Court to FBI - Full Public Review Of Carnivore

ka9dgx writes: "According to CNN, the judge has decided that the FBI has to make public how Carnivore works. The FBI has to come up with a timetable for disclosing how it works." More detail: The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works. This comes as a result of EPIC's fast-track Freedom of Information Act ^[?] request for information. This does not mean, however, that the source code will be made public - but it's a step in the right direction.

Re:sendmail & encryption

[Syberghost]

sendmail can do that already. The problem is that not everybody runs a version that can, so unless you only send mail to servers that do, you have a problem.

And not everybody uses sendmail. Fortunately, you can use SSL for this, so most servers could be doing this if their Admins wanted to set it up.

--

sendmail & encryption

[jms]

Isn't it about time sendmail was updated to use strong encryption to protect all mail? Perhaps RSA keys when the patent runs out ...

Bullshit

[KuRL]

They have a week-and-a-half to create a timeline regarding when to tell the public how the system works?! This is a very typical "red tape" solution. Odds are, the FBI will tell the court that it'll take - at the very least - MONTHS to figure out a way to describe the workings of something IT created. In the meantime, Carnivore will still be active. It would be much more realistic for the courts to mandate that there must be some type of detailed disclosure in twenty or thirty days, but that wouldn't make any sense, now would it?

Criminals don't get 10 days to decide how they committed their crime.. how come the FBI gets a week and a half to dispatch its spinsters to put out a controversy!?

Re:Quotes

[Black+Parrot]

> "He needed killing": It's not a joke. As I was taught in my Texas CHL class (the instructor was a retired magistrate) it's a valid legal defense. Of course, the catch is that you still have to convince the legal authorities that he needed killing.

Shouldn't be too much trouble in Texas.

--

Hmmm.

[Tower]

One extra large black plastic project box, Radio Shack: $45
One fully loaded high-bandwith logging server: $5400
Seeing how they grope our packets: Priceless

--

Re:Bullshit

[EnderWiggnz]

The funny thing is, is that the way Govt. works is that the project is specified to excruciating detail. They dont let anything to chance, let alone let anything up to creative solutions.

They can probably core dump about 12398412 pages of info on teh american people that would descibe how this thing works tomorrow.

Of course, 98% of it would be redacted... THe redacted specs would read something like:
"the carnivore system will monitor the internet for criminals by ...[next 12398411 pages redacted] ... and provide for national security whilst also stopping terrorists, drug dealers, and kiddy porn, all while providing for the law abiding citizens privacy.

see... THe FBI has nothing to hide...

tagline

I'm so sick of this tired quote.

[KahunaBurger]

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.

Why do people keep quoting a line that when misquoted is moronic and when correctly quoted is a tautology?

The misquote is just saying "liberty for safety". But the very existance of society is a trade of liberty for safety. There are times when I would love it if (as they joke about Texas) "he needed killing" was a valid defense. But I would never actually choose to live somewhere where it was, because there are undoubtably people who think I need killing for various reasons. If Ben Franklin had believed the misquote of his words, he would have encouraged that the colonies all disband and leave the new land in anarchy.

But the true quote "essential liberty for saftey" is really no more meaningful. Well, of course if I consider a liberty "essential", I too would be unwilling to trade it. And if I support this particular trade, I simply say "well, yes you're right sweetie, but do you really think that this particular liberty is essential?" Thus the line becomes a tautology.

Which, of course, is just another name for retoric. Franklin was a "statesman" which is what they called politicians back then. Nothing more. He made some grandly eloquent, but ultimately meaningless statement while debating over something he wanted or didn't want, and it sounded cool enough to be repeated. But sounding cool doesn't make something relevant. Being orriginally said by a famous person doesn't make something right. Just repeating a this one tired quote doesn't make any point except that you don't take the time to orriginally express your own opinions.

So when you are tempted to quote, try expressing your own take on the philosophy and how it specificly applies to this situation instead. Or save space and just write "Franklin says no", which is about as relevant as this quote.

Kahuna Burger

Re:A different take on this whole thing...

[Capt.+Beyond]

In Germany, they first came for the communists, and I didn't speak up because I wasn't a communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics and I didn't speak up because I wasn't a Catholic. Then they came for me -- and by that time there was nobody left to speak up.
-Martin Niemoller

I'll give you one good reason.-
Question Authority

Why is it...

[AstynaxX]

Why is it anytime someone talks about national security most of the nation feels anything but secure?

-={(Astynax)}=-

Re:Way OT, but is Slashdot Hypocritical?

[Hemos]

RE: Doubleclick.

Believe me, if I had my way, we wouldn't be using it. But DoubleClick is what many of the advertisers use as their service, because DoubleClick does a good job of tracking click-thrus and such for them. That, and the honest truth, most big companies don't know how to run their own web server for ad serving, and so outsource. So - unfortunantely, a necessary evil of serving banner ads.

As for the webbug - I've never called it bad or evil. I think it's stupid, but Andover uses it to track traffic. I think caches fuck it up, but...c'est la vie. It doesn't do anything, so I don't particularly care about. I'm more concerned with stopping advertisers from using Java in banner ads, or sound,or shockwave, or...

It's all about choosing your battles.

Re:A different take on this whole thing...

[VP]

I'm probably going to get slammed by you guys for this, but tell me - what EXACTLY is the big deal about Carnivore sniffing around through email?

I know the rights to privacy thing already. But do you really think that people out there are going to be interested in our love letters or other "secret" email? If you're secrets are so important, then what do we have email encryption for? Sure, it can eventually be cracked. But I'm sorry but I don't see the FBI having all the time in the world to check what Joe Schmoe is emailing to Mary Jane about how much they love each other. Whatever. They have more important things to do.

I am not sure you know the right to privacy thing already. The right not to be searched, detained, etc. without a very good reason is detailed in the 4th amendment. This means that no one can open my letters in the mail, I can't be stopped and searched, the police can't come to my house and expect to be let in without a search warrant, etc. This also should mean that the FBI cannot know what web sites I am visiting just because they would like to, or because they were after the guy three doors down the block who uses the same ISP.

Obviously, Carnivore must be sniffing all the traffic at an ISP that may contain packets from or to a suspect, for whom there is a legitimate court order. Even if small, there is a chance that the non-related data is also recorded, or processed in some manner. With the advances of data mining, where is the guarantee that the full-scale sniffing that Carnivore does is not going to be used for something else?

The method of surveilance practiced by Carnivore (as far as we can tell) is analogous to what is called "trunk-tapping" in regular telephony. Incidentally, "trunk-tapping" is illegal, and cannot be used by law-enforcement agencies. If the FBI developes the equivalent of phone-tapping, where only the suspects line is tapped, and no other information can be accessed, then I don't think there will be much comotion over what is going on.

Then there is the technical and security aspect of it. No sysadmin in their right mind will agree to put a black box on their network, which is also accessible remotely. It is a huge security risk, that can be only mitigated by open-sourcing Carnivore and subjecting it to a security audit (similar to the one OpenBSD does).

By revealing the workings of Carnivore, whom are you trying to protect?

The FBI currently is trying to say, "We scan some of the traffic, but we only look at the suspect's packets." Until they explain what they mean by that, one can assume that they read and record everything and then sift through it. This is clearly in violation of the U.S. constitution and cannot be tolerated. The media keeps talking about e-mail scanning, while it seems obvious that there is much more than that going on, and the governments reluctance to say what and how exactly is scanned makes people suspicuous.

If you want the source code or more info about its inner workings, that tells me that :

1) You are performing unlawful activities you don't want people to know about.

OR

2) You're paranoid that the device does something other than email and packet capturing - like shuts down the net.

There are many reasons I wouldn't want anyone to know what my browsing habbits are... Maybe I wouldn't want the insurance company to know that I am looking at web sites about a chronic desease. What is the guarantee that Carnivore cannot be used to get that data - even in an unlawful manner, as a side job of a rogue FBI operative?

If I were an ISP, I wouldn't put anything on my network that I cannot inspect and do a security audit. If I were a small ISP, I probably won't have the resources to audit it myself, so the only option is to have it open sourced, and auditted by the community.

What is more if I were an ISP (even a small one) I would have the resources to provide the law enforcement agencies with the data they needed without the need for Carnivore. The insistance of the usefulness of Carnivore is suspicious by itself, eve for the not so paranoid.

Makes sense -- we know how a search warrent works

[redelm]

While the FBI (& friends) are aghast at being compelled to release Carnivore details, I am not. It has to do with a little thing called freedom.

The police have exceptional powers. To protect individual rights [avoid a Star Chamber], their processes have to be subject to full scrutiny. They may complain this reduces their "efficiency" and allows bad guys to circumvent their methods. Too bad -- that is the price of freedom. Or perhaps the police would rather a police state?

Revealing Carnivore is no different from people knowing how other police methods work, like search warrents, wiretaps, etc. These are well known, and innocent civilians can adjust their affairs to to fall afoul of them. Similarly, citizens should know how to avoid attracting undue attention from Carnivore. Even if that also helps the crooks.

Carnivore Source!

[Th3+D0t]

Knowing the FBI, Carnivore is probably just running an outdated Mandrake distro with this crap piping into a file.
---