Court to FBI - Full Public Review Of Carnivore

ka9dgx writes: "According to CNN, the judge has decided that the FBI has to make public how Carnivore works. The FBI has to come up with a timetable for disclosing how it works." More detail: The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works. This comes as a result of EPIC's fast-track Freedom of Information Act ^[?] request for information. This does not mean, however, that the source code will be made public - but it's a step in the right direction.

Re:A different take on this whole thing...

Sorry to burst your bubble, but we already did question authority, and the FBI gave us an answer. If we have a publicly (note that - publicly) appointed experts committee review it, then what's the need for EVERYONE to see it? Huh?

What about that crafty terrorist suspect out there that we don't yet have enough information about - should he or she (to be politically correct) be given a break?

Yeah - give him a little privacy. Give him/her the ability to figure out what exactly Carnivore looks for. Give him/her more knowledge about it so that he can use it to his advantage and maybe work around it like it was never there. Sure.

I for one think there are some things that I'd rather not know to protect my safety and others.

Bug fix.

[bkosse]

- if (contains(tokens,e_mail_body,e_mail_subj)) + if (!contains(tokens,e_mail_body,e_mail_subj))

Bug fix (fixing my last bugfix)

[bkosse]

Forgot to stick a
tag in there.

- if (contains(tokens,e_mail_body,e_mail_subj))
+ if (!contains(tokens,e_mail_body,e_mail_subj))

Re:Bug fix (fixing my last bugfix)

[ackthpt]

No... that was intentional... you forget it's the Eff Bee Eye we're talking about, not the Cagey Bee ;-)

It was a $500 hammer, and it cost a lot for reason

[bkosse]

Ran out of room.

The reason the hammer costs $500 is because you can stick it on a road, run over the hammer with the tank it's intended to fix, and then proceed to fix the tank with it.

Try running over a $10 hammer from the local hardware store in an M-1 and see how well it works after that.

Huh?

[bkosse]

Excuse me, but what in the fuck are you talking about?

How can you defend an "industry" that makes its money from the degredation of women?
How?

An "industry" that pushes the view that women are sluts there for male exploitation and use?
Again, Huh?

Pornography is the domain of men who can't get a real wife, and instead are forced to retreat into the fantasy land of "erotica", another liberal term that hides a disturbing truth.
What "disturbing truth?" That your religions are responsible for more discrimination and oppression of women than this "evil" called pornography?

No, I have a bit of an inside view of the industry (having dated a girl involved) and I can tell you it ain't nearly as bad as you make it out to be.

No. They're not.

[bkosse]

If you were basing them on ethics rather than pushing your morals to ethics, then there you would be shutting up. See, porn doesn't adversely impact anyone who's consensual. You claim it does, using your own assumptions to do so.

Ain't nothing to see there, folks. Just hogwash.

Orwellian Nightmares

[slpalmer]

Seems to me that the more overbearing that the govt gets, as far as monitoring us for our own good, the more repressed and mistrusting the people become.
---

OK, then the NRO then

[gelfling]

They have a nice office complex in Chantilly, VA. I don't think there is anything in the NRO charter that prohibits spying on US citizens or tracking anything within the US.

foia

[craw]

I've been reading up on the FOIA and see one likely sticking point. Information doesn't have to be disclosed if it:

would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law

There are other provisions for non-disclosure such as an Executive order. There is also a provision whereby non-disclosure is granted by a specific statute (law passed by Congress). A real juicy example of this the "Death Squad Protection" act.

Re:The FBI are just looking out for us right?

[elmegil]

Yes, but Franklin didn't live in an era were innocent children are attacked and killed every day, where pornographers make twice as much money as the regular film industry, where Islamic fundamentalists want to destroy America and where crime and murder are so commonplace. He'd have thought differently if he lived today I'm sure.

Good god. The problems with your assertions are innumerable and amazing. I hope you're just trolling, but I doubt it.

Let's see 1) children attacked and killed every day...never mind the children's crusade, the horrible state of orphans in, for example, victorian england, etc. Methinks that most children today are overall better off than in Franklin's time. If you want to bring all of culture down to the level of children, hey, have fun watching Barney for the rest of your life.

2) pornographers make lots of money...SO WHAT? How do *you* define pornography? What exactly is wrong with pornography as you define it (pretty broadly I'd guess)? If you don't like it, don't watch it, don't contribute money to it. When everyone agrees with you that it's wrong, and stops spending money on it, it will fade away. Until then, unless it is provably causing harm (and if you define it as broadly as I expect, there are many forms of porn that are only "proven" to cause harm by those who go into their studies already knowing the results) it's protected by the constitution. Sorry if that's inconvenient for you.

3)"Islamic Fundamentalists"...where can we start with the inherent racism in THAT statement? There are plenty of American Militias that wouldn't mind destroying America, at least what they see as the wrong parts of America. There are plenty of Christian Fundamentalists who don't have any problem killing gays or workers at abortion clinics (even those who don't perform abortions themselves), and even some who use Christianity to defend their racism and attacks on people who are different colors than they are. And let's go back to looking at what was going on in Franklin's time...there were British Troops looking to "destroy America" with direct warfare. That's a much more direct and credible and immediate threat than we have today, but he didn't advocate draconian measures to address it, that's why he made the statement in the first place.

4)Commonplace crime and murder...I guess you've never read much about large cities from years gone by. With fewer people it was probably easier to hide the crime and murder, but it definitely happened all the same, and in every era it has always been decried by those who believe we could be a better human race. You need to actually study some history instead of assuming that the idyllic (idullic? heh) stereotypes portrayed widely today were real.

Your arrogance in claiming to speak for Franklin and what he'd think if he lived today is amazing. He did not think we needed a big daddy government then, and we still don't need one today. There are good cases to be made that in fact a large percentage of the "modern" problems are directly RESULTING from the government trying to be big daddy. It should be obvious that if someone is forced to accept overarching and misguidedly excessive parentalism, they'll never grow up, and when something happens to leave them unsupervised they won't have learned any of the skills of self control because they didn't have to. That's when things get really ugly.

Re:The FBI are just looking out for us right?

[elmegil]

To quote one of our founders (it always gets confused as to which one):

Those who would sacrifice liberty for security deserve neither

You can rant all you like about the FBI "just doing their jobs". That is roughly equivalent to the same statement about the guards at Auschwitz. What they are doing is not authorized by the constitution, it's unreasonable search & seizure. Sure, they have to have a warrant to use the box, but once it's in place how can it be proven that they're ONLY gathering the data approved by the warrant? It sees everything, and it doesn't seem too difficult to have it squirrel things away that are convenient. Oh, and do we want to claim these boxes are hacker-proof? I wouldn't bet anything on that. What do we do when hackers get access to a machine that watches EVERY DAMN PACKET?

Re:Pornography is not "harmless"

[elmegil]

An "industry" that pushes the view that women are sluts there for male exploitation and use?

Ah, and here we see the rub. The problem is that it many cases, you are projecting your own opinion that women who are in the "industry" are sluts. There is plenty of pornography that does not make that assumption--a simple picture of a naked woman makes no perjorative prejudgement of her moral character, unlike you.

Those of us who still believe in decency need to fight those who would push their immoral filth onto society.

Um....nobody forces you to buy porn, Dan. Or do you mean that because something exists and is legal, it's forced on society? Personally, I'm more offended by those who would force Barney onto society. That, and religious people who think they are the only ones who know the ultimate truth and I have to be forced at gun point (that's what law does after all, in its final analysis) to behave by their rules.

Re:There is no "technical" lawbreaking

[elmegil]

Dan, have you ever exceeded the speed limit? Jaywalked? Lived an a southern state and had any non-missionary style sex with your wife (still illegal in some states, doesn't matter if you're married or not)? I suppose I could go on, but there are a LOT of laws on the books that are either not enforced or only selectively enforced, and LOTS of people have broken some or all of them, whether they knew or not ("ignorance of the law is no excuse" after all). I suspect that you might even be one of them.

By your definition there are probably 100,000 non-criminals in this country. Y'all gonna lock the rest of us up?

There's PLENTY of ways to break the law technically without doing anything morally wrong. Even by such strict moral standards as you profess to have. Of course by the "deserves whatever they get" standard, seems like most lawbreakers should just get the death penalty. Hey, they deserve it right?

Re:HAHAHA!

[ethereal]

Mine seems to be stuck too - I've been moderated up twice today, I haven't been moderated down at all, and yet my karma hasn't moved. I'll test this on the next article that comes out.

Re:sendmail & encryption

[Jonathan+White]

I really hate to be the voice of reality/reason but high traffic mail servers would quite simply break. You have just greatly increased the complexity of sending a message by requiring it to be encrypted, most large isp's would fail under this load.

Obviously the correct response is for the client which has many free resources to do the encryption but that of course raises all sorts of issues that have been better addressed by others.

In other words your beating a dead horse which you have zero understanding of.

Re:Way OT, but is Slashdot Hypocritical?

[Jonathan+White]

No, they got bought. Not that I criticize them for it, I would have likely done the same in their shoes. They will, like most of us, do whatever their boss says provided it does not conflict with any major moral. Do you honestly believe he should go to war over which company they use to serve a failing business model? It doesn't matter, anyone who cares has long since blocked banner ads through one of the many filters which are freely available. As for the rest, fuck it, the click through on banner ads is so abysmal that the companies providing them will tank RSN.

Re:Makes sense -- we know how a search warrent wor

[dr_strangelove]

Absolutely right. In the first place, there is no known reason that the FBI needs to place their black box on an ISP's network, since the ISP's themselves are quite capable of pulling copies of any and all e-mail traffic passing through their systems. Why does the FBI need to "do it themselves"? Don't they trust the ISP's?

Secondly, any box placed out on the net like that needs to be completely understood, simply in order to avoid having it be a huge security vulerability - security through obscurity being a really terrible idea. Not to mention being sure that it's only doing what it's supposed to.

Thirdly, the purpose of police is not "efficiency", but protection. The basic conflict between society's freedom and the police's efficency should be heavily weighted on the side of freedom and privacy. The cops job is not SUPPOSED to be easy. Tough shit, Janet.

Further deponent sayeth not...

- Dr. S

Re:sendmail & encryption

[PieceMaker]

When the patent runs out, the RSA algorithm will no longer be tainted by an (evil) patent. I.e. it will be patent-free, correct? Why shun it in that case? Why should the algorithm itself be considered evil?

I don't understand your logic.
-

Open source movement in the government.

[Gaewyn+L+Knight]

I am very glad that the governement is finally moving to make itself adhere to some more open source mentality. For all the hundreds of thousands of documents they prepare each year it is amazing how little of their actual work is published. Would be nice to see how well those government types can code their Ada :)

Re:Way OT, but is Slashdot Hypocritical?

[ashpool7]

Or who Junkbusters the web bug out . . .

Just post a URL...

[verbatim]

Just post a link to carnivore and I'm sure that the slashdot community will happily bring it to its knees. Either that or someone will hack it.. either way.. nuttin to worry about ;).

I have a better idea for the FBI

[FascDot+Killed+My+Pr]

Create your own email client. Have it auto-BCC all email to snooping@fbi.gov. Market it at DEFCON, TerrorCON, UnaCON and all the other bad guy conventions.

The set of people who are dumb enough to run this client has a great deal of overlap with the set of people who aren't smart enough to use encryption or off-shore ISPs. PLUS, it's cheaper to make (and may have income from selling it) AND has no pesky legal problems (RealMedia does it, why not the FBI?).
--

Re:A different take on this whole thing...

[VP]

IF THIS IS GOING TO PROTECT ME AND MY CHILDREN OR PEOPLE I LIVE WITH - THEN I DON'T CARE IF YOU LISTEN.

I'd give up my rights to a little phone/net privacy if it protected my family, friends, or even other innocents (as long as the information isn't made public if I'm found to be an incorrect suspect).

I don't know who is not listenning - there are two points to satisfy your support for law enforcement: ISPs can provide the information easily themselves, and the FBI can use better technology to get access to only the packets of a suspect (by hooking a sniffer to a suspects entry point, not by sniffing the whole stream).

What we currently know about Carnivore shows that it is a system ripe for abuse. Here's my hypothetical: what if a pedofile used the information from a cracked Carnivore box to learn that your daughter is going to to the mall to meet her friends at the ice cream stand?

Re:A different take on this whole thing...

[VP]

But again - why not leave it up to a select few industry experts to view/test/debug the source? No need to post the source to everyone.

Who will select the experts? Will the true experts agree to the conditions and NDAs that the government will require? Who will guarantee that the binaries used in practice are produced from the exactly same source code which was reviewed by the experts? And most importantly, there is a great example of open source security - OpenBSD. How many exploits are there for OpenBSD and how many cracked sites?

And remember, all this discussion is relevant if Carnivore is really needed. I haven't heard or read anything that would tell me what Carnivore is doing something the ISPs can't do themselves, given the appropriate court order.

Re:Bullshit

[/]

Methinks you're thinking of the CIA, not NSA. Not that it makes much difference -- they're all evil and they're all fascistic.

Re:Speaking of Haiku...

[Tower]

I can keep trying
I'm not the haiku master
But I sure get bored

--

Re:Speaking of Haiku...

[Tower]

Couldn't tell you that...
Many are on vacation
Maybe he is too?

--

Re:OT Question

[EnderWiggnz]

Two important products came out of berkeley... LSD and BSD.... This is probably not a coincidence... Think of LSD as root for your mind.
tagline

Re:Oooh! Oooh! Pick me! Pick me!

[catfood]

A similar "group of experts" was used to review the Clipper encryption chip.

Amazingly, the selected experts were all law-enforcement-friendly (in the pejorative sense) and amazingly, they all said it looked fine, no civil liberties worries.

Prepare to be amazed again if the court settles for a group of experts.

Re:The FBI are just looking out for us right?

[Steve+B]

Yes, but Franklin didn't live in an era were innocent children are attacked and killed every day, where pornographers make twice as much money as the regular film industry, where Islamic fundamentalists want to destroy America and where crime and murder are so commonplace.

No, he lived in an era when his culture occupied a narrow strip of seacoast, beyond which lay a vast frontier full of hostile natives. (Not that the natives didn't have good reason to be hostile, but that's beside the point, which is that modern times simply aren't fundamentally different from earlier periods.)
/.

Carnivore-Why gov't likes big AOL/Time Warner ISPs

[laetus]

This is exactly why the government likes these big mega-mergers of bandwidth pipeline companies. It's easier to place these carnivore units in just a few major ISPs and easier to keep it quiet.

---------------------------------

Privacy and secrets

[prak]

I don't think I would mind losing privacy quite as much if it meant the government and corporations and such also lost an equivalent amount of privacy. Wide scale tracking of individuals seems to be happening at the same point that large organizations are required to tell us less. If they want to track me at least allow me the courtesy of tracking them as well. Secrets suck.

-prak

Re:sendmail & encryption

[soma813]

so most servers could be doing this if their Admins wanted to set it up.

It is difficult enough explaining over the phone how to set up mail.domain.tld as the pop-3 and the smtp server. Let alone how to set up the ssl connection in X different mail clients.

Leave it to the customers. If they want it encrypted, they'll encrypt it.

Re:Easier Solution [OT]

[soma813]

Nothing wrong with republicans.

They are the only ones who realize that we don't need those stinking dirty poor.

"We're gunna Kill Kill Kill Kill the Poor tonight." -- Jello Biafra

Timetable=Time to obfuscate

[quonsar]

So, the court says FBI has 10 days to come up with a timetable for revealing the information, and this is viewed as encouraging? This is nonsense. You know if that was YOU, (or say, Fanning of Napster) before that judge, and he wanted something you had, he'd call a recess for 2 hours and order you and your lawyers to go fetch it, NOW, under threats of being found in contempt and jailed. I don't know much about FOIA, but being a local govt employee, I do know there are time frames to allow you to gather/compile/locate the requested data. But, how long has the request been pending now? Ten days to cough up the information is reasonable, 10 days to present a "timetable" for producing the information is nothing but bullshit. Look for more bullshit in the near future.

"I will gladly pay you today, sir, and eat up

Re:The FBI are just looking out for us right?

[aonifer]

Yes, but Franklin didn't live in an era were innocent children are attacked and killed every day

Sure he did.

where pornographers make twice as much money as the regular film industry

Of course, porn isn't illegal, so this is irrelevant. Besides, from what I know about Franklin, he'd probably be one of the porn industry's best customers.

where Islamic fundamentalists want to destroy America

No, he only lived during and just after the freakin' Revolutionary War, when terrorism was more than just something that might happen here someday. He gave up a hell of a lot more security than you are willing to just to make this country.

where crime and murder are so commonplace.

Which, of course, he did.

He'd have thought differently if he lived today I'm sure.

Since he's dead, it's pretty much a moot point.

Without agencies like the FBI, CIA, NSA etc. having sufficient powers to protect us, we are risking the lives of people, especially those who are most vulnerable such as the poor.

Absolute power corrupts absolutely. That was the whole idea behind the United States in the first place.

Re:It was just an *example*

[Kintanon]

Except that it will allow terrorists and criminals to learn how to bypass it, thus making it ineffective. Which is, I suppose, what liberals like you want to happen isn't it?



In case no one has noticed yet, this guy is a troll, pure and simple. He isn't making any valid points, isn't providing any kind of logical argument, and isn't showing any evidence to back up anything he's said.

With that said, I'll look out for my own safety and all those Pig Fucking Cops can go to hell. Useless bunch of bastards, I've never seen a cop do anything useful. In fact, usually when I see a cop they are either doing nothing or pulling over some poor guy for driving faster than the posted speed limit.

Fire 'em all, take their guns, give them to the citizens, use the budget for the cops to train all of the citizens to use guns.

Kintanon

Note: This was simply a notice that you've been talking to a troll followed by my own Ranting opinion. I have no arguments, no facts, and no evidence and do not expect any responses or moderations.

Re:This means nothing

[jhittner]

I think that the only chance is that the software will be reviewed as it stands now (only to apease the people who are scared of Big Brother). Once the software is installed, and a few months go by, people will forget about it, the the goverment can upgrade to version 1.001 without people noting, and that "patch" could change the functionality of the software completly. Once the goverment has this in place, there big battle is over, and they can do anything they want

This means nothing

[jhittner]

So the original version of the software will have almost no functionality, but will have room for modules or plugins or such. Then the goverment can add small fixes remotly in the future, which they will not document. There are a million ways for the goverment to hide features of the software. I still would not trust them.

Re:This means nothing

[Blue+Weirdo]

What do you think are the chances that any agency (court appointed???) would be able to review the actual operation of the software once it is installed?

Hello? (Criminals)

[karb]

Disclaimer : I work for a contractor that works for a government agency, and the omission of certain details in that statement is important (wink wink). So, that either makes me evil or knowledgeable, or perhaps both. I do not speak for the government in any way, but I thought you should know that I'm knowledgeable. Or evil.

Hmm. While I've seen a lot of talk of ways to defeat the government (encrypt all email, disallow FBI electronic wiretaps), undermine their traditional authority (mandate information collection by a third party), be a typical management person (the FBI shouldn't be allowed to provide their own timetable for disclosure), or perhaps just being too darn invasive about how they work (demanding source to carnivore), I've seen precious little that actually allows the FBI to collect evidence and catch criminals.

While the problem of privacy is important, the FBI actually catches criminals. The CIA actually thwarts terrorist plots. The NSA actually collects data that they feed to other organizations that saves the lives of americans and their allies at home and abroad.

These people are not maintaining vast organizations for the sole purpose of keeping you from having the latest 128 meg encryption scheme and stealing your credit card numbers and cataloging (sp?) your web-surfing habits.

And what do you think happens when joe FBI agent hears privacy activists on one hand telling them carnivore is evil, and on the other hand remember last week when some child molestor was convicted or caught because of incriminating email? Or jill CIA agent hears that the government shouldn't listen into foreign broadcasts when a cell phone message intercepted by the NSA saved her life? Why does the intelligence/law enforcement/military community seem to ignore pleas for privacy unless mandated by congress? Because less privacy for the common person helps them achieve their goals as mandated by the common person.

Until somebody realizes that these people do actual work, and the 28 or so american intelligence agencies, DOJ, and military aren't nefarious organizations devoted to opressing the american people, and every inch we take away from them might cost somebody their life, or let some guy who jacked your brother go free and that, oh my so-maybe-we-need-a-little-less-privacy-from-the-go vernment-after-all-because-without-invad ing-bad-guy's-privacy-life-would-suck, it's hard to expect them to budge, or even want to budge.

There's a win-win situation, because what we want is not opposed to what they want. We want our privacy, but we need to admit that it might need to be violated for the common good (or for our own). But if you demonize your 'enemies' instead of understanding them, you'll never reach a common ground and you'll fight forever. They need to explain what they can and can't do and why they need the power to do this in a more meaningful way, and perhaps submit to checks on their power when it will not diminish their effectiveness. But until we can explain what we want in a way coincident with the realization they have a job to do, *or* promote mass ignorance as to the purpose of these groups (something slashdot promotes) so the government will restrict them, we will make little progress.

Pardon the run-on's. I'm speaking in words. (and go mass ignorance!)

Re:$50 Hammer anyone?

[Bullschmidt]

Actually, the real source of the $500 hammer is that classification of expenses is poor. The $500 hammer was actually a $20 hammer with $480 worth of expenses from other things, completely unrelated to the hammer, that got grouped with it. Its just bad bookkeeping, and then they divide it up without caring how much sense it makes.

Who cares how it works?

[Kook9]

It's sufficient to know what it does. From that, I can infer how it can be abused. And from there, decide I don't want anything to do with it.

Don't open the source; destroy it.

Kook9 out.

Re:Who cares how it works?

[hiryuu]

It's sufficient to know what it does. From that, I can infer how it can be abused. And from there, decide I don't want anything to do with it.

Agreed; we know that phone taps for voice calls can be and are abused, which is why we would never accept a central switch through which all voice calls are routed and screened and possibly stored. This in spite of knowing how such would work in detail.

(Not that I've just added that much to the discussion, but the comparison seems valid to me.)

Don't open the source; destroy it.

Aside from waiting for congressional or executive action to throw this thing straight into hell, what would politically and/or legally knowledgeable /. readers say is a good way for the average schmoe to fight this? I'm aware of the necessity of encrypting emails, security, and whatnot - but I don't want to know how to deal with it. I want to know how to help kill it (albeit in a civic-minded manner).:)

I don't think so...

[Noryungi]

Does anyone seriously think the FBI is going to reveal what's inside the Carnivore machine and its "modus operandi"?

I mean, it would be soooooo easy for them to present incomplete schematics and/or software list and either classify the rest ("We can't risk being cracked, your honor!") or add "new" functions when a judge is not looking? Like intercepting every email instead of just one suspect user being investigated? For that matter, is the judge a computer/IP/network expert?

Was it not the FBI that asked (and almost got) the right to intercept every 'net and phone communications a few years ago?

Sheesh. Time to find that PGP copy I had somewhere... =)

Just my US$ 0.02...

Re:I don't think so...

[Stonehand]

Perhaps even more amusing, I'm pretty sure that years ago they politely requested that phone companies not switch to fiber optics quite so quickly, as it's more difficult to tap them undetectably... Request refused, heh.

Re:It was a $500 hammer, and it cost a lot for rea

[Stonehand]

In addition, something that most reporters of that sort of story tend to neglect was that in that period, overhead allocation was often straightforward -- assign overhead expenses equally to everything, rather than calculate on a per-item basis. I believe that they may have changed their accounting rules in the early 90's, 'tho, or sometime 'round then.

$50 Hammer anyone?

[Ghengis]

Judging by the way our government spends money, they're probably using the time to cover up the fact that this thing probably costs about 453 times what it's worth, or what it would cost any other company (even Micro$oft) to make. Go tax dollars, GO!

Re:sendmail & encryption

[aidoneus]

Someone could write a reference implementation but unfortunately, most users will stick with the Outlook/Netscape/Eudora/AOL/etc software that they're used to.

Actually, the last version of PGP I installed (the free international version 6.5) had an option in it to install a plug-in to Outlook or Eudora to allow you to encrypt with a single mouse click. Not much, but it's a start.

It has to interface to the ISP.

[jhines]

Given that almost all ISP's use dynamically assigned IP numbers, carnivore would have to hook into the ISP's authenticantion services (radius?) to determine the IP number in use by a single dial in user. I don't see how carnivore could function, legally, without the full co-operation of the ISP, and interfacing with their authentication services.

Re:It has to interface to the ISP.

[cmilkosky]

I don't think you need an IP or any ISP authentication to watch or capture packets.

If your device's interface can see ethernet packets, why can't you also capture them and then decode them? TCP/IP exists at a different layer in the OSI reference model than does ethernet. TCP/IP is encapsulated within ethernet packets. So, if you had a device that sat at the right place on an ethernet network (like a gateway's uplink, the DMZ, or where a major pipe is), it would only need to be able to capture ethernet packets to be able to see the data inside whether it be TCP/IP, IPX/SPX, whatever.

Re:Bullshit

[$nyper]

"Actually... The NSA can't monitor American Citizens, so there would be serious problems with the FBI saying that the NSA built it for the purpose of domestic surveillance."

That would only be if the FBI and NSA did not have Congressional aproval for the two to work together. Who said that congress did not give them permission to cooperate in development of the CARNIVORE device and then bury the order under the guise of national security. This shit happens more often than you might think.

Who Cares About CARNIVORE

[$nyper]

Personally, I think everyone should just stop bitching about this and learn to encrypt your e-mail. PGP & GPG works for me, if they can't read the message then they can't sniff for key words. Also they could not stop a message just because it is encrypted is the same type of bull shit as a police officer pulling over someone just because he/she is black. That shit will be thrown out of court because they invaded your privacy without probable cause. Well guess they could say that the packet had a header light out and that is why they pulled it over. Or even better, the packet in question was bouncing from router to router with such great speed and inconsistency we thought it might be intoxicated. My main argument is that an encrypted message is synonymous with evil in same way that an Ethnic Minority is synonymous with drug dealer.

This whole case is just going to push more people to encrypt their data and personally for that reason I say, BRING IT ON! Anything that makes people take a look at the increasing need for the protection of their data is great with me. I personally think the FBI is shooting themselves in the foot with CARNIVORE.

Note to ISPs

[$nyper]

[Note to ISPs:]
Block the device at your router's access list. Don't let data originating from this device transimit data off your network. Also don't allow the device to receive any data that did not originate from your network. This will require the FBI to submit a formal request to receive this data and not allow them to access it at will.

[Small Rant:]
Also do you think disgrunteled ISPs will publish the device's IP address so that script kiddies can DoS/DDoS it 24/7 365 day a year? My God that is the most justified use I think I have ever heard of for a DoS/DDoS attack? I can see it now, web pages being defaced all over the world with "WE DoS FOR YOUR PRIVACY!" My God, this shit just gets better and better the more I think about it.

Maybe...

[jlovette69]

Maybe if we're lucky the FBI will GPL it! OpenSource Carnivore. That might explain the unusually cold weather that hell has been experiencing lately.

Re:The FBI are just looking out for us right?

[Borealis]

This is a nonsense troll. Granting carte blanche to any agency will result in the subsequent corruption of that agency. The current system is in place to provide checks and balances so that agencies *cannot* abuse their power.

Unreasoned railing against the FBI is unjustified, but preventing them from circumventing a constitution restriction is hardly out of line. We all have the right to our privacy (against unwarranted search and seizure). Why should we give up this right because the FBI feels like it isn't important anymore? The FBI does provide a useful service *most* of the time, but occasionally they go and do something stupid like blowing away some guy's pregnant wife, right after they've killed his son. Don't assume the FBI is always in the right, as a human agency their likelyhood of acting responsibly 100% of the time is effectively nil.

Do you want the FBI knowing about the porn you look at (incidentally, looking at porn is not illegal) so that they can use it to blackmail you to report on a friend of yours that they think is a criminal? Do you want them seeing your son's email to a friend telling them what great weed there was at that party last night and how their dad was pissed when they came back stoned (failure to report a crime, even on your son, can be interpreted as accessory to that crime).

Re:RSA is NOT evil

[kevinank]

ECC may not be as simple as RSA, but it source
code is available. We used ECC for protecting
E-speak (which is GPL'd software -- fully open
including the crypto) and published it under the
new rules for public domain, and public domain-
like software.

-kls

Re:10 days to decide...

[TheCarp]

I have to agree here.

What carnivore does, according to its description, is a simple, passive thing. It collects the emails going to/from a specific person.

It is trivial to design a system, or any number of systems, which do this, are undetectible, and impossible to fool (well short of keeping a second email acount under a different name...but that is beyond the scope of the system anyway - it woul dbe like a second phone line that they don't know about).

Since this is the case, disclosure of the source code should have NO effect on the usability of the system. So, if they are telling the truth, then they have NOTHING to lose by publication of the source code.

Its OUR (US Citizens) source code, paid for by OUR tax dollars. Since, if they are telling the truth, no security would be lost by publication, they have NO right to NOT publish it.

Then again, I supose thats like a store keeper saying "the mob boss used the money he extorted from me to pay for that mansion, he has no right to not let me inside". Which is much closer to the truth, since I doubt they will publish it. Then again, I have been called cynical.

Re:The FBI are just looking out for us right?

[Builder]

Those who exchange their freedom for security shall have neither. Can't remember who said it. But take note of it!
/* Wayne Pascoe

Re:It's nothing without source code

[skiy]

Yeah, the source code would be nice, but also, what 'Carnivore' does is most likely VERY dependant on the input it is given by the people who install it.

If it is for example a simple grep searching for suspect words (I know it likely isn't), but how do you tell what input it is going to be given by just seeing the source code?
Answer, you don't.

The chances are, even if they release the source, it won't tell you as much as you'd like, and chances are it won't even be the real source anyway.

Just a thought.
skiy.

Re:sendmail & encryption

[Richy_T]

But the FBI are talking about installing their evilly thing in ISPs anyway so you can't trust anything once it's escaped your computer. Also, unless the sendmail daemons are talking all the time, there's still room for some traffic analysis anyway. And presumably the sendmail hosts are still adding to the path header so traffic can be analysed when the message pops out the other end.

I see your point though and ISPs should be using secure conenctions between sendmails just as a matter of good form.

Perhaps it's time for a new paradigm for message transmission anyway, one where the messages aren't sent directly to the target but to a central repository where the target connects to and retrieves the messages they're interested in plus a bunch of ones for other people (that they don't have the keys for) that they discard. Even then, it will still be vulnerable to analysis in the long term. It seems that defeating traffic analysis is complex and to be effective, demands largescale wasting of bandwidth.

I think for most people though, encryption of all messages they send and receive is an important first step. Definitely things like the subject line need to be wrapped up in the encryption though. I guess ideally the software would change the subject to "Encrypted message" or just random junk.

Rich

Re:sendmail & encryption

[Fesh]

But if you erased all the laws, then the state wouldn't be corrupt, because you would not be benefitting from your leadership through the use of law. If you could get anyone to do what you say anyway, because everyone would have freedom to do whatever they wanted in the absence of laws. And even if your one law said "you will obey whatever 11223 says", that actually translates into more laws every time you tell someone to do something, although they're implicit instead of explicit.

Sorry for the offtopic post all... I just had to feed the troll... :)

--Fesh

Re:Gov't has a LONG history of spying on us

[Jawbox]

Sure, if they suspect that my next door neighbor is a child molestor, go through the proper channels and get a search warrent they can listen in on all the phone calls made from and to that person. However, that may or may not be the case in this instance. The real worry here is not that they are using Carnivore to read the packets going into and out of your neighbors house but to tap the lines further up and just listen into the conversations of everyone on the same ISP as your neighbor. We don't allow that when the FBI wants to tap phonelines? Why should we allow it on an ISP?

Now, why should it matter right? Does it really matter if the FBI finds out that you spend 80 hours a week in alt.sex.*? No, it doesn't. But on the other hand what if they know that you belong to a trade union? What if they know that you have friends in China or a nation that isn't friendly to the states? What if they know that you regularly demonstrate against the goverment on issues of civil rights? With the state of data mining technology you may become a name on a list of known Subversives for simple activities which have no criminal origins.

Now this probably doesn't scare you, you know you and your kids are safe from criminals but who the hell is protecting you from the law enforcement agencys? There is a real reason why we, in the United States, limit police power and that is because in the matter of a criminal investigation the police have far more power than the accused individual.

Can we trust that?

[SpookComix]

Ok, this may sound stupid, but just because the FBI "discloses" this information, how will we know they're telling the truth? If they don't have to disclose the source, then there's no way to know if they're really disclosing anything in the first place.

[Court]: How does Carnivore work?
[FBI]: Well, it's real complicated. We've developed a new technology called CrackSniffer. It just looks at stuff. We'd tell you exactly how it works, but that's confidential. This is not an open source project, you know.
[Court]: Oh, ok. Thanks. We trust you completely. The public will be happy to know this information.

Are we going to believe anything they say, without seeing the source?

--SpookComix

Re:The FBI are just looking out for us right?

[Smitty825]

I totally agree with this comment above. Also, remember about a year ago when we were discussing the Porn-Filtering software available? I remember that several of those software manufacutres blocked several porn sites AND the sites that was critical of their software...

Re:The FBI are just looking out for us right?

[Smitty825]

Yes, but Franklin didn't live in an era were innocent children are attacked and killed every day, where pornographers make twice as much money as the regular film industry, where Islamic fundamentalists want to destroy America and where crime and murder are so commonplace.

Don--

I am just curious where you got that iformation? Almost all of the information taht I've heard is that crime rates are at their all time lowest (I read an article about 3 months ago in the San Diego Union Tribune that even had statistics that gun-violence is at one of the lowest points in the last 50 years, despite what we may read in the newspaper). The reason that so many people think it is so high, is because the media focuses on crime, as focusing on crime increases their viewers.

Also, about the Islamic Fundamentalists, I think that your statement about them is very racist. I have friends that grew up in the middle east that don't want to blow up the US, and I'm sure that there are lots of non-Islamic people that wish to blow up the US...

Re:The FBI are just looking out for us right?

[Ozzy]

The degredation of women? Consenting women who enjoy their work? They can be degraded for all I care, I think it allows men to appreciate that their woman is a little more 3 dimensional than some slut in the Horse of Hector position.

Show me a statistic that links porn to rape. Please. Anyone who takes porn as seriously as you do should be locked up. I know I don't. But I will fight to protect it, because while it may be immoral in the eyes of some, it is legal and protected by the 1st.

Waco was probably the single most failed effort by the FBI ever. Almost everyone inside the compound died, most were just innocent followers of an insane evangalist. Do you honestly think it was a success? Are you condoning the reading of all your e-mail simply to label people as dangerous or not? Write the wrong word in a different context and have yourself on a blacklist?

You speak from your ass good sir.
I suggest collaborating with Dan McNamara (aka. Anti_Porn) to create the ultimate-slashdot-super-anti-liberal-pro-totalitar ianism-troll.

Re:I'm so sick of this tired quote.

[KahunaBurger]

Mugger: Your wallet or you die!

*laugh* only on /. could someone consider a retorical response to retoric the same as a retorical response to a violent threat.

"Book learning" as you describe an actual attempt to think about buzzphrases, may never save me from a mugger, but it has saved me multiple times from the shoddy thinking I see here.

-Kahuna Burger

Re:The FBI are just looking out for us right?

[scott@b]

Yup - gotta watch out for thos Muslims like Timothy McVeigh and Terry Nichols - obvious ragheads.

As for being a criminal and having nothing to worry about - I've seen a number of estimates of the percentage of citizens that are technically lawbreakers. Most countries have an enormous number of rules, regulations, and laws. The estimates are that the majority of people have broken some of those laws, perhaps intentionally, perhaps unwittingly. In some cases the authorities knew of the transgression but did not act; later when the individual became annoying for some other reason, out pops the records of those criminal acts and into the slammeer with the criminal.

Now, whe nyou start protesting the building of a hazardous waste processing plant next to your house, do you want everything you'ce said/written/emailed/done on record, waiting for "friend of economic development" to dig them out and start legal processes against you?

I think James Schmitz and Thomas Jeffereson had it right.

Re:There is no "technical" lawbreaking

[scott@b]

As I said - almost everyone is a lawbreaker, and thus by your definition a criminal. Have you ever driven over the speed limit? Had a parking meter expire, returned to you car before you got ticketed, and not dropped in some money to cover the expired time? Burned a piece of trash in your fireplace? Jaywalked? Forgotten to list some income on your tax form? Watered your lawn or garden on a conservation day?

If every lawbreaker was put into jail, we'd end up like the planet in Venus on the Half Shell, with the entire population behind bars. Or Niven's not-too-distant-Earth in the Known Space series, where littering and jaywalking are punishable by death (to get spare parts)

As for anarchy and right minded people, some might say that's exactly what a right-minded person would want. Too many laws, too many laybreakers, doesn't bring piece and security but rather destroys them.

Essential: In the constitution?

[coyo]

I think that would cover it for me. This is a constitutional issue and I don't think I'm being wild and wacky by claiming the freedoms in that document can be considered the essnetial ones.

-coyo

Re:ignoring the law

[coyo]

You have yet to convince me that the internet is threat enough to bend the Constitution. How many people have been hurt by the internet in a way that the FBI could have previously prevented? Invalid questions I am sure, but call me curious.

No, I don't use Napster and have no intention of doing so. Yes, I love my family but I think daily traffic poses a larger risk than anything here. No, I do not think we should stop traffic just to make people safer.

-coyo

ignoring the law

[coyo]

Some laws you like, some you don't. It is generally accepted that you change the laws you don't like, rather than break them.

It sounds like you would like to change the Bill of Rights to get around this little problem or just have the FBI break the law.

If you want safety, just criogenically freeze your family. The universe is a dangerous place. Being safe is pretty nice, but it isn't everyone's goal, nor should it be.

-coyo

Re:The FBI are just looking out for us right?

[BgJonson79]

I think you're close. The tough part is balancing security with privacy. And since for each person there is a different threshold, it's not exactly cut and dry, black and white, 1's and 0's.

Speaking of Haiku...

[Anomalous+Canard]

Where's five-seven-five,
onetime master of haiku?
Did he get a life?

--
Anomalous: deviating from what is usual, normal, or expected

Re:Speaking of Haiku...

[Anomalous+Canard]

Cascades can be fun.
But there are other stories
Claiming attention.
--
Anomalous: deviating from what is usual, normal, or expected

Re:Speaking of Haiku...

[Anomalous+Canard]

Vacation? What nerve!
I'll bet he's gone to the beach.
I want my haiku!

--
Anomalous: deviating from what is usual, normal, or expected

Re:It was just an *example*

[0x0000]

It was just an example of a threat we face today. I don't have anything in particular against Arabs, just when they start blowing our buildings and citizens up.

And as another example, I don't have anything in particular against bigots ... until they try to codify their bigotry into law and policy of a government.

Except that it will allow terrorists and criminals to learn how to bypass it, thus making it ineffective. Which is, I suppose, what liberals like you want to happen isn't it?

You're a fool, Hayes. You're god damned fool.

"ASAPracticable"?

[theuglykid]

How long would it take to rewrite Carnivore or a Carnivore-like software, knowing what little we do about the product? Would anyone like to take a shot at that? I feel like the FBI began rewriting the program when the story broke. It could be possible when you consider the "think tank" the government is supposed to have.

In addition, assuming they could pull off a rewrite/revision/whatever, would they also be obligated to release that version?

Re:"ASAPracticable"?

[ocelotbob]

I assume that if you wanted a fast, painless, and intelligent filter, I'd assume that someone with some sendmail and perl skills could hack together a filter quickly. From what has come out about it, it simply copies the emails of a certain party or group, and then applies various filters to look for key phrases, words, etc. It honestly doesn't look like it's that complicated of a program, just a fast box that's probably been seriously hardened (heavy encryption, logging on everything, etc) and some generic filters applied to it.

Re:"ASAPracticable"?

[ocelotbob]

They don't. It's simple to just look at the header to get the to/from info, and from my knowledge of the latest versions of sendmail, you can siphon off those messages destined to the party being monitored. Of course, they probably want to check addresses that are close, in case there are any typos, etc.

Re:"ASAPracticable"?

[Blue+Weirdo]

Just had a though. I may be exposing my ignorance here but, why do they need to look at every e.mail message that goes through an ISP? If this is supposed to be a warrant issued thing where they are trying to "tap" everything a particular individual sends then why do they need to open up my e.mail, they should be able to look at the packet info, or message header, etc, to determine the sender or recipient of a message.

Re:Carnivore src revealed! [You read it here first

[cmilkosky]

Moderator - you'd be doing this place a disservice if you didn't place Funny on this!

Re:Telephone Call from FBI

[cmilkosky]

Wasn't that on one of the Xfiles reruns? =]

Re:sendmail & encryption

[AshPattern]

Make sure you don't use your word processor, either. It was "tainted by an evil patent" long ago.

SO?

[bdumm]

So what is this going to do really? I mean I watched all of the cspan segment with the FBI and they explained how it worked.

The sniffer takes the stream, makes a copy, releases the originial stream back to it's destination and then takes the copy, applies it's "filter", gets their "traffic" and then "throws the rest away".

But the problem is no one is going to believe the FBI is not going to abuse that in any way. And we still won't get open source because it has "proprietary" software that the FBI couldn't possibly open source.

What is needed is to re-write the tool so that it is based on open source, and add in some new code that puts in whatever checks and balances are needed. Could even be network enabled and encrypted checks and balances, mmmm......

Otherwise this is a lot of hot air with no solution. I thought someone said "code is law". Well this is a mighty fine test of that, wouldn't you think?

Not open source... Yet?

[novakane007]

Come on?! I think it's a good idea that this isn't open source. That's all we need is everyone using this software. It's bad enough that the FBI is running it! I don't trust the FBI as far as I could bowl them, but I certainley trust them more than some 14 year old scripty. I love the push for open source apps, but I beleive when it comes to security related programs there should be some resistance to giving it away freely to just anyone. Distrobution promotes lazy admins to buckle down or get bombed, but it also contributes to the number of people that are attempting hacks and monitoring data. Powerful software should not fall into the wrong hands. It's probably easier said than done, but let's not post carnivore so a bunch of kids or your boss! start reading everyone's mail!

Re:The FBI are just looking out for us right?

[Yamao]

Why is this a troll?

I'm not saying that I agree with his statements, but he did contribute to the discussion with his viewpoint.

Maybe somebody ought to read the moderator guidelines again...

Re:Would terminating it be better?

[Misch]

If "Mr. Smith" holds up a warrant then you can bet your ass they will. I don't see why (form a tech standpoint) an ISP would not be able to do this now (Or years ago).

You're missing my point. My point is that ISP's don't let just anyone come in and place a black box between their boxes and their outside lines.

People didn't read previous articles on what Carnivore DOES. The person who commented on "people getting the code and modifying it" doesn't really do anything because you CAN'T PLACE A BOX between the ISP's line and their boxes...

It's like a person talking on a land-based phone line... unless you tap into the system UPSTREAM from them, there is NO WAY to listen in on what is being said. From previous articles, this appears how Carnivore works. The black box is installed at the ISP LEVEL... so unless the script kiddie runs an ISP, it's no threat to people if the code is published... (of course, that doesn't prevent ISP's from bulding Carnivore Boxes, but that's a completeley different story.)

Re:HAHAHA!

[Misch]

Hey, cool. Something broke in the moderation system and I can't lose karma anymore. Mod this all down - it doesn't make any difference anymore. Hahaha! My karma is stuck at 113!

1 + (-1) = 0. Fill the hole. (Jamie Escalante). Somebody mods you up, somebody mods you down. karma remains unchanged.

so?

[hakalugi]

This may be mostly useful for saying: "see they didn't show us how it works even though they were told"

their delay is either:

1) sloth/busyness; 2) them 'making' a more acceptable/public version; 3) they'll release it 90% black ink'd-for national security reasons

Re:The FBI are just looking out for us right?

[Whoozit]

Well, let's put it this way. I'd rather have the FBI read my mail and catch a child molester, pornographer or some other kind of pervert than have privacy and dangerous people loose in society. Since I'm not a criminal I've got nothing to worry about. Only criminals need to worry about a system like Carnivore.

This argument may seem to make sense at first, but there is clearly something wrong with it. I think this quote illustrates the point: "First they came for the hackers.
But I never did anything illegal with my computer, so I didn't speak up.
Then they came for the pornographers.
But I thought there was too much smut on the Internet anyway, so I didn't speak up.
Then they came for the anonymous remailers.
But a lot of nasty stuff gets sent from anon.penet.fi, so I didn't speak up.
Then they came for the encryption users.
But I could never figure out how to work PGP anyway, so I didn't speak up.
Then they came for me.
And by that time there was no one left to speak up."
- Alara Rogers, Aleph Press

The moral of this story is - when you start giving up freedoms you've enjoyed, you begin the slide down a slippery slope. Today they're asking for the unlimited power (if they can do it with Carnivore, they will, warrant or no) to monitor all e-mails. Tomorrow what will it be? All traffic on the Internet? Cameras in your house? Bugs in your clothes? The more you give, no matter how reasonable it seems, the more they will want to take.

And always remember, if you give something up, you should get something in return. In this case, to circumvent carnivore, all you have to do is encrypt your e-mail. The smart criminals - that is, the ones that extra measures would be useful for in the first place - would definitely do this anyway.

So we are giving up our freedom for nothing.

Re:Source Code?

[jstupid]

If a process is genuinely safe from attack, then it doesn't matter if the specification is released or not. A good example of this principle is PGP. All of these encryption algorithms are known (RSA is patented, but still known) This allows everyone to be sure of the safety, given large enough key sizes.

In fact, releasing the spec helps find potential holes faster. Yes, it also helps potential attackers in, but attackers are going to get into an insecure system regardless.

I beleive that we as citizens have a right to know exacly how systems we pay for work and what vulnrabilities exist that could be potentially harmful, not only to FBI investigations but to ourselves.

In summary, if the system is really secure, the FBI has no reason to fear telling us how it works. If the system isn't secure, it doesn't matter much whether the spec is public or not, it will be broken.

National Police Force

[albamuth]

...is all the FBI amounts to. And think about the origin of the pigs:

Lancastshire, England - at the start of the industrial revolution. Suddenly certain people are getting wealthy (not just royalty) and most everyone else is crowding into cities and working 40 hours a week (in contrast, even a medieval peasant worked no more than 20 hours a week!).

Well, there was nothing between the few rich and the many poor - so they created pigs. Peel was the name of one of those famous first pigs, so they used to call them "peelers".

Anyway, these guys were basically paid to stand around and watch people going about - and people didn't like that too much, that is, having some geezer standing about just watching. So a lot of times a mob would get together and torch the pig house and they'd have to start all over again. In fact, sometimes they'd tear the place down before they even finish building it. Eventually the rich just hired the army to guard the construction of the pig houses.

So just remember that pigs are just there to protect the rich from the poor, just like the army is protect the aristocracy from it's subjects. Since when has a pig done anything except get there too late, or shoot the wrong guy (or some kid), or defend the interests of the status quo, eh?

Same goes with the FBI - A nationalist pig force. And the best way for them to keep us from taking back what's ours in the first place is to watch us all as much as possible. The child pornography BS is a distraction - overhyped by the media.

"OFF THE PIGS" -Popular Slogan

Huzzah!

[David+P]

Haha, yeah! Microsoft sucks!! Linux is the most perfect piece of software ever concieved!!

---------------

One question...

[baka_boy]

If the government doesn't have the right to put packet sniffers on the net, and look for traffic to and from "interesting parties", then do system administrators have a right to watch traffic on their internal networks to watch for possible attacks from within, or poor security practices by users? Both of them are "just doing their job," and both invade the privacy of those they monitor.

Re:HAHAHA!

[freebe]

Oh, bah. I filled that in on my own user page, much like Signal 11 did. But my karma is indeed stuck at 113. That number is part of the User Bio.

Re:Way OT, but is Slashdot Hypocritical?

[freebe]

I'm more concerned with stopping advertisers from using Java in banner ads, or sound,or shockwave, or...

Here's an experiment for you: Run slashdot on netscape over a network connection, maybe a slow one. Then wait until slashdot puts up the "Internet Time" ad. Watch Netscape crash and burn as it attempts to display that ad at 500fps. Ick!

Sorry, that's just been bugging me.

Re:The FBI are just looking out for us right?

[AnUnnamedSource]

The reason they exist is to protect us from the increasing number of criminals, terrorists, child molesters, bigots and dictators that exist both inside and outside of the US.

I am not aware that being a bigot is illegal. The FBI should not be snooping on people just because they/we disagree with them.

Re:Would terminating it be better?

[Blue+Weirdo]

"Re:Would terminating it be better? (Score:2) by Misch (pmm9979@rit.removemetoreply.edu) on Thursday August 03, @11:34AM EDT (#111) (User #158807 Info) http://www.rit.edu/~pmm9979/ Sure. I'll give you the instructions on how to make the wiretap (Carnivore). However, you can't have access to the wire itself (fiber, copper, or otherwise.) From everything I've read, carnivore is still a "box" that needs to be PHYSICALLY connected to the ISP's line. And I can't think of any ISP that will just say, "Sure Mr. Smith, come on over and tie you packet sniffer directly into our incoming line." If "Mr. Smith" holds up a warrant then you can bet your ass they will. I don't see why (form a tech standpoint) an ISP would not be able to do this now (Or years ago).

Re:A different take on this whole thing...

[Capt.+Beyond]

You obviously trust the FBI to tell us what they are up too.I do not. Remember it was the FBI that blacklisted, and persecuted Americans that did not share their same politcal beliefs. What makes you think that they have changed in any way? What makes you think they won't use it illegally? What makes you think they won't use it for political reasons? Ever read '1984'? I did, and I see Big Brother everywhere. Camera's are everywhere. In Colorado, they have these devices set up that take a photo of a 'speeding' car, and then they mail a ticket to the owner of the license plate. You don't think people are accused wrongly? What if someone steals your car for the hour, and gets caught with one of those. You still have to pay the ticket, or they jack-boot your car. Big Brother is Watching. You are surrendering your freedom everytime they institute measures for the sake of security.
Life is not secure.

Privacy

[.sig]

Well, on the off cahance that the government can actually get something done on a reasonable timeline, it looks like we can't get away with e-mail crime anymore. Maybe this will finally put an end to all those happy spammers. I know I for one would give up just about every personal freedom to be rid of unwanted email.
Who knows, maybe they might even accomplish something even more usefull.... Sure, it could happen
Seriously, though, there are always tradeoffs to government involvement in personal affairs, but I'd definately be a lot happier if I knew what exactly they'd be doing.
(Next thing you know they'll be running all of our snail-mail through an xray machine as well... )

ooops

[North]

ooops forgot to log in, mod me up here.

---

well, not the way I stated it, not really.

[subtraho]

Hmm.. how come you label everything you don't agree with as "liberal"? It's not really a catchall phrase, as you seem to use it. My personal political beliefs don't enter into this, but my belief that you shouldn't generalize people does. My point was that I was half a step away from posting a "ditto" (to use terms you, from your tone and vocabulary are obviously familiar with) but your subsequent racist post made me step back and reread and rethink where you original post was coming from.

Bigot.

[subtraho]

Quoted Text:I'm quite worried about all of those Muslims foaming at the mouth at the opportunity to strap themselves to bombs and blow up buildings in hated America.

I know plenty of followers of Islam that aren't "foaming at the mouth at the opportunity to strap themselves to bombs".

You, sir, now appear ignorant and biased. And to think I almost agreed with your inane post about the FBI protecting our rights. OF course, seeing where you're coming from, now, I've changed my mind.

Re:I'm so sick of this tired quote.

[gughunter]

*laugh* only on /. could someone consider a retorical response to retoric the same as a retorical response to a violent threat.

"Book learning" as you describe an actual attempt to think about buzzphrases, may never save me from a mugger, but it has saved me multiple times from the shoddy thinking I see here.

Granted, maybe I was mixing apples and oranges to some extent (and mainly just amusing myself). :) However, as another poster noted, the phrase does contain a recognizable spirit and intent in spite of its rhetorical construction. And, IMHO, that spirit is meant to be a guide toward preventing future violent threats.

The Nazis were not Christians...

[NathanielPRobbins]

In fact, many of the nazis were homosexuals. I have spoken at Hope College, and I felt it was quite on the liberal side.

Open Source Carnivore!!

[bmeiers]

Open Source Carnivore Wouldn't that be fun to play with!! Ouch!

10 Days?

[Tebriel]

I have yet to see a gov't agency pull anything together in 10 days, let alone a disclosure on one of their pet projects that they don't want anyone to know the details of. I'll believe it when I see it.

Re:10 Days?

[Misch]

10 days, let alone a disclosure on one of their pet projects that they don't want anyone to know the details of

RTFA Again. It's not going to be released in 10 days. The 10 days is to create a TIMETABLE of when the details of the system will be divulged. I also didn't notice anything in the CNN article stating when the divulging must be completed, only that it will be overseen by the court.

No real deadline

[ardmhacha]

The Court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works.
So 10 days to say when it will start producing information but no deadline to actually produce the information.

Open Source Carnivore Work-alike

[arnie_apesacrappin]

In some of the pandemonium related to Carnivore, I've seen the notion that if an ISP was able to give the FBI what they wanted (email to and from the badguy(s)), they wouldn't be forced to install the black box.

Now if there was an open source Carnivore work-alike (GNUnivore?) that ISP's could slap on a span port, wouldn't this trash the FBI's position pretty severely. I mean, I can hear the stammering now,

[FBI] Uh, but, umm, uh that's not going to give us what we want. [/FBI]

[ISP] But it gives you all the email from the person you are investigating [/ISP]

[FBI] Yeah, but, umm, we really wanted to view all of your traffic, so, uh could you just be a good citizen and let us?[/FBI]

I think it would be really easy to turn Snort into a Carnivore like system (please forgive me Marty for suggesting the bastardization of your work) that an ISP could easily administer and have the security of knowing that they control what information it is logging. So what do you say /.ers? Anyone want to make GNUnivore?

Re:HAHAHA!

[11223]

Actually, no, because I didn't gain karma from the mod up either. And somebody modded me down before, and that didn't affect it either. And I'm going to post this with the bonus, and somebody will mod that down, too...

Re:Easier Solution [OT]

[11223]

That's right, bitches. When the revolution comes, we'll wipe out those stinking social classes.

Carnivore == Echelon

[Estanislao+Mart�nez]

Does anyone seriously think the FBI is going to reveal what's inside the Carnivore machine and its "modus operandi"?

More importantly, does anyone seriously believe that Carnivore was invented by the FBI at all?

Face it, "Carnivore" is nothing but the NSA giving some of their Echelon systems to the FBI. How can we know that? All we need to observe is the fact that similar things are coming up in all the Echelon countries right now-- England's RIP, the New Zealand thing from a few days back, and Australia's net laws.

Would terminating it be better?

[phish+junkie]

If they released the code for this, what are the chances that someone could alter the code for their personal use? If the code is like a wire tap, then isn't this essentially like handing out free wire taps to the public?
In this case, would it just be better to get rid of the program altogether?
BTW, these are genuine questions, not so much my opinions.

Re:Would terminating it be better?

[GigsVT]

That is the classic security through obscurity argument.

Anyone with half a brain and some basic electronic knowledge can build a wiretap. With a little more knowledge, they can add a radio transmitter to it, making it what is commonly known as a bug.

Those lacking the requsite half a brain/knowledge, can just buy off the shelf stuff that can be misused as a wiretap. Ever seen those wireless microphones that people use when talking on stage in front of others... would be too hard to just stick that on a phone line.

The point is, you can't try to destroy "bad information"; knowledge can never be destroyed, unless you kill or subdue all the people that have it.

The other point is that Carnivore isn't high tech. It is probably a very simple program for the most part. What is causing the controversy is that they want to be able to connect into ISPs subnets and watch for email traffic, (or who knows what other traffic).
-----------------------------

Re:Would terminating it be better?

[scott@b]

It's a packet snooper plus a filter to recognize Email, then check the sender and destination against a list of monitored Email addresses.

Almost off the shelf, and it needs to be tied into the packet stream at the Email host so as to see all packets.

Releasing the sources it like describing how a old fashion wiretap works - you can get the parts, you know how to hook it up, but if you can't get at someone else's phone line then it does you no good. And the telephone company isn't likely to let you into their C.O., nor is an ISP likely to let you hook you packet sniffer up to the ISP's hardware.

Re:Would terminating it be better?

[Misch]

Sure. I'll give you the instructions on how to make the wiretap (Carnivore). However, you can't have access to the wire itself (fiber, copper, or otherwise.)

From everything I've read, carnivore is still a "box" that needs to be PHYSICALLY connected to the ISP's line. And I can't think of any ISP that will just say, "Sure Mr. Smith, come on over and tie you packet sniffer directly into our incoming line."

It doesn't look like there is anything "remote" about the packet sniffing going on with this machine... so it's pretty much worthless to people in a "software only" state...

Of course, having the code out there could make it possible for your ISP to build a Carnivore and monitor your communications... but that's a completley different story.

You see, this is like digital music... once it's out there, it's an IDEA, and ideas can't be put back into the bottles like genies can. This thing can't be DESTROYED... because it's been created... it will come back and haunt you.

Bullshit

[Dest]

Personally I think the Carnivore system is complete bullshit. They actually think they can track millions of emails? Fist of all the plausibility of this(even with extremely advanced tech.) is not plausible at all! The ISP would have to merit access to their pop-servers and smtp-servers for the FBI to track e-mails. Not that I care if the FBI or CIA or anyone looks at my email. I am not a terrorist or a cospiracy theorist. I know the gov't has lots of cool shit, they do a good job of what they do, but I don't think they can possibly track all this e-mail. If they can then I say one word "kuntos"!

Re:Bullshit

[Zachary+Kessin]

Don't forget that the court can tell the FBI if they say it will be a long time, no thats not good enough, and put in a time table that the court likes.

The Cure of the ills of Democracy is more Democracy.

Re:Bullshit

[EnderWiggnz]

Actually... The NSA can't monitor American Citizens, so there would be serious problems with the FBI saying that the NSA built it for the purpose of domestic surveillance.

Yes, I know that the NSA may not exactly follow the ruls on this one, but ... you can dream, cant you?>
tagline

Re:Bullshit

[matman]

What's even more stupid, is that they dont seem to be planning to release source. How can they describe it's workings any better than source? Are they not supposed to make full disclousure? Somehow, I doubt a descriptive essay is going to include all of carnivores bugs etc that could be used to violate people's privacy, etc.

Re:Bullshit

[jxxx]

Or they could say We don't need 10 days. We'll tell you now: The NSA built it
And who was your contact with the NSA?
He said he couldn't give us his name.

So then on to the NSA congressional oversight committee: What's in the box?
Answer: We can't tell you. It would compromise National Security(tm)
We could get all this done in time for dinner!

Re:Bullshit

[EnderWiggnz]

The funny thing is, is that the way Govt. works is that the project is specified to excruciating detail. They dont let anything to chance, let alone let anything up to creative solutions.

They can probably core dump about 12398412 pages of info on teh american people that would descibe how this thing works tomorrow.

Of course, 98% of it would be redacted... THe redacted specs would read something like:
"the carnivore system will monitor the internet for criminals by ...[next 12398411 pages redacted] ... and provide for national security whilst also stopping terrorists, drug dealers, and kiddy porn, all while providing for the law abiding citizens privacy.

see... THe FBI has nothing to hide...

tagline

Re:Maybe Just maybe.

[Dest]

Anything(even PGP) can be cracked. Just remember that.....

Re:Gov't has a LONG history of spying on us

[Dest]

I don't see why people are so bent on privacy. Who gives a shit if the FBI knows you fucked 3 women last night at once, only because you wrote it in your e-mail. We live in this country and are mandated to allow the government to know at least a little bit of what we do. Do you think everything is private? Paranoia strikes yet again.

Fuck, Man!

[Dest]

Hmm, 4th ammendment is broken so frequently it is not funny. Hmm during wartimes the constitution means shit. Executive order? This is just like it the FBI protects us.

Re:Makes sense -- we know how a search warrent wor

[LuckyLuke58]

While I fully agree with everything you say, I'd like to add that I fail to see how revealing the details of how carnivore works can help people circumvent it anyway.

Best case scenario is that Carnivore really does only do what the FBI says it does (unlikely, but lets go with that). So then it runs all traffic under "wiretap" through some sort of semi-intelligent filters, and/or just saves it all for bored FBI agents to read through while they're not entrapping child-molesters on irc. In this case the only ways to circumvent the system are (a) don't use internet routes that have Carnivore installed (e.g. don't use the internet), and/or (b) use encryption. But hey, we already know that, without knowing how Carnivore works inside. (Remember, it's not supposed to sniff *all* traffic, according to them it behaves like wiretaps currently do - that they may only analyze traffic that they have an authorized wiretap for.)

So why the secrecy then? Why hide the details? Far more likely is that Carnivore does a whole lot more than the FBI claims it does.

Source Code?

[pipla]

I think it is stupid to even mention the FBI giving away the source code to carnivore. You may belive in open source and you may want to know what the FBI is doing but its an entirely different matter to give a way the blue prints to some thing like that. That is like giving the source for the nuke guidance systems or all are encryption keys. No matter how much its over used there is a use for nationla security and this is one of them.

My proposed answer

[evanbd]

OK, how's this?
FBI opens the source, yadda yadda (insert more karma whoring here)

THen, the FBI creates a CD (or set) that installs EVERYTHING they want -- OS (also OSS -- Linux anyone?), carnivore, etc. The OSS community can then verify that the CDs released are really the product of that code. Then, when the FBI wants carnivore on a network, they give the ISP a box, the CDs, and a day or so to set it up. The ISP then boots the first CD, and inserts more as prompted. WITHOUT an FBI goon involved directly. Then, the OSS community could also verify that there is no (easy, intended) way for the FBI to modify the code. Of course, "security holes" that somehow didn't get fixed might be harder to find. But hey, its a start.

---

My interpretation of the quote

[evanbd]

I have a different interpretation of the inexact wording of the quote. I think "essential liberty" is expressing Franklin's belief that all liberty is essential, and "temporary security" is expressing the similar belief that all security so obtained is temporary. I happen to agree with Franklin to a large degree. However, I am much less of an eloquent writer than he, and am not capable of writing something nearly so succinct and to the point. My own view is a fairly simple one in this regard. Perhaps its a little inconsistent with some of my other views, but I'm working on it. call it a pending bug fix. Anyway, I think that the maximum amount of liberty should be allowed such that other's liberties are not infringed upon to any different degree. So, having studied Franklin to some degree, I believe the proper response to your comment is "Franklin says no." Which is a perfectly valid response when backed up with a dash of original thought and explanation.

---

Re:FBI would never agree...

[evanbd]

OK, so the FBI can give the ISP the CD, the agent can then watch as the ISP runs a checksum on the CD (MD5 or something equally hard to crack), and then continue watching as the ISP guy installs it. By having the checksum and open source we solve both problems. A quick perusal is certainly enough if you ahve a computer do it.

---

10 days to decide...

[CalmCoolCollected]

whether to publish the source code?

If they do, so what? The FBI has described the functional specifications at a high level. The source code only confirms that.

Not disclosing the source code would lend credence to the belief that the source code does not conform to the described functional specifications.

Does Carnivore Matter? Wouldn't most ISP's roll..

[ECfnW]

over, with paws up in the air, when the FBI walked in with a court order to disclose this information? Of course the Feds can access your email any time they want, without any new software.

That's not very logical is it?

[Dan+Hayes]

You, sir, now appear ignorant and biased. And to think I almost agreed with your inane post about the FBI protecting our rights. OF course, seeing where you're coming from, now, I've changed my mind.

So although you agree with my conclusion, now that you discover you don't like my arguments you dismiss what you had already agreed with? Right, that's logical isn't it. I'm sorry to have challenged your liberal beliefs with a dose of the harsh truth.

There is no "technical" lawbreaking

[Dan+Hayes]

As for being a criminal and having nothing to worry about - I've seen a number of estimates of the percentage of citizens that are technically lawbreakers.

*sigh* It's simple - you're either a lawbreaker and a criminal or you're not. There's no half and half here. A country depends on its laws to preserve peace and stability, and anyone breaking said laws is a criminal and deserves whatever they get. If we let shades of grey into the system then we'd soon have anarchy, and that's something no right-minded person would want right?

Re:There is no "technical" lawbreaking

[Steve+B]

A country depends on its laws to preserve peace and stability, and anyone breaking said laws is a criminal and deserves whatever they get. If we let shades of grey into the system then we'd soon have anarchy, and that's something no right-minded person would want right?

"What is your definition of justice?"
"Justice, Elijah, is that which exists when all the laws are enforced."
Fastolfe nodded. "A good definition, Mr. Baley, for a robot.... A human being can recognize the fact that, on the basis of an abstract moral code, some laws may be bad ones and their enforcement unjust. What do you say, R. Daneel?"
"An unjust law," said R. Daneel evenly, "is a contradiction in terms."
-- Isaac Asimov (The Caves Of Steel)

/.

Re:The FBI are just looking out for us right?

[Dan+Hayes]

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.

Yes, but Franklin didn't live in an era were innocent children are attacked and killed every day, where pornographers make twice as much money as the regular film industry, where Islamic fundamentalists want to destroy America and where crime and murder are so commonplace. He'd have thought differently if he lived today I'm sure.

Whilst I agree that it's a nice thought, it's just not practical today. Without agencies like the FBI, CIA, NSA etc. having sufficient powers to protect us, we are risking the lives of people, especially those who are most vulnerable such as the poor.

I would honestly say I think it would be immoral to do so today.

Re:The FBI are just looking out for us right?

[Dan+Hayes]

children attacked and killed every day...never mind the children's crusade, the horrible state of orphans in, for example, victorian england, etc. Methinks that most children today are overall better off than in Franklin's time. If you want to bring all of culture down to the level of children, hey, have fun watching Barney for the rest of your life.

And what does that have to do with conditions now? Your strawman argument doesn't add anything to this debate.

exactly is wrong with pornography as you define it (pretty broadly I'd guess)?

I think I've already mentioned this, but the degredation of women for one, the way it encourages men to think of women as there for nothing more than sex and thus often leads to rape for another. No decent person should protect such an immoral "industry".

There are plenty of American Militias that wouldn't mind destroying America, at least what they see as the wrong parts of America.

And the FBI should deal with them too. They had some success at Waco as I recall. It's better to get them early before they get the chance to do any real damage.

My religion? What would that be then?

[Dan+Hayes]

That your religions are responsible for more discrimination and oppression of women than this "evil" called pornography?

Wow, that's a bit of an assumption isn't it? I'm certainly not religious - religion is a crutch for those that cannot handle the thought that there is no real point to existance beyond existing. It's an outdated concept that we need to abandon.

My morals are based on pure ethics alone.

Re:The FBI are just looking out for us right?

[Dan+Hayes]

The important question here is how many of your rights are you willing to give up for greater security? Where is the line for you? How much of what you do/say/write are you willing to let fall into the government's hands?

Well, let's put it this way. I'd rather have the FBI read my mail and catch a child molester, pornographer or some other kind of pervert than have privacy and dangerous people loose in society. Since I'm not a criminal I've got nothing to worry about. Only criminals need to worry about a system like Carnivore.

And one final question, just how effective is all this snooping? Great, you can catch the stupid terrorists but are they really the ones that we need to be worrying about?

Why, who should we be worried about? I'm quite worried about all of those Muslims foaming at the mouth at the opportunity to strap themselves to bombs and blow up buildings in hated America. What worries you?

It was just an *example*

[Dan+Hayes]

Protect us from bigots huh? So how does saying things like "The justification that you use to stop the FBI snooping on your collection of porn also allows Arab terrorists the opportunity to plan which building they're going to blow up next." not qualify you as a bigot?

It was just an example of a threat we face today. I don't have anything in particular against Arabs, just when they start blowing our buildings and citizens up.

If, as you claim, the FBI is acting in our best interest, then they should have nothing to hide. What you right wing nationalists don't understand is that our "bitching" is protecting the very values of freedom of speech and protection from oppressive governments that our country was founded upon.

Except that it will allow terrorists and criminals to learn how to bypass it, thus making it ineffective. Which is, I suppose, what liberals like you want to happen isn't it?

Time table?

[B00yah]

So, it's going to be a time release type of thing? So it still remains need-to-know, it's just you need-to-know this later, not now...

Maybe Just maybe.

[Daunting*Alligheri]

This will convince the mildly clueful to try using PGP in all their email correspondence. Maybe its just wishful thinking...

Re:sendmail & encryption

[jfk3]

Encryption only solves part of the problem. They (anyone watching your traffic) still know who you are talking to. There are ways around that too. You just need a system of intermediaries along with strong encryption to stymie Carnivore.

Re:sendmail & encryption

[m2e]

encryption is the responsibility of the client. Information should be obscured at the earliest opportunity and not revealed until it is firmly in the hands of the target user.

True, however, this leaves some fields unencrypted, e.g. From:, To: and Subject:, leaving opportunity for traffic analysis. When SMTP services talk among themselves using SSL/TLS, these fields are encrypted too.

I don't get it

[totenkopf]

Carnivore is a system that they have to physically place at an ISP under the aegis of a wiretap, so it takes a court order. Sure, broad warrants are easily drawn up, but thats a different issue altogether (the authorization to gather information clandestinely as opposed to the methods used to gather it).

Carnivore is such a small battle to fight when there are a lot greater injustices and civil liberty violations going on (Diallo for example).

If you don't want anyone reading your email, from the local hacks at the ISP office or your local FBI shop, then use PGP. Its not that hard to do. If you get busted by the FBI for doing something illegal over the wire, chances are its because you were pretty damn stupid and didn't bother to permanently delete things and encrypt the things you didn't delete.

Abuses of police and judicial power aren't anything new under sun, and at least Carnivore has to follow the letter of the law, even if the spirit will be violated, which is a hell of a lot more than you can say about the NSA and their intercept activities.

Bah

[AbbyNormal]

If it runs in Windoze, then we've got nothing to worry about.

The difference...

[AstynaxX]

When you call someone, or mail something,you make perceptible contact outside of your own home. When using the interenet, and most functions thereof, there is a perceived privacy. You are in your own home, alone or with family/friends. This leads one to view internet actions as something akin to actions taken strictly within the home. Most people do not have the technical knowledge to see it as anything else, and even those who do are subject to their own psychology.

-={(Astynax)}=-

Re:The difference...

[AstynaxX]

a key line:
"..an intelligent person.."
One need not be all that intelligent to send e-mail[I work in tech support, trust me, I know what I am talking about here].
A more meaty response:
In making a phone call, you actually make contact with the other person in real time. In sending an email, you type something up and click send. No personal contact is made, only interaction with a machine. Psychologically there is a difference, even if logically they are similar.

-={(Astynax)}=-

Re:The difference...

[KahunaBurger]

When you call someone, or mail something,you make perceptible contact outside of your own home. When using the interenet, and most functions thereof, there is a perceived privacy.

This makes no sense. Sending someone an email is no more a private act than calling someone on the phone. Either way there is an assumption that you and the other person are the only ones involved, either way an intelligent person is aware of the possibility that others could somehow be listening in. There are public phones, and there are terminals in libraries.

I actually consider phoning someone more private than sending an email because its much easier for me personally to call someone annonymously (just enter the "don't let caller ID see me" code before dialing) than to send someone an annonymous email. (I don't have an annonymous account and would have to do a web search to find a remailer.)

So can you say anything to actually support this assertion, or can anyone else weigh in on their particular assumptions about privacy in the two venues?

Kahuna Burger

Why do...?

[AstynaxX]

Why do so many folks who advocate various anti-privacy schemes always bring up porn? Much porn is harmless. A person or group of people consent to be photographed in sexual situations in exchange for money. Those photographs [or videos] are then sold to consenting, responsible adults for their enjoyment. Kiddie porn is something altogether different, but why do so many constantly rail against harmless, LEGAL pornography?

-={(Astynax)}=-

Re:Easier Solution [OT]

[heatdeath]

In all seriousness, I don't know why the FBI wants to do this anyway. Now that a big stink has been made about all of this, a federal criminal isn't going to e-mail his mom and tell her that he's planning to blow up the white house. I guess it makes the FBI feel like they have more power. The government likes flexing it's muscles, I've noticed.


--

Quotes

[Exstock]

"He needed killing": It's not a joke. As I was taught in my Texas CHL class (the instructor was a retired magistrate) it's a valid legal defense. Of course, the catch is that you still have to convince the legal authorities that he needed killing.

Benjamin Franklin's quote most certainly is applicable to this situation. Ben Franklin was instrumental in the birth of the country; his opinions influenced the laws of the new nation. A first-hand statement of those opinions--an interpretation of the reasoning behind the laws--is most certainly important in interpreting whether or not something follows the spirit of that law.

And if you don't think that the spirit of the law as written is important, I give you up.

Re:Quotes

[KahunaBurger]

And if you don't think that the spirit of the law as written is important, I give you up.

Will you give me up to a reputable breed rescue, or just drop me off at the pound? When you do give me up, you should at least talk to the workers and tell them what the reasons were so they won't place me in another inapropriate home.

As for the spirit of the law, I certainly agree that it is important, but I'm not sure it can be judged by the words of the "foudning fathers". They were, in large part, slave owners. They did not say "all men are created equal" as a more poetic way of saying "all people", and they really weren't thinking of men outside their own demographic. I do not ask myself WWFD? when confronted with a legal, ethical or constitutional question. I think that the founders' best work went into the constitution itself, and that document plus the supream court case law that interprets it, are the best source of the "spirit" of our laws, not the contextless quotes of famous men.

-Kahuna Burger

Re:Quotes

[Black+Parrot]

> "He needed killing": It's not a joke. As I was taught in my Texas CHL class (the instructor was a retired magistrate) it's a valid legal defense. Of course, the catch is that you still have to convince the legal authorities that he needed killing.

Shouldn't be too much trouble in Texas.

--

Re:sendmail & encryption

[PacoVore]

This has essentially just been done. ChainMail released Antivore on monday.

It's basically a set of proxies that sit between your mail servers and your mail clients, and it handles all the encryption. It also handles key lookup and signature verification automatically. It does everything server side, though, so that users don't have to know how to manage all their keys, etc.

It's open source, but in beta condition. No hand-holding installers, yet, but it works. With something like this, you can do transparent encryption, and Carnivore-be-damned.

So send 'em your life's story without flinching?

[PacoVore]

Do we really want to call it our patriotic duty to send all our minutiae past the government's eyes? Do they really have the right to scrutinize any abritrary amount of my sad little life just because I use the same ISP as my drug-dealing neighbor? I just roll over and say "Ok guys, as long as you say it's for national security..."

I'm not sure I object to listening in on a suspected criminal's email. But the Carnivore system is the equivalent of tapping all the phones in a city block and listening to all of them just to hear the few conversations that a suspected criminal makes. Why is it that I'm just supposed to give them my whole personal and/or life details when both they and I know they have no business with those details?

They no longer assure me that I'm not being investigated when I'm not under investigation. They changed the rules big time.

I say encrypt: with antivore and Carnivore-be-damned.

Wouldn't other governments LOVE to have Carnivore?

[Kradle+Rock]

Just think about it: The Chinese government would go ape$hit if they could develop a Carnivore of their own, just to make sure no plans for a pro-democracy demosntration in Tiananmen Square were being made!

gotta love australia...

[Anonymous+Penguin]

we don't HAVE any of this nonsence over here.

you poor americans :)

Re:Carnivore src revealed! [You read it here first

[bendls]

Surely it would not be that technical !! and it would be a script.. #!/bin/sh keywords="bomb BOMB gun GUN president PRESIDENT aubergine AUBERGINE" for word in ${keywords} do result=`egrep -i ${word} *` if [ -n "${result}" ] then echo "Oh.. someones being naughty" fi done

Re:Carnivore src revealed! [You read it here first

[bendls]

Oops.. forgot it was in html.. first posting, sorry

#!/bin/sh

keyword="bomb BOMB gun GUN president PRESIDENT aubergine AUBERGINE"

for word in ${keyword}
do
result=`egrep -i ${word} *`
if [ -n "${result}" ]
then
echo "Oh.. someones being naughty"
fi
done

Has to be a shelf script.. and probably being run on a overkill machine....

A different take on this whole thing...

I'm probably going to get slammed by you guys for this, but tell me - what EXACTLY is the big deal about Carnivore sniffing around through email?

I know the rights to privacy thing already. But do you really think that people out there are going to be interested in our love letters or other "secret" email? If you're secrets are so important, then what do we have email encryption for? Sure, it can eventually be cracked. But I'm sorry but I don't see the FBI having all the time in the world to check what Joe Schmoe is emailing to Mary Jane about how much they love each other. Whatever. They have more important things to do.

Personally, I would feel much safer knowing that the FBI is using the Internet to hunt down a pediphile's whereabouts, or maybe a terrorist's. By revealing the workings of Carnivore, whom are you trying to protect? It seems obvious to me that it will only make tracking the whereabouts or actions of criminals much more difficult.

I say - let them use it. I think what they revealed about it is enough - it scans/captures packets that deal with criminal investigations. What's the big deal? Why do you need to know more unless you are looking for a way around it? If you want the source code or more info about its inner workings, that tells me that :

1) You are performing unlawful activities you don't want people to know about.

OR

2) You're paranoid that the device does something other than email and packet capturing - like shuts down the net.

If you're really paranoid about government conspiracy and such, which I guess I can understand to a certain extent, then why not accept the industry experts disclosure plan? Allow the experts to make an opinion and then let them inform the public whether or not Carnivore is "safe" or not. There is no need to reveal everything to the public.

Someone argue with me here because I'm not yet convinced that the inner workings of Carnivore need to be revealed.

Re:A different take on this whole thing...

[Steve+B]

If you want the source code or more info about its inner workings, that tells me that :

1) You are performing unlawful activities you don't want people to know about.
OR
2) You're paranoid that the device does something other than email and packet capturing - like shuts down the net.

Maybe that's what it tells you. What it tells a person who actually knows the FBI's history is:

3. You're concerned that the people in power may decide that your activities, while perfectly legal, are politically undesirable and should be "discouraged" by COINTELPRO-style dirty tricks.

Someone argue with me here because I'm not yet convinced that the inner workings of Carnivore need to be revealed.

Even if we lived in some parallel universe where the FBI was trustworthy, the inner workings of Carnivore should be revealed, so that any bugs are discovered by objective researchers (who will issue warnings and recommendations) rather than criminal crackers (who will quietly exploit them to either get around legal surveillance or conduct illegal surveillance of their own).
/.

Re:A different take on this whole thing...

[Capt.+Beyond]

In Germany, they first came for the communists, and I didn't speak up because I wasn't a communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics and I didn't speak up because I wasn't a Catholic. Then they came for me -- and by that time there was nobody left to speak up.
-Martin Niemoller

I'll give you one good reason.-
Question Authority

Re:A different take on this whole thing...

[VP]

I'm probably going to get slammed by you guys for this, but tell me - what EXACTLY is the big deal about Carnivore sniffing around through email?

I know the rights to privacy thing already. But do you really think that people out there are going to be interested in our love letters or other "secret" email? If you're secrets are so important, then what do we have email encryption for? Sure, it can eventually be cracked. But I'm sorry but I don't see the FBI having all the time in the world to check what Joe Schmoe is emailing to Mary Jane about how much they love each other. Whatever. They have more important things to do.

I am not sure you know the right to privacy thing already. The right not to be searched, detained, etc. without a very good reason is detailed in the 4th amendment. This means that no one can open my letters in the mail, I can't be stopped and searched, the police can't come to my house and expect to be let in without a search warrant, etc. This also should mean that the FBI cannot know what web sites I am visiting just because they would like to, or because they were after the guy three doors down the block who uses the same ISP.

Obviously, Carnivore must be sniffing all the traffic at an ISP that may contain packets from or to a suspect, for whom there is a legitimate court order. Even if small, there is a chance that the non-related data is also recorded, or processed in some manner. With the advances of data mining, where is the guarantee that the full-scale sniffing that Carnivore does is not going to be used for something else?

The method of surveilance practiced by Carnivore (as far as we can tell) is analogous to what is called "trunk-tapping" in regular telephony. Incidentally, "trunk-tapping" is illegal, and cannot be used by law-enforcement agencies. If the FBI developes the equivalent of phone-tapping, where only the suspects line is tapped, and no other information can be accessed, then I don't think there will be much comotion over what is going on.

Then there is the technical and security aspect of it. No sysadmin in their right mind will agree to put a black box on their network, which is also accessible remotely. It is a huge security risk, that can be only mitigated by open-sourcing Carnivore and subjecting it to a security audit (similar to the one OpenBSD does).

By revealing the workings of Carnivore, whom are you trying to protect?

The FBI currently is trying to say, "We scan some of the traffic, but we only look at the suspect's packets." Until they explain what they mean by that, one can assume that they read and record everything and then sift through it. This is clearly in violation of the U.S. constitution and cannot be tolerated. The media keeps talking about e-mail scanning, while it seems obvious that there is much more than that going on, and the governments reluctance to say what and how exactly is scanned makes people suspicuous.

If you want the source code or more info about its inner workings, that tells me that :

1) You are performing unlawful activities you don't want people to know about.

OR

2) You're paranoid that the device does something other than email and packet capturing - like shuts down the net.

There are many reasons I wouldn't want anyone to know what my browsing habbits are... Maybe I wouldn't want the insurance company to know that I am looking at web sites about a chronic desease. What is the guarantee that Carnivore cannot be used to get that data - even in an unlawful manner, as a side job of a rogue FBI operative?

If I were an ISP, I wouldn't put anything on my network that I cannot inspect and do a security audit. If I were a small ISP, I probably won't have the resources to audit it myself, so the only option is to have it open sourced, and auditted by the community.

What is more if I were an ISP (even a small one) I would have the resources to provide the law enforcement agencies with the data they needed without the need for Carnivore. The insistance of the usefulness of Carnivore is suspicious by itself, eve for the not so paranoid.

PGP doesn't do enough. Bigger problem.

Sure you might be able to encrypt the body of the email, but the sender and recipient identities are still sent in the clear. Therein lies the problem. One of the most important things to law enforcement is the ability to build a matrix of related and associated parties/persons to the subject of an investigation. By just being able to build a database of who sends email to whom, they can then construct this matrix, the content of the actual messages themselves is less relevant. Carnivore can easily gather this sender and recipient data for everyone's email accounts at a particular ISP, in addition to the targeted subject. Everybody them becomes a "member of some group" to the FBI. That's the problem.

I did it all for the children

[mosch]

I hope you're trolling.
----------------------------

no pornography?

[mosch]

Nah, Benjamin didn't need pornography, after all, he was the father to seventy-some illegitimate children, if I recall correctly. I think he'd really like pornography.
----------------------------

Encrypted EMAIL needs infrastructure...

[Eric+Green]

One of my notions is a combination client and server package. The basic problem, you see, is twofold: distribution of public keys, and what to do when your intended recipient does not currently have a public key or trusted client.

Enter a central server that does nothing but key management. If you query the beasty for a public key for "foo@bar.com", and it turns out that "foo@bar.com" doesn't have one, it in turn sends an EMAIL to "foo@bar.com" saying "john@doe.com wants to send you encrypted EMAIL, click _here_ to download the decryption program" and notifies you "sorry, this guy doesn't have a public key yet." Then when "foo@bar.com" does get a public key, it informs you "hey, he has a public key now, send that mail you wanted to send?". Voila!

There's a lot of additional details that would be needed to make it secure, but that's not the point. The point: Until sending and receiving encrypted messages is easy enough for my mom to do, it won't happen. And with the current infrastructure, I don't see any way to make it happen on a client-to-client basis, because it's just too hard to share key information in a reliable fashion and for the recipient to know what client to get in order to receive the message.

-E

ECC

[Eric+Green]

I have Mike Rosing's book, "Implementing Elliptic Curve Cryptography" I think is the name. Yes, it's available, and the basic theory is patent-free. Be aware, however, that various optimization techniques are patented. This has been a major issue in why the IEEE 1363 committee has been debating for five years without producing an actual IEEE standard.

Given the complexities of ECC, and the patent uncertainties, it makes sense to use RSA when its patent runs out unless the longer key length needed for RSA is a problem for your particular application (smart cards, for example, are unlikely to like having to spend 2048 bits of flash RAM to store a key).

-E

RSA is NOT evil

[Eric+Green]

Due to the RSA patent, I used Diffie-Hellman to secure the network connections for a project I'm working on. Frankly, I'd rather use RSA. RSA has a number of very nice properties. For example, if the main server is momentarily compromised with DH, the shared key is compromised, and all communications can be decrypted by an attacker. With RSA, if the main server is momentarily compromised, they get my public key, but they still can't decrypt messages encrypted with my public key, and thus messages the server sends me (with my public key) are still securely encrypted (though not securely authenticated!).

The RSA public key algorithm is secure, time-tested, simple... once the patent runs out, the only reason to not use it is because it requires such long key lengths in order to be secure (I'd recommend a minimum of 2048 bit keys if you want to be secure for the next 10 to 20 years). ECC uses much shorter keys to get equivalent security. On the other hand, ECC (Eliptic Curve Cryptography) also requires much more complicated software... remember those "munitions" signatures that did RSA in a single (long) line of Perl? You couldn't do an ECC implementation that way :-}. So for the moment, due to the maxims that "time-tested is good" and "simple is good", RSA is preferable to ECC except for applications where the key size is an issue.

Just because RSA the company is evil doesn't make the RSA algorithm evil. Remember, RSA the algorithm is the algorithm the NSA would have loved to suppress, and rumor is that the NSA, having given up on suppressing it, was behind the patenting of it in order to slow its adoption... if the NSA wanted to suppress it, it has to be good :-).

-E

Guilty until proven innocent

[Acy+James+Stapp]

"a default judgement that Carnivore is unconstitutional until they do."

Yep, that's our country all right.

They claim not to need it.

[Forge]

The really silly thing is that the FBI claims it doesn't actually need Carnivore at all. If all you want to do is tap the Email of a suspect it's a trivial matter to have the ISP silently cc all the email going through that mailbox to the FBI.

By that logic carnivore must be doing something else. Who wants to guess whether or not it's something the feds should be doing?

Re:I'm so sick of this tired quote.

[kevin+lyda]

i always thought his comment upon learning that the women of paris at the time didn't wear underwear was rather good. "it's good to know that the gates to paradise are always open!"

of course that could be a misquote as well.

Re:Way OT, but is Slashdot Hypocritical?

[jamiemccarthy]

"cannot you and Rob make your own decisions on who's banner ad service your system runs?"

We Slashdot authors have total editorial freedom.

Note the penultimate word in the previous sentence.

That means we can (and do) publish articles exposing DoubleClick or anyone else we feel needs to be looked at. But "editorial freedom" doesn't extend to sales and marketing decisions. We write the content, and VA/Andover sells it however they want. Welcome to capitalism, this is how it works. In fact, this is one of the best examples of capitalism's intersection with speech that you will ever see, and I say that as someone whose job largely includes criticizing the intersection of capitalism and speech. Rob and Jeff were lucky (and smart) to guarantee all us writers this much latitude.

Most people consider this "Chinese firewall" between content and advertising to be a good thing. And it's the way I like it. The folks who sell ads have never contacted me to complain that my anti-DoubleClick editorializing makes their job harder (though I imagine it might well have). I don't even know those folks' names.

I recognize that some slashdotters, for whatever reason, are going to nag us as long as DC ads appear on some Slashdot pages. I don't know what else to tell them. I'm not in a position to do anything about it -- and that doesn't bother me, because if things change so that I can influence advertising, things might also change so that advertising could influence me. Better to just have a total disconnect there, as far as I'm concerned. While I'm not ecstatic about the DC ads, I am thrilled with the current system.

If I ever bump into one of the ad-sellers at a company meeting (assuming they're wearing a descriptive nametag so I recognize them as such :) I'll probably mention my concerns. That's about the most I can do.

But basically, this is as good as it gets. Oh, and don't forget to opt out. In fact, go to CDT's opt-out page and opt out of every damn thing. And nobody can stop me from telling you that! Woohoo!

Jamie McCarthy

It's nothing without source code

[Angst+Badger]

This does not mean, however, that the source code will be made public - but it's a step in the right direction.

Yes, but in what sense do we really know what the damn thing does without the source code? Even if the FBI was totally honest -- a dubious proposition at best -- specifications are not programs. Short of building your specification in some sort of formal language and having it translated into code, there's no way to guarantee compliance with the spec. Everyone who's ever worked on a large project knows how hard it is to make sure the code matches the specs, and how hard it is, for that matter, to design unambiguous specs. That's a cornerstone of computer science, friends.

Publishing the source is the only way we can be sure of what Carnivore does. And yeah, it's probably just a run-of-the-mill packet sniffer with a few specialized extensions, but we don't know that without the code.


"I dunno if data wants to be free, but I sure as hell do!"

Re:HAHAHA!

[ethereal]

Your user page is seriously whacked, I assume by you (since it states "Karma 113 (mostly the sum of karma whoring, trolling, and other drivel posted by user)"). When I look at other's user pages they don't list their Karma; most people can only see their Karma on their own user page. So I don't accept the "Karma 113" as evidence that your karma is unaffected; only the user with the 11223 cookie can see that information.

Although if you have broken it somehow, congratulations of course.

Re:I'm so sick of this tired quote.

[zCyl]

Liberty is not obtained by tyranny, nor is it obtained by anarchy. You cannot be liberated when your neighbor can kill you with no penalty. This is not freedom. Freedom is the right to swing your fist so long as it does not strike your neighbor on the nose. Governments should exist for the purpose of ensuring that when each of us swings our fist, we do not strike another. Up to that point, governments serve the purpose of creating BOTH liberty and safety. It is simply when they exceed that point, and start controlling what we do that does not hurt others, that we end up losing liberty, and usually gaining no safety in the process.

Re:Way OT, but is Slashdot Hypocritical?

[Sloppy]

As for the webbug - I've never called it bad or evil. I think it's stupid, but Andover uses it to track traffic.

I don't understand. Don't you already serve the page itself? You could just count that? That would even give you a more accurate traffic count since it would include people who don't load images.

Or are you tracking both page serves and image serves in order to build statistics on what fraction of readers load images?

---

Re:sendmail & encryption

[Mr+T]

It's an interesting idea. You could have two layers of security and authentication. User and then machine. Encrypting may not be the most useful until the new sendmail was fully deployed but machine authentication could be enough to stop spam. (Of course, it seems the world damn near crapped its pants when Intel serialized pentium IIIs so people may be against it)

Encryption should probably stay at the user level though.

Re:The FBI are just looking out for us right?

[Shotgun]

So we've hired the foxes to watch over us chickens, but who's going to look over the foxes?

Every group consisting of more than a few people has both good and bad, all mixed together. What's worse, some people's ideas of good are what others consider bad. Who gets to decide?

In the US, the people get to decide through elected officials, the legislative branch of government...UNLESS the executive branch (the ones who are supposed to be doing the bidding of the legislative branch) decides that they'll do all their work undercover. In this case, the executive branch can do anything they damn well please, because there will be no one to stop them.

History has proven again and again that police organizations tend to look out for their own before the general populace, even if that means allowing thier own to commit horrendous crimes. Without full disclosure there will be no one to watch the foxes.

Haiku?

[Tower]

Show Me Carnivore!
They say to the FBI
It's an empty threat.

--

Re:OT Question

[EnderWiggnz]

exactly... when your in there as root, you can do amazing stuff...

or you can fsck it up REALLY badly... so the trick is to not be screwing around unless you REALLY, REALLY know what you're doing...

tagline

Re:Makes sense -- we know how a search warrent wor

[Steve+B]

Why should they? Yeah, they let the phone companies do the wire taps, but last time I checked, 1) there are a lot more ISPs than phone companies, 2) they tend to be smaller, and thus 3) there is a greater chance that the employees of the ISP who are trusted with the tapping have some personal knowledge or opinion of the person being tapped. This is called a conflict of interest and shouldn't be allowed in an investigation.

Having a third party in the loop insures that somebody will be in a position to blow the whistle if the cops break the law. Removing a safety alarm is generally understood to be a Bad Idea.

"If presented with a proper court order, we are required to allow the FBI to attach a device to our feed to monitor an unknown customer."
Or,
"We will personally forward your mail to the cops if they ask."

You have it precisely reversed. The actual alternatives are:

"We are allowinig the FBI to hook this black box to our network, which they double-pinky-swear will be used only to facilitate court-authorized surveillance."

Or,

"We will forward your mail to the cops if and when they show us a proper search warrant."

/.

It just answered the question

[British]

Look closely under the article.

Obviously Carnivore is the 5-inch 486 cube!

Re:sendmail & encryption

[Weezul]

Yes, we need PGP built into all email applications, but there are some intermidiate steps which would allow for secure email to windows based systems with email applications which do not support PGP. Specifically, you cna email a Java program which connects back to your system to establish a secure connection and forces the recipiant of yourm ail to jump through some crazy questions to prove that they are who they say they are. This would not be any more secure then the authentication that our banks use to deal with us over the phone, but it would be helpful. Mose importently, it would put the burden of work on the recipiant who dose not publish a PGP key.

Re:The FBI are just looking out for us right?

[TheTomcat]

... protect us from the increasing number of criminals, terrorists, child molesters, bigots and dictators ...

Last I checked, it wasn't illegal to be a bigot. Not that I do, but if I were to think that, say, french-speaking Saudi's were the algae or society, and I wanted to express my strong dislike or hatred for them, I am free to do so.

BUT, with a system like Carnivore, if I am outspoken about my hypothetical beliefs, I'm sure that under the watchful eye of the FBI, I could become suspect in any criminal case about, for instance, the murder of a french-speaking Saudi.

I know it's a movie, and yes, I think for myself, but the writers of Arlington Road make some good points. They talk about government making moves without all the facts, but with what they think is enough "evidence" to act.

BTW, I'm Canadian. Most of my email is likely routed through the 'States, though.

Fiction?

[TheTomcat]

The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works.

Read: 10 working days to get our stories straight.

Fruit of the poisoned vine

[redelm]

Ah yes, the FBI can dodge & weave.

But they take a big risk of contempt and a default judgement that Carnivore is unconstitutional until they do.

That would be disaster for the FBI, because then any evidence that Carnivore produced or lead to [however indirectly] is inadmissable in Court.

Re:Easier Solution [OT]

[karb]

Yeah, and since the FBI can wiretap your phone, criminals never make phone calls. And since there are security cameras in banks and convenience stores, criminals always wear masks. And since if your buddy snitches on you he might get off, all crimes are committed by one person with nobody else's knowledge.

Criminal's stupidity is half of what makes them criminals. I don't know what the other half is. (But I'm not a criminal, and I'm pretty stupid, so I got it).

Re:Way OT, but is Slashdot Hypocritical?

[wowbagger]

Believe me, if I had my way, we wouldn't be using it.

If it's not up to you, User ID #2, then who is it up to?

Seriously, cannot you and Rob make your own decisions on who's banner ad service your system runs?

Re:Way OT, but is Slashdot Hypocritical?

[wowbagger]

I'm glad to see your reply. Personally, DoubleClick doesn't bother me, because I run a filtering proxy (btw, I don't filter /.'s own ad server). I also don't care that /. uses DC on occasion. However, I just thought it interesting that Hemos was saying that he couldn't do anything about it. While I suspected something much like what you described, I thought it best to ask and allow /. to remove all doubt.

And just try that with most of the rest of the media!

Re:The FBI are just looking out for us right?

[modred2]

Are they though? The important question here is how many of your rights are you willing to give up for greater security? Where is the line for you? How much of what you do/say/write are you willing to let fall into the government's hands?

And one final question, just how effective is all this snooping? Great, you can catch the stupid terrorists but are they really the ones that we need to be worrying about?

ah, bureaucracy, how i do love thee.

[AugstWest]

They have 10 days for their committee to put forth a plan that will say when they are planning to let us know the bits of information that they are comfortable sharing.

As soon as you think you're making progress with something in this country, you realize that there are policies and heierarchies in place to keep you from getting anywhere.

Re:sendmail & encryption

[Richy_T]

No, encryption is the responsibility of the client. Information should be obscured at the earliest opportunity and not revealed until it is firmly in the hands of the target user.

E-mail clients should have PGP built and switched on by default and be made easy to operate. Someone could write a reference implementation but unfortunately, most users will stick with the Outlook/Netscape/Eudora/AOL/etc software that they're used to. An intermediary step might be to have proxy pop3 and smtp services that run on the local machine (more difficult with multi-user systems) but again, this would require users to install another piece of software so most won't bother.

So what is really needed is an e-mail application with encryption built in which has a killer, must have feature as well. I don't have any idea what that might be.

Rich

Re:Makes sense -- we know how a search warrent wor

[KahunaBurger]

Absolutely right. In the first place, there is no known reason that the FBI needs to place their black box on an ISP's network, since the ISP's themselves are quite capable of pulling copies of any and all e-mail traffic passing through their systems. Why does the FBI need to "do it themselves"? Don't they trust the ISP's?

Why should they? Yeah, they let the phone companies do the wire taps, but last time I checked, 1) there are a lot more ISPs than phone companies, 2) they tend to be smaller, and thus 3) there is a greater chance that the employees of the ISP who are trusted with the tapping have some personal knowledge or opinion of the person being tapped. This is called a conflict of interest and shouldn't be allowed in an investigation.

Also, I would think the ISPs would like it better the FBI's way. Which would you rather say to your customers?

"If presented with a proper court order, we are required to allow the FBI to attach a device to our feed to monitor an unknown customer."

Or,

"We will personally forward your mail to the cops if they ask."

Or, of course,

"If asked to forward you mail to the cops we will first refuse, then tell you, then send them hashed messages and prentend they are yours encrypted, then..." Which of course is what the FBI is trying to avoid by making compliance a simple "yes the machine is there" or "no its not" matter to enforce.

Kahuna Burger

Re:Makes sense -- we know how a search warrent wor

[dpilot]

>Absolutely right. In the first place, there is no known reason that the FBI needs to place their black box on an
>ISP's network, since the ISP's themselves are quite capable of pulling copies of any and all e-mail traffic
>passing through their systems. Why does the FBI need to "do it themselves"? Don't they trust the ISP's?

The reason the FBI feels that they can't count on ISPs to furnish this information is, "control of evidence." With Carnivore, they know exactly how the evidence was obtained from the network, and they believe (rightly or wrongly) that it is safe against tampering, and will thus stand up in court. They cannot guarantee the same "evidence quality" for information furnished by a third party.

I saw this elsewhere, and don't want to be "Redundant", but it hasn't been posted elsewhere on this topic.

This doesn't mean that I agree with Carnivore. Imagine the first time Carnivore evidence goes up against a savvy lawyer, and he brings out cracker witnesses who have already penetrated...

Not to mention the Civil Liberty issues. At the very least, Carnivore data about ME needs to be available to ME under the Freedom of Information Act, easily and regularly. The quantities and monitored individuals need outside auditing, and the data contained should remain confidential.

Gov't has a LONG history of spying on us

[IronChef]

Anyone know about Operation Shamrock?

Back in the '50s the NSA -- their precursor organization, I think, really -- went to all the major US cable operators and said, "what say you give us a tape every day of all the traffic you passed?"

All 3 of the major cable companies caved. They knew it was illegal, but they were afraid of what resisting would bring them. So, for years the govertnment was keyword searching every freaking byte of telegram data that those companies passed.

This was called Operation Shamrock. If you think I'm full of it a little Google searching should show you some links to back this up.

I don't have any doubts they'd pull something like Shamrock again if they could. That includes "voice grep" of telephone data streams as well as sniffing internet traffic for interesting bits.

Let me put it another way -- they *will* do as much as we let them get away with. They have the track record to prove it. I assume that every non-encrypted communication I send is captured in a file somewhere.

Oh please

[John+Jorsett]

So, the judge is going to trust the Justice (sic) Department to cough up this info? Seeing as how the probe of the Democrat campaign fundraising practices in the 1996 elections is still ongoing, we can count on seeing Carnivore specs about the time David Letterman stops being sarcastic.

ten days later

[wishus]

Ten days later:
FBI:Well, it's going to be at least a year before we can tell you about the networking connections.. And another year before we will be able to disclose the processor.. We have planned an additional three years to disclose the operating system..... But this is a very complicated system.. At once? No we can't disclose everything at once.. Becasue, this is a very complicated system.. Ok, so after another six years...
---

Re:I'm so sick of this tired quote.

[gughunter]

Mugger: Your wallet or you die!

KB: I'm so sick of that tired quote. First, the actual line is "Your money or your life." Second, it's not even a complete sentence; what about my money or my life? It's an ultimately meaningless statement, and besides, sounding cool doesn't make it relevant.

Mugger: *bang!*

KB: O, book learning! *choke* How thou hast failed me!

Re:sendmail & encryption

[11223]

shut up.

How intelligent.

HAHAHA!

[11223]

This is just another news story on the update on the previous carnivore article. Before you claimed it as a loss - they're not actually forced to reveal anything - and now you spin it to a win! That's as bad as MS's spin on the courts. You hypocrites.

Re:HAHAHA!

[11223]

Hey, cool. Something broke in the moderation system and I can't lose karma anymore. Mod this all down - it doesn't make any difference anymore. Hahaha! My karma is stuck at 113!

Re:sendmail & encryption

[11223]

The more corrupt the state, the more numerous the laws <-> if the laws are not more numerous (growing), then the state is not becoming more corrupt.

Ahem. So, I can take military control of the US through a coup, erase all laws except "11223 is prime dictator", and then claim that the state didn't become more corrupt?

Re:sendmail & encryption

[11223]

RSA IS EVIL!

Even when the patent runs out, I encourage you to boycott the RSA algorithm. Please, please, use the Diffie-Hellman Key Exchange in combination with DES or a one-time pad. You'll feel much better, and sleep easer at night knowing that your algorithm hasn't been tainted by an evil patent.

Oooh! Oooh! Pick me! Pick me!

[mr.ska]

From CNN article: Attorney General Janet Reno said last week that technical specifications of the system would be disclosed to a "group of experts." Sobel has argued that there is no substitute for a full and open public review of the Carnivore system.

Why not do both? Submit it to Ask Slashdot.

Herbivore - How YOU would write a Carnivore.

[r3nt]

This is a smart group - How would YOU spec out and design a "carnivore." Let's call ours "Herbivore."

What would you want it to do?
How would you architect it?
Platform?
- Could it be made to run on a Palm III?
- How about that 5" cube running FreeBSD?
Etc...

The FBI are just looking out for us right?

[Dan+Hayes]

As someone who is proud of my great nation, I am against the persecution that agencies like the FBI and CIA suffer. Hey people, they're just doing their job! The reason they exist is to protect us from the increasing number of criminals, terrorists, child molesters, bigots and dictators that exist both inside and outside of the US.

They can't do this if their hands are tied behind their backs by liberal activists more concerned with privacy than security. And besides, does anyone here really think that their sad little lives are interesting enough that the FBI is going to snoop on them?

We've had systems to tap phone lines and intercept mail for decades now, and yet when it's your precious internet people start bitching. It's no different. The justification that you use to stop the FBI snooping on your collection of porn also allows Arab terrorists the opportunity to plan which building they're going to blow up next.

It's time to grow up people, and realise that the world is not the uptopia the liberals make it out to be. We need to be aware of the dangers to protect ourselves from them.

Carnivore src revealed! [You read it here first!]

[ackthpt]

char *tokens[] =
{"president","vice","clinton","gore","bomb","gun",
"nuclear","missile","moose","squirrel","boris",
"natasha","fearless","leader","monica","bush","xyz zy" };

...
if (contains(tokens,e_mail_body,e_mail_subj))
exit(0);
else {
flash_red_light();
sound_klaxon();
send_out_for("pizza");
}

Re:sendmail & encryption

[Syberghost]

sendmail can do that already. The problem is that not everybody runs a version that can, so unless you only send mail to servers that do, you have a problem.

And not everybody uses sendmail. Fortunately, you can use SSL for this, so most servers could be doing this if their Admins wanted to set it up.

--

sendmail & encryption

[jms]

Isn't it about time sendmail was updated to use strong encryption to protect all mail? Perhaps RSA keys when the patent runs out ...

Bullshit

[KuRL]

They have a week-and-a-half to create a timeline regarding when to tell the public how the system works?! This is a very typical "red tape" solution. Odds are, the FBI will tell the court that it'll take - at the very least - MONTHS to figure out a way to describe the workings of something IT created. In the meantime, Carnivore will still be active. It would be much more realistic for the courts to mandate that there must be some type of detailed disclosure in twenty or thirty days, but that wouldn't make any sense, now would it?

Criminals don't get 10 days to decide how they committed their crime.. how come the FBI gets a week and a half to dispatch its spinsters to put out a controversy!?

Hmmm.

[Tower]

One extra large black plastic project box, Radio Shack: $45
One fully loaded high-bandwith logging server: $5400
Seeing how they grope our packets: Priceless

--

I'm so sick of this tired quote.

[KahunaBurger]

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.

Why do people keep quoting a line that when misquoted is moronic and when correctly quoted is a tautology?

The misquote is just saying "liberty for safety". But the very existance of society is a trade of liberty for safety. There are times when I would love it if (as they joke about Texas) "he needed killing" was a valid defense. But I would never actually choose to live somewhere where it was, because there are undoubtably people who think I need killing for various reasons. If Ben Franklin had believed the misquote of his words, he would have encouraged that the colonies all disband and leave the new land in anarchy.

But the true quote "essential liberty for saftey" is really no more meaningful. Well, of course if I consider a liberty "essential", I too would be unwilling to trade it. And if I support this particular trade, I simply say "well, yes you're right sweetie, but do you really think that this particular liberty is essential?" Thus the line becomes a tautology.

Which, of course, is just another name for retoric. Franklin was a "statesman" which is what they called politicians back then. Nothing more. He made some grandly eloquent, but ultimately meaningless statement while debating over something he wanted or didn't want, and it sounded cool enough to be repeated. But sounding cool doesn't make something relevant. Being orriginally said by a famous person doesn't make something right. Just repeating a this one tired quote doesn't make any point except that you don't take the time to orriginally express your own opinions.

So when you are tempted to quote, try expressing your own take on the philosophy and how it specificly applies to this situation instead. Or save space and just write "Franklin says no", which is about as relevant as this quote.

Kahuna Burger

Why is it...

[AstynaxX]

Why is it anytime someone talks about national security most of the nation feels anything but secure?

-={(Astynax)}=-

Re:Way OT, but is Slashdot Hypocritical?

[Hemos]

RE: Doubleclick.

Believe me, if I had my way, we wouldn't be using it. But DoubleClick is what many of the advertisers use as their service, because DoubleClick does a good job of tracking click-thrus and such for them. That, and the honest truth, most big companies don't know how to run their own web server for ad serving, and so outsource. So - unfortunantely, a necessary evil of serving banner ads.

As for the webbug - I've never called it bad or evil. I think it's stupid, but Andover uses it to track traffic. I think caches fuck it up, but...c'est la vie. It doesn't do anything, so I don't particularly care about. I'm more concerned with stopping advertisers from using Java in banner ads, or sound,or shockwave, or...

It's all about choosing your battles.

Makes sense -- we know how a search warrent works

[redelm]

While the FBI (& friends) are aghast at being compelled to release Carnivore details, I am not. It has to do with a little thing called freedom.

The police have exceptional powers. To protect individual rights [avoid a Star Chamber], their processes have to be subject to full scrutiny. They may complain this reduces their "efficiency" and allows bad guys to circumvent their methods. Too bad -- that is the price of freedom. Or perhaps the police would rather a police state?

Revealing Carnivore is no different from people knowing how other police methods work, like search warrents, wiretaps, etc. These are well known, and innocent civilians can adjust their affairs to to fall afoul of them. Similarly, citizens should know how to avoid attracting undue attention from Carnivore. Even if that also helps the crooks.

Carnivore Source!

[Th3+D0t]

Knowing the FBI, Carnivore is probably just running an outdated Mandrake distro with this crap piping into a file.
---