Court to FBI - Full Public Review Of Carnivore

ka9dgx writes: "According to CNN, the judge has decided that the FBI has to make public how Carnivore works. The FBI has to come up with a timetable for disclosing how it works." More detail: The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works. This comes as a result of EPIC's fast-track Freedom of Information Act ^[?] request for information. This does not mean, however, that the source code will be made public - but it's a step in the right direction.

Re:Way OT, but is Slashdot Hypocritical?

[Hemos]

RE: Doubleclick.

Believe me, if I had my way, we wouldn't be using it. But DoubleClick is what many of the advertisers use as their service, because DoubleClick does a good job of tracking click-thrus and such for them. That, and the honest truth, most big companies don't know how to run their own web server for ad serving, and so outsource. So - unfortunantely, a necessary evil of serving banner ads.

As for the webbug - I've never called it bad or evil. I think it's stupid, but Andover uses it to track traffic. I think caches fuck it up, but...c'est la vie. It doesn't do anything, so I don't particularly care about. I'm more concerned with stopping advertisers from using Java in banner ads, or sound,or shockwave, or...

It's all about choosing your battles.

Re:A different take on this whole thing...

[VP]

I'm probably going to get slammed by you guys for this, but tell me - what EXACTLY is the big deal about Carnivore sniffing around through email?

I know the rights to privacy thing already. But do you really think that people out there are going to be interested in our love letters or other "secret" email? If you're secrets are so important, then what do we have email encryption for? Sure, it can eventually be cracked. But I'm sorry but I don't see the FBI having all the time in the world to check what Joe Schmoe is emailing to Mary Jane about how much they love each other. Whatever. They have more important things to do.

I am not sure you know the right to privacy thing already. The right not to be searched, detained, etc. without a very good reason is detailed in the 4th amendment. This means that no one can open my letters in the mail, I can't be stopped and searched, the police can't come to my house and expect to be let in without a search warrant, etc. This also should mean that the FBI cannot know what web sites I am visiting just because they would like to, or because they were after the guy three doors down the block who uses the same ISP.

Obviously, Carnivore must be sniffing all the traffic at an ISP that may contain packets from or to a suspect, for whom there is a legitimate court order. Even if small, there is a chance that the non-related data is also recorded, or processed in some manner. With the advances of data mining, where is the guarantee that the full-scale sniffing that Carnivore does is not going to be used for something else?

The method of surveilance practiced by Carnivore (as far as we can tell) is analogous to what is called "trunk-tapping" in regular telephony. Incidentally, "trunk-tapping" is illegal, and cannot be used by law-enforcement agencies. If the FBI developes the equivalent of phone-tapping, where only the suspects line is tapped, and no other information can be accessed, then I don't think there will be much comotion over what is going on.

Then there is the technical and security aspect of it. No sysadmin in their right mind will agree to put a black box on their network, which is also accessible remotely. It is a huge security risk, that can be only mitigated by open-sourcing Carnivore and subjecting it to a security audit (similar to the one OpenBSD does).

By revealing the workings of Carnivore, whom are you trying to protect?

The FBI currently is trying to say, "We scan some of the traffic, but we only look at the suspect's packets." Until they explain what they mean by that, one can assume that they read and record everything and then sift through it. This is clearly in violation of the U.S. constitution and cannot be tolerated. The media keeps talking about e-mail scanning, while it seems obvious that there is much more than that going on, and the governments reluctance to say what and how exactly is scanned makes people suspicuous.

If you want the source code or more info about its inner workings, that tells me that :

1) You are performing unlawful activities you don't want people to know about.

OR

2) You're paranoid that the device does something other than email and packet capturing - like shuts down the net.

There are many reasons I wouldn't want anyone to know what my browsing habbits are... Maybe I wouldn't want the insurance company to know that I am looking at web sites about a chronic desease. What is the guarantee that Carnivore cannot be used to get that data - even in an unlawful manner, as a side job of a rogue FBI operative?

If I were an ISP, I wouldn't put anything on my network that I cannot inspect and do a security audit. If I were a small ISP, I probably won't have the resources to audit it myself, so the only option is to have it open sourced, and auditted by the community.

What is more if I were an ISP (even a small one) I would have the resources to provide the law enforcement agencies with the data they needed without the need for Carnivore. The insistance of the usefulness of Carnivore is suspicious by itself, eve for the not so paranoid.

Makes sense -- we know how a search warrent works

[redelm]

While the FBI (& friends) are aghast at being compelled to release Carnivore details, I am not. It has to do with a little thing called freedom.

The police have exceptional powers. To protect individual rights [avoid a Star Chamber], their processes have to be subject to full scrutiny. They may complain this reduces their "efficiency" and allows bad guys to circumvent their methods. Too bad -- that is the price of freedom. Or perhaps the police would rather a police state?

Revealing Carnivore is no different from people knowing how other police methods work, like search warrents, wiretaps, etc. These are well known, and innocent civilians can adjust their affairs to to fall afoul of them. Similarly, citizens should know how to avoid attracting undue attention from Carnivore. Even if that also helps the crooks.

Carnivore Source!

[Th3+D0t]

Knowing the FBI, Carnivore is probably just running an outdated Mandrake distro with this crap piping into a file.
---