage of the population who are terrorists and drug dealers and child porno's is morally and intellectually bankrupt. They might as well just do mandatory house-to-house searches.
The revolution will NOT be televised.
The beta of the next version of BlackICE Sentry (from Network ICE) has Carnivore features built in. Administrators can configure "from" or "to" patterns to capture e-mails to the disk in mbox format. It can keep up with full-duplex 100-mbps connections, so you can tap into links between switches. This version runs on Linux, Solaris, or WinNT. It costs $5000, though.
On topic, off topic or blatant self promotion?...
My little site, www.spamMimic.com, will encode a message into spam for a tad of privacy AND possibly bog down Carnivore and the like.
Tell that to Mumia Abu-Jamal, or kevin mitnick, or anyone in hollywood during the 1940-50's who had possible ties to marxism.
Going after individuals without regard to the law is a tactic the united state's goverment has done, is done, and most likely will continue to do assuming there are no major chances in law enforcement policy.
So quick with fear you tiny fools!
Of course I may be giving him too much credit...
First of all, I find your American clichés extremely annoying. America is neither better nor worse than other countries...you just happen to have a bigger army and economy thanks to the fact that the land you snatched from the Native Americans is very mineral rich and fruitful. You also fail to realise that not everyone agrees with the laws of the country they live in. I, f.e., belive that cannabis smoking should be legalised, yet I am the victim of government agencies that are enforcing laws I do not agree with or consent to abide by. The people who work for government agencies aren't Crusaders in Shining White Armour, coming to the rescue of the victimised and helpless citizens. They're people, like everyone else, people who want their payroll and pension. They don't particularly care about John Doe or his privacy or his rights not to be scrutinized, violated, beaten or abused. I know this may sound extreme and paranoid, but they're part of a machinery that governs society as a whole, a machinery that protects the values and ideals of the wealthiest and most powerful. Their values do not neccesarily coincide with mine, or yours, for that matter.. The individual doesn't come into this. It's a machinery of numbers. You say that only criminals fear the law! I have never heard such preposterous nonsense. Everyone has violated some law at some time. Everyone feels his freedom is violated when he's driving down the street and sees a police car. The automatic reaction is to slow down, drive carefully, ANYTHING to avoid the scrutiny of an agent of that system! Your freedom is inhibited by enforcers such as these. It doesn't help that certain types of people are attracted to positions of official power, such as the FBI or regular police. It attracts people who enjoy having power over others, enjoy the fear they cause. The system is NOT the good guy. The FBI are not valiant defenders of "normal" people. They're a bunch of people with rights to pry into your life. Think about it that way. Criticism is always good. It leads to self-improvement on behalf of the criticised. Intelligent people have been saying that civilisation is crumbling since the invention of the railroad. My Very Long Two Icelandic Crowns.
ok...Roe v. Wade, constitutional rights to privacy, the 4th amendment all that's all fine and dandy, but if the FBI wants to put some kind of software on ISPs servers and the ISPs refuse, then move on to the next ISP who will let you and eventually you'll get the "terrorist" you are looking for. Here's a suggestions: try monitoring some of the large peering points and watch the traffic from there. Narrow it down, instead of 5 bazzilion ISPs, go to smaller points and try the packet sniffing from there!! ISP servers are problematic on their own, much less adding additional propriatary software that may or may not work with the current setting, therefore crashing them, who needs that? anyways that's my 2 "sense"....!!
There is a HUGE difference between Carnivore and existing wiretap systems. I am Chief of Technology for a CLEC and also handle the National Security stuff. When we get a court order, WE, the carrier, present the required call content to the requesting Agency. ONLY calls destined for or originated by that number(s) will be presented to the Agency. There is a check in the system - the carrier ensures that the Law Enforcement Agency does NOT get any other calls than the ones authorized. Carnivore, on the other hand, looks at anything and everything. The telecom carrier has no way to verify that the LEA is monitoring only the authorized party(ies). I can tell you from personal experience that some agencies try to take shortcuts. I was served an improperly completed order a few weeks ago. I suspected that the judge had given the cops some blank orders which he pre-signed. Or maybe the judge doesn't know how to fill one out properly. And can't spell his own name. :-) I refused it, called the judge personally and informed him that if it happens again he's going to be seeing a grand jury. Haven't heard anything more... In short, in any system like this, checks and balances are vital. Hope Congress doesn't get snowed by Janet Reno and the FBI BS'ers like they did on CALEA!
Gonna keep some CA's (Carnivore Admins) hopping if the box is Windows-based.
"I will gladly pay you today, sir, and eat up
Sacred cows make the best burgers.
>>To all of the people who think the FBI is so wrong in this(including the above poster): Who the hell do you think you are?
...ok, enough of that gooey crap. You get my point. If we lose on this battle, what's next? I, fore one, don't want CBS's freindly facism, aka the show Big Brother (Somewhere, George Orwell rolls in his grave), to become a reallity for everyone.
A citizen of the US-of-A. It's bad enough that I'm going to be of leagal voting age in tenmonths and either Bush or Gore is going to be in power (Support the one-and-a-half party system!), I don't need the FBI looking through all my e-mails. All I need is for this Carnavore BS and the Anti-Metaanphetamine rider to get passed and we've lost everything our forefathers... (::Somewhere, the Star-Spangled Banner is hummed::)
-=The Rimstalker=-
-=The Rimstalker=-
I understand the difficulty the American Working Man has putting food
or having my sole stolen by Microsoft.
Writing shoddy software, anti-competitive practices, maybe even racketeering are fair enough claims but the slurs that Microsoft employees break into people's homes and steal their fish have never been substantiated.
LOL
-=The Rimstalker=-
-=The Rimstalker=-
I understand the difficulty the American Working Man has putting food
Robert Cringely has an interesting perspective on this issue at PBS. The real question, as he points out is "Why does the FBI need a box?" since they could do what they purport they want to do by some simple changes in an ISP's router.
Port number, please. I don't find any secure version of SMTP in the ISI list of well-known ports.
*Few cases* where they've crossed the Line? What color is the sky on your planet?
Let's look at the scoreboard, shall we?
The FBI, under the control of J. Edgar Hoover, compiled dossiers on hundreds of thousands of American citizens who never committed any crime at all. The contents of those dossiers were used routinely to blackmail people that Hoover (in his sole opinion) considered "unamerican."
Did you know that Hoover considered the move to integrate Major Leage Baseball a "communist plot?"
Did you know that Hoover spent thousands of tax dollars on investigating Desi Arnaz, because he didn't like the way that "The Untouchables" glorified the secret service, a rival to his beloved FBI?
Surely you're aware of the FBI's harassment of Martin Luther King, which included anonymous written demands that he commit suicide?
How about the FBI handing over dossiers on hundreds of Bill Clinton's republican opponents to the White House staff, with NO legal justification to do so?
Get real: The FBI occasionaly deigns to do its real job, when they can fit it in to their busy schedule of trying to clamp down on any serious dissent in the USA. Thank god for our courts.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I think you're not up-to-date in this... The Internet might have been a US operation, but today its present in every country. Therefore, i don't think that the USA have the right to shut it off. Better get in touch with the rest of the world, lad.
Interesting information...
carnivore.com is hosted at Earthlink.
carnivore.com brings you to the home page of a family of people born in "Palestine" and Libya.
Palestinians and Libyans and their communications are probably of interest to the FBI for various reasons.
Hmmmm...
Something which makes you go hmmmmmm... n'est-ce pas?
If it were actually sniffing the network, then it wouldn't have required any software changes at the ISP. It's relatively obvious that the "scanning" is being done at the MTA level.
Even if it weren't, there's always mail spools to grep through.
You say that WebMail type things would be harder to monitor... no harder when you have access to the servers.
I like the fact that you seem to have covered many different areas where network traffic can be sniffed, but you seem to have forgotten that the asynchronous nature of e-mail usage means that there's a server somewhere in the middle.
Changing over to an ICQ-type "OK... I'm on... you can send it directly to me" method would help in alleviating the centralized storage issue, and if public-key encryption were incorporated with ICQ, then it'd be rougher for the FBI, though this would require that the sender be on 24/7 or risk not sending the e-mail.
Which brings us to another point. Subject lines and PGP.
Peeve: My Outlook/PGP combination leaves subject lines as plaintext. How is one supposed to both provide a useful reference and keep the gist of an e-mail secure with that?
Argh.
Just my £0.02.
-NevDull
What happens when all the routers and servers in the US shut down? Besides, The key word in the post was mostly, which is essentially true. Most of the machines on the net are in the US, partially due to the jump-start, but in no small part due to it being cheaper in the us and Americans having more money.
Unfortunately, history classes being what they are, the inhabitants of the jury box are unlikely to know of that or care. I think that is what the poster was alluding to, that the great unwashed will frown upon those who do not swear by God's Holy Word(tm).
Lol!
--
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
Perhaps not all of us are pedo/terrorist... perhaps some of us just don't like anyone reading our mail but those who we wrote to. Also whoe's to say that a corupt agent getting ahold of our information that we email one another, hey the IRS canned a few of their people for breaches of power and selling off taxreturn information, and give/sell/blackmail etc.... there are manny manny things that I can think of
I thought Slim Shadey was nuts, then I met my ex-wife.