Slashdot Mirror
FBI Defends "Carnivore"
lasertech writes "This story on CNN.com explains how the FBI will only use Carnivore to sift through e-mail only with a valid court order.
Can the FBI be trusted with this?" While I don't want to stir the fire too much, the statistics concerning unauthorized wiretaps, which have similar restrictions, led me to believe that policing agencies need to get a grip on what they already have before they start working through more.
I don't see why the FBI can't continue to simply tap the phone lines, the traditional practice under current law. They would just need a modem and a computer to listen to the connection instead of an agent and a pair of head phones, and all the traffic would be traffic from the suspect, none of it traffic not pertinent that would have to be filtered out.
Of course people communicate from computers from places other than their home, but the FBI and other law enforcement authorities have delt with pay phones and people placing calls from cell phones and from their work place in the past. (Often an extension to the wiretap order is needed. Or they use traditional bugs (small hidden microphones) or long distance directional microphones, etc.)
Why doesn't the tap go straight to the physical wire which at once assures you the you get all the subjects communications, and none of anyone elses ?
It can't be a matter of the trouble of sending someone to place a clip on the wires, because I don't think that law enforcement does that at all now. The telephone central switches have a way for them to remotely connect to a phone call and tape it, don't they ?
It would seem that this system would also expose them to the problem of a smart target tricking them into ignoring his communications through some type of packet mal-formation, so that his traffic isn't matched to his ip address. Or worse, someone else forging stuff that you end up thinking is the subject's. But if you hit the physical wire he is using, it is the perfect filter; all of his stuff and none of anyone else's.
I think the choices are:
-- The FBI thinks they can do their mission for a lot less money if they install carnivore boxes, and they don't think they will loose anything (or much) coming from the subject or get other's traffic mixed in. In this case I think they are just operating on technically incorrect advice; they probably hired some government contractor to look into the possibilities of such surveilence, and got talked into believing it was needed or would work.
-- The FBI actually wants to be a able to illegally grep through everyone's email. (If I was a lawyer defending some young client for "hacking" and reading someone else's mail, I'd sure have those FBI agents on the stand describing exactly what they do with that box, and I'd claim my client could not be punished for anything the Agency routinely does without a court order.)
Unfortunately, I'm leaning toward the first case. Or maybe that is fortunate. I think the FBI is just blowing money, getting less performance out of the new system, and spending a lot their political chits (which they might really need later), all for nothing. It's a boondogle that will blow a lot of trust along with government money. If the FBI is going to try to setup illegal wiretaps, it's nice that they are incompetent, but I'd rather have an agency both legally and technically skilled.
On Monday (July 21), the House Judiciary Committee's Consititution Subcommittee will be holding a hearing on Carnivore. I've been invited to testify on the risks and benefits of making the Carnivore software open source. You can get a peek at my a href="http://www.crypto.com/papers/openwiretap.htm l> written testimony plus some background information here.
I suppose you believe the 4th, 5th, and 6th Amendments are also criminal-coddling. I mean, if we want to catch criminals, why require search warrants? They just slow down the process and allow the "guilty" to go free...
A free and dignified people must always evaluate any expansion of governmental power, to judge it as to its merits and appropriatness. What are we gaining here? And what are we being asked to yield? From everything -- I mean everything -- that has come out about Carnivore, my opinion is that we are being asked to yield important and vital rights, and that in return we are being offered nothing that is not already available.
For a people to remain free and strong, the government must never be treated like a black box. We own the government, and it's our right and our duty to look under the hood and see how the engine's running.
Yes, but we must hand over the absolute least that we can. No one here has called for the disarmament of the FBI. But by your logic, they should institute phone surveillance of everyone, just in case. And we should welcome this, apparently?If the FBI's motives are so pure, why is the operation -- and for some time, the mere existence -- of Carnivore such a closely-held secret. Why can't the FBI obtain email logs from the ISPs, who collect them for legitmate reason? What else does Carnivore do -- and if the answer is "nothing", why is the FBI afraid to let anyone see the box?
I wonder if the American people are worth saving, if we're so ready to abandon fundamental Consitutional rights ("The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated") in return for hypothetical payoff.
The Mongrel Dogs Who Teach
That's an ... interesting standard to apply by somebody who is responsible for the review. Surely the standard should be for FBI to prove that what they are doing is appropriate?
I guess nothing much will come out of the hearing...
---
"Where do you come from?"
Hi!
Odd query: The Sixth Amendment includes the right of the accused "to be confronted with the witnesses against him". How advanced do these things have to get, before they qualify as "witnesses" (instead of simple tools)? And can a defendant subpenoa an FBI geek and demand that he/she explain the workings of Carnivore to the jury?
I respect the FBI. I even trust them ... a little. But my respect rests upon the fact they are constrained by the laws, traditions, and people of the United States. It doesn't take long to slide from law enforcement to police state. And because I respect the FBI, I don't want them to ever be faced with that temptation.
The Mongrel Dogs Who Teach
There already is a watch dog agency out there....and it is called the JUDICIAL BRANCH of government. The judicial branch works within our system of checks and balances against the Legislative (Congress) and Executive (President).
IANAL or a law enforcement officer, but I do understand that if some agency wants to monitor your communications, they have to get a judge to sign off on it. Plus, if you ever ARE charged, any lawyer with a half brain would question how the evidence was collected against you (you know, that little right you have that protects you from unreasonable search and seizure).
This is another view of the world.
The FBI uses cooked statistics about child molesters and child pornographers as a red herring, to elicit a completely emotional and irrational reaction on the part of the public and the Congress which would otherwise stand in the way of their Big Brother aspirations.
Setting aside the issue of whether we should trust the FBI and their motives and integrity for the moment, let's examine the specific issue you mentioned: child molestors. In nearly every paper the FBI puts out about the Internet you can see the terms "child molester" "child pornography" and "pedophiles" sprinkled about liberally, suggesting that without the FBI looking over our shoulders our children would never be safe. But is it true? Just like the comic cries of "Won't somebody PLEASE think of the CHILDREN!" uttered on The Simpsons, the FBI's pronouncements ring out with few facts and statistics behind them. The few statistics the FBI ever uses are usually aggregate statistics which don't distinguish between pervs who used the Net to meet up with 12 year olds, and 15 year old kids who got nabbed for posting underage porn in chatrooms when they really didn't know it was illegal (yes, it has happened--more than once).
How great a problem is child pornography on the Net? Reality: Not very. But the FBI makes it sound in all their reports as if you can't surf for an hour without stumbling across kiddy porn. The FBI makes much in their reports and testimony of online "rings" of child pornographers who sell access to their collections by credit card, when the reality is that most of these sites are legal in their countries of origin and contain images of nude 16 or 17 year olds, which are legal in most Western countries; yet the FBI doesn't distinguish between these and "real" child porn of young people being molested or exploited. If pictures of nude 16 year olds are legal in The Netherlands and Japan, then it is unfair to count those sites based in those countries and operating legally as being child pornography sites. Most of the FBI's figures are skewed by this. Only a few people are busted each year for operating sites which are truly composed of kiddyporn. Plus, overzealous activists usually turn in sites for kiddie porn which are, in reality, hosting perfectly legal images of 18 year olds from publications such as Hustler's *Barely Legal*.
The reality is that most child porn online is well-hidden from the average user, yet easy enough for the FBI to find. It isn't on the Web, irt's on Usenet. Don't ever download binaries from there unless you want to go to jail, but if you want to know where all the child porn is then read the text messages in newsgroups like alt.binaries.pictures.erotica.pre-teen and alt.binaries.adolescents. As I said, no binary downloads unless you want jail time, but reading the text messages is both legal and educational--you'll learn that the FBI isn't really doing much to stop child pornography when they use systems like Carnivore to intercept e-mail, because most pedos online communicate not by e-mail but by posting PGP'd private messages to these groups or to alt.anonymous.messages. Since so many binaries are posted there, the content of which can be gleaned from accompanying text posted as follow-up commentary by its viewers, we can ascertain that the FBI isn't doing much to actually get these people. Headers can be forged, but that can only get you so far. Most of these people could probably be found if the FBI really tried--but evidently they don't. The FBI is all talk, using the threat of child porn and molesters online to gain control over areas which those people typically don't use to communicate with one another, like e-mail. They also like to entice morons who are stupid enough to think the FBI agent they're chatting with is an underage child, sometimes catching people who are clearly pedos who need to be locked up and sometimes raising the spectre of entrapment--more than one such case has been dismissed because judges believed it was clearly entrapment (law enforcement coaxing someone to do something illegal which they'd never have done without all the encouragement).
Research the issue yourself if you don't believe me. Go to all the major online news sites, and search for terms like "child pornography" and see how few cases there actually are where the FBI has busted someone, and then see how many of them mention entrapment, e-mail, chat, usenet, to get anh idea of what the FBI is actually doing with all that money they're being given for cybercrime. Then get the headers for the usenet groups I mentioned above, and maybe read some text postings that are too small to be encoded binaries. Are all the people who post to USENET so smart as to elude all FBI pursuit and cover their tracks so perfectly, or is the FBI that technically incompetent or unable to hire good computer personnel despite all the tax dollars they embezzle supposedly for that purpose, or do they just not care that much about the problem and use it as a means to play on emotions and get all those tax dollars which they then use to intercept our e-mails and build a KGB or Stasi like surveillance network, instead of using it to REALLY fight child predators online? The latter seems most likely.
Then, judge their intentions from their past behavior. Lok at the statistics for the unauthorized number of wiretaps law enforcement uses in this country--in the thousands each year. Look at what the ATF and FBI did at Waco--whether they set the fires (accidentally, of course) or not isn't the important issue; first they lied about it being a drug operation in order to get military assistance/training/a tank, then they made 2/3 of the warrant affidavit about unsupported allegations of child abuse (which they have *no* jurisdiction over--the state social services dept. was investigating those allegations, and found that the underage girls were above the legal age for marriage in Texas and thus it was a gray area; but, ATF and FBI have no jurisdiction over that, only Texas did, so it had no place in the warrant *except to play on emotions*), then they lied about firing pyrotechnic rounds (grenades or mortars) into the compound--for years they lied about it, but now the official report says they did; then they claimed that the tape from their listening device had them spreading gasoline around and setting the compound on fire, when in reality the Davidians were talking about pouring Molotov cocktails to use against the tank that was tearing their house down; finally, let's not forget that they completely demolished the remains like a conquering army salting the earth, so that no evidence was left, and the evidence they had (like the doors the Davidians claim the FBI fired through first) has all disappeared, together with the pictures taken by the Texas Rangers. Then there's Ruby Ridge, wwhere the FBI murdered innocent people and the Court agreed and held them responsible--they even killed a woman who was standing there, unarmed, with a baby in her arms, because their orders were "shoot to kill" once they killed that teenager who was walking around with a hunting rifle. The FBI is not to be trusted, at all. They lie and play on emotions, then do whatever they feel is best even if it's illegal and unconstitutional. Child molesters, kiddy pr0n, cybercrime--they'll say anything to get our sympathy and trust. It's just a red herring, and NOT a good excuse to give up our Constitutional rights--without those, we're no longer Americans. Don't be fooled.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
What about the THIRD Amendment? For some reason, it keeps coming to mind....
Before everyone goes off in search of a copy of the Constitution, the Third Amendment forbids the government from quartering troops in private residences. Most people today seem to assume it's because of the extra expense put onto the homeowner, but I think it's also a pretty damn clear example of implicit guarantees of privacy in the BoR. After all, few things are more intrusive than having an agent of the government living in your own house!!!
ISPs aren't private residences, of course, but the idea that the government can insist on putting a black box in ISPs "just in case" a search warrant is issued worries me. I can understand why the agents are relunctant to have ISP employees install and configure sniffers, but at the same time even the most gung-ho defender of the police has to admit that the police are not always on the side of the angels. In fact, earlier today A&E re-aired an hour-long report on the murderous corruption of the New Orleans police, and every American should remember the McCarthy era witch hunts and Nixon's "enemies list."
So call me silly, but it bothers me to think that a government agent won't be stationed inside of my residence... but *will* be stationed on my front porch where he can casually examine the contents of my mailbox, the books I'm carrying to and from the public library (which traditionally zealously protects patrons' reading material), etc.
Hmm; this is a minor, almost trivial, point... but I wonder if the FBI pays the standard co-lo fees, or if they just waved a magic wand and require the ISPs to provide free co-lo rackspace and bandwidth.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
There's a lot of scary shit that's being danced around, because nobody in the media or government has enough technical clue to ask the right questions.
The more I read from the CNN article, the more convinced I am that this is something Very Wrong.
A simple laptop. Good to see it wasn't a complicated laptop, that might've sounded like they had real power. Just a simple one, nothing to be scared of, totally harmless. Nice spin, CNN. I hope they gave your news teams "ideal camera positioning to catch the flames and explosions^W^W^Wnews footage" from the next massacre in exchange for the favor.
In geek, that sounds like, at best, it listens to *all* SMTP traffic and stores *ALL* From: and To: headers.
Whaddyawannabet that, court order or no, since "it's just like looking at the envelope", all those headers get kept, just in case some day they decide they want to do traffic analysis on everyone in the future, and/or use the data they've gathered on you when they do decide they feel you've been using one too many anonymizing relays?
Fedspeak for "Next time, we'll call it 'Guardian' or 'Defender' and maybe our PR lackeys will begin buying us beer and pussy at the local strip club again."
Hey, Fed. If you're worried about the name of your technology because it's too goddamn accurate for your PR lackeys' tastes, isn't that a hint that you might be Doing The Wrong Thing?
If they want a name for your next universal surveillance product that sounds friendlier to the public, might I suggest "Night Watch"? People too stupid to get the B5 reference will see right through it. And anyone who did watch B5 would have seen through your naming choice even if you'd called it "FluffyBunnyProtector". But at least we'll appreciate the combination of honesty and irony.
I trust NSA and CIA. I don't trust FBI. The first two are intelligence agencies; it's their job to weed out the irrelevant crap their dragnets snag. The more of us NSA and CIA can ignore, the better they can do their jobs, conserving their resources for the real threats.
FBI, on the other hand, isn't an intelligence agency, it's an enforcement agency. The more of us it can keep tabs on - whether for pr0n, oral sex in certain states, MP3z, DeCSS, expressing non-Demipublican political leanings, or anything else that might someday become criminalized - the happier it is, because every citizen is guilty of something, even if it's just spitting on the sidewalk. Every sidewalk-spitter they can find is another source of funding, because every crime, however minor, serves as an indication that More Enforcemnt Needs To Be Done.
CIA and NSA are Big Brother, but would prefer not to be so they can just get their jobs done effectively. FBI isn't Big Brother yet, but it's trying very hard to catch up. Sadly, there's nothing more dangerous than a wannabe-Big-Brother trying to prove its worth to itself.
Comment removed based on user account deletion
Because it puts us, or rather you americans, one step closer to a police state.
:)
:) but organised crime are already pretty well up on their computer technology.
Perhaps trading copyrighted mp3s is wrong but it is largely taken for granted that unless you are a major pirate then it's ok. But what if as soon as a byte of copyrighted information hits your computer without proper authorisation the FBI log it, and send out the court summons. Or maybe they should just shoot you on the spot... no too far
Realistically if criminals are doing their job properly then they will be using strong crypto and I really dont see why putting snooping systems in every ISP will actually stop them.
Sure it might catch America's Dumbest Criminals (maybe you guys dont get that show but it makes a mockery of your country
While it's certainly true that we need to allow a certain amount of policing of the populace in order to maintain the safety of the individuals. I have to question this method. What guarantees do we have that Carnivore will be used only on the "criminals"? How would we even know if they were monitoring our personal e-mails? It seems like we need some sort of system within the government it self to monitor the monitors.
My fear is the potential for abuse and misuse by misguided or simply power hungry individuals is simply too great.
Some type of watch dog agency with the power to evaluate the protections and privacy afforded to citizens, and evaluate certain random cases to ensure that where these tools were used, they were used properly.
Personally I really like the moderation / meta moderation system used at Slashdot. It gives us the ability to police ourselves, yet it provides a certain check / balance against misuse of that same power.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
I'm just glad to know that the FBI promises not to misuse Carnivore in any way and is almost fully committed to, more often than not, treat everyone's rights with equanimity and respect from this day forward (circumstances permitting of course).
...but if they need to use it to catch child molestors and their like, I think we should all be willing to give up a little freedom.
As Benjamin Franklin put it, those who would give up essential freedoms in exchange for security neither have nor deserve either. Yes, limiting law enforcement to catching criminals by fair, honest, lawful means will mean that fewer criminals will be caught. Big deal; I would much rather a million criminals have undeserved freedom than for two hundred million to lose the freedom they do deserve.
Think of the bad people they can stop, not the fact that someone might accidentally read about your dinner plans.
But they can't stop all bad people. Anyone who thinks they can is outright deluded; there is no wayy to stop all suffering, because the only surefire way to stop the suffering of the few will cause the suffering of billions more. Crime is a horrible thing, but it is far, far preferable to a police state.
For that matter, I doubt you honestly believe what you are saying. Or if you are, why don't you carry a Webcam around everywhere you go? Let everyone in the world see every single thing you do, hear every single thing you say, and so forth for the rest of your life. My guess is, you'd think I was insane for suggesting that. But when law enforcement suggests it, you jump for joy. That's hypocrisy at its finest.
I'm all for catching criminals. But I will not sacrifice my own freedom simply to deprive a criminal of his, no matter how much he may deserve it. That's a price no sane person who's really sat down and thought about these issues is willing to pay, and for a good reason.