Slashdot Mirror
University to Review Carnivore
stubob writes "CNN.com is reporting in this article that within the next 2 weeks a university will be selected to review Carnivore. This is apparantly a follow-up to this story posted on Slashdot last week. It will be a hardware and software review, lasting until December. The FBI has not decided which university will perform the review, and no information was given on who at the university will actually be performing the review."
No chance. The first thing they did was crack all that shit. Don't you remember? This is the same agency who trained groups of people to see how vulnerable other agencies secure networks were? Any system in three days, was it? How safe do you think ssh is years after its release? We're just implementing it now, and I think we're wasting our time...
Come on, use your head. The father of modern computing, Alan Turing, was a known homosexual. Bob Jones, in a recent interview with Militant Fundy magazine, explained that "as a school, we cannot do anything and embraces or endorses faggotry. This includes having those homo devil-boxes on our campus."
That's right ..
..
What Would Natalie Portman Do
Hint: It involves nudity and petrification!
(She'd probably kick an arse or two
that's what Natalie Portman'd do!)
The FBI's Cornivore system will be reviewed by specialists in Content Analysis at Harvard that *cough* developed *cough* it, and will present a *cough* biased report tailored to reveal as *cough* little as possible but to *cough* placate the public as much as possible.
Just one and they get to pick it? I don't think so. And I don't think there's any magic stuff in this thing that it really needs to be classified- so why all the hubub from them? Are they trying to hide something?
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I seriously doubt that this complies with the FOIA order handed down by the Court recently. And claims of some of the stuff being classified? I don't buy it. If it's classified, how can you be releasing it to a university (most universities aren't directly working with classified stuff- too hard to control the environment, etc. to insure that the stuff never gets out into the open, etc.)? There's measures to be followed with classified stuff- and most universities aren't equipped to deal with that level of security.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
CMU should get it. We've got CERT (a bunch of competent people) and a good crew of hackers in the student body. We've even got an assignment in one class that almost direcly applies itself to buffer overflow exploits. We'd give Carnivore quite a stress test.
Start Running Better Polls
The FBI is going to decide who does the review? If true, that just doesn't sound right. Do those accused of crimes routinely get to select the procecuting attorney?
-=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
Be realistic. That student wouldn't get a job. Being last in the graduating class hurts a great deal.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Richard von Weizs
The interesting part appears in one of the paragraphs that talks about the company's background:
"The eSniff technology is the brainchild of Thomas Donahue. He was the founding VP of Technical Operations at Colorado Supernet, Inc....served as VP of IP Services at Qwest Communications...etc."
It goes on to say, "Tom became renowned in the area of network security. Because of Tom's reputation, the FBI asked him to help crack a very difficult case." (That case was Kevin Mitnick.)
The last sentence of the section reads:
His experiences confirmed what he already believed - that there is an enormouse need for network monitoring, and that monitoring is a vital component of organizational security.
I just can't help but wonder if there's a connection here. Hell, we had the NSA contributing funds to a company that was pushing the sale of drivers' license photos so they could be used for a new POS identification system, so...
That's amusing--I'd seen it on the WSJ this morning and immediately searched the usual official mirrors of it looking for a more public access to it (seems WSJ got wise to cyberpunk/cyberpunk finally!) and didn't find anything, so huffed and went on about my day.
On topic, I'd wager that the FBI has a preexisting relationship with this university, having been named so quickly.
Returned Peace Corps IT Volunteer
The FBI and one university story is right above(and linked to via the "previous story" link") the Katz article about how trustworthy a university (or any academic institution) is to do academic research....
And the winner is....The School of the Americas!
I think Carnegie Mellon is credible, especially since CMU's got CERT - which specializes in security vulnerabilities. Altough I believe CERT is still funded by the government (department of defense).
Anyway, everyone knows that Penn State students are only good at drinking and rioting.
We want to know what Carnivore does and how. Having some hand-picked university reiview gives me zero confidence. Therefore I (or someone like me) will just re-request the information using the FOIA--and it has to be done all over.
Why not just post the entire source code on the Internet? If what they are doing is so secure and trustworthy, surely everyone can look at it to no detriment to the FBI.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
not decided which university will perform the review, and no information was given on who at the university will actually be performing the review.
Who will do the review is simple: it will be an undercover agent placed in the university to watch the rebelious students. It will help that the agent is probably a network administrator because having access to tap the network makes spying sooo much easier.
I am of course well aware of who L0pht is but it wasn't until reading you post that they have been aquired by @stake. I hadn't heard of @stake as far as computer security goes, but I have heard of them, because their CEO just moved in next door to me a few weeks ago. I never realized what they did until now.
You see, anyone who has watched the X-Files closely will automatically know that Carnivore is an alien derived system composed of new and mysterious technologies. They are monitoring our email to disclose the best time and point of attack!
The FBI is actually just a sheild for the impending alien invasion! They are among us!
okay, maybe not.
-brain
The Department of Justice is selecting who will review Carnivore.
They have higher education in Canada?! [/flameait]
--
"It's tough to be bilingual when you get hit in the head."
I hope this is not the FBI responding to the EPIC FOIA request. The FBI should turn over their unclassified documents on carnivore immediately; not coming up with some scheme to bury this issue for months so the public can get distracted by some other issue..
I would say this tactic works fairly well, nobody's thought about the missing/found nuclear harddrives at los alamos lately. I wonder how the token non-investigation is going.
-- Greg
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
I was thinking they would probably send it to School of the Americas.
No, that's phase II of the Carnivore test, the torture test.
George
Reminds me of the Zero-One-Infinity Rule.
r o-One-Infinity-Rule.html
http://www.tuxedo.org/~esr/jargon/html/entry/Ze
He's just saying that you'd need more than one, whatever that number happens to be.
>Ruby Ridge and Waco are examples of this.
>Um, no. The FBI has been exonerated repeatedly for what happened at Waco.
Not by anyone who isn't sucking on the government teat.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
The first-year students of the Colorado School of Arts have finished their review of the FBI's "carnivore" system.
"It is definitely a creative masterpiece," stated Rufus Niederman, spokesperson for the 20 student review team, "we feel that it will be a real attention getter in the years to come. Although the plotline is really just a re-hashing of a standard theme, the powerful new twist should be quite an audience grabber."
The FBI was enthused by this accolade, and intends to shoot for the widest possible distribution. Look for it, comming soon, to a screen near you.
Wake up - the future is arriving faster than you think.
Dorothy Denning is still at Georgetown.
I'm sure she would give it he usual thorough treatment...
>His son with 5 years of political experience...
I would think less time spent in the goverment would be a plus.
Think of all the tricks Al Gore must of picked up from Bill.
Later
Erik Z
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
The FBI has a long history of corruption. J. Edgar Hoover kept secret files on people like JFK and Martin Luther King Jr. People who weren't criminals by any stretch of the imagination had their phones tapped, were followed by the FBI, etc.
People could argue (I wouldn't be on of them) that more recent actions by the FBI demonstrate their willful disregard for the constitution did not end with Hoover. Ruby Ridge and Waco are examples of this.
No organazation should have unchecked power, and in my opinion, carnivore is too much power without enough checking.
Don't forget that Friday is Hawaiian shirt day.
My rumor mill suggests that the San Diego Supercomputer Center will be doing the review.
This is quite different from handing it to
some random CS department. Not necessarily
better, but different. SDSC is one of the
NSF funded Supercomputer centers. They are
more closely associated with UCSD now than
when I worked there, but it's definitely a
research center, not a university department.
This is not cool. :-(
On another note, what will the criteria be for the study? Will that be public?
Will they hand back a good/bad one word report?
Will the explain how it works? Who determines the study criteria?
Will they even be able to see all the code?
Someone needs to FOI the FBI into submission.
(I just how the university gets lots of government money to make the FOI act a possibility.)
penguinicide... when jumping out a window just won't do.
1. Find small university with Technical Sounding name that noone has ever heard of.
:P
2. You are going to review Carnivore whether you like it or not.
3. Here are your results in case you forget to give us a good review.
I'm really not paranoid. I would like the FBI to pick a credible school (i.e. MIT). However, Penn State should be their choice since it is the best
-An alumni of PSU
- Whether the people at the university can be trusted, or have been vetted by the FBI to guarantee a conclusion favorable to them (a la the Tricot investigation of the Rainbow Warrior bombing in France), and
- Whether the university people doing the investigation are getting the exact Carnivore system which will actually be put into the field.
While I still have enough faith in academics that I would doubt that a committee could be chosen which could whitewash the system a la #1, #2 is impossible to guarantee. Any time that the Carnivore box gets into the FBI's possession, it could be loaded with software which does literally anything within the capabilities of the hardware. Examination of one set of software by a universe of absolutely trustworthy academics cannot rule out this possibility, and it is the reason why Carnivore cannot be ruled trustworthy.--
Time is Nature's way of keeping everything from happening at once... the bitch.
-Daniel
This article makes me worried, especially since I start attending Arizona State University in about a week!
/.ers
What they should do, is only set it up to moniter certain e-mail accounts, that the students KNOW about, and then have them all send messages over a couple of days that might trip off the system that shouldn't, some that really should, etc, and see what the administrator comes up with.
If this system causes more e-mailings to be read than should be, it should be done away with.
Don't we all love the FBI? They are the PERFECT group to bring change in america! I mean, under J Edgar Hoover, they solved the problem of Martin Luther King REALLY quick. Oh, and let us not forget how much they helped with the JFK Assassination! Don't we have so much to thank them for?
This all makes me want to grow up to be an FBI agent. That way I can read all of CmdrTaco's e-mail from us weird
I'm sorry but if they hand it to Harvard or Yale, our communal goose is cooked.
:(
Be cool if they sent it here (don't worry, we'd do a good job). Though since I don't work in the security lab I doubt I would ever get to see it.
Why a university? Answer here.
What's to stop the FBI from choosing a university, or a specific department in a university, that get's major funding from the government, or the DOD. In which case it would be in the university's best interests to find only a few or minor "flaws" in the carnivore system.
Shouldn't, instead, it be a court or some other third party that gets to select the review board?
I trust universities about as much as I trust the FBI. Whatever university they choose will give carnivore a yellow dog review. At most they might point out a few minor flaws to make it look like an earnest attempt.
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
Some have launched special schemes, for example Boston U. is now giving away 2000 marks extra credit to anybody who can hack into FBI and select their univ by computer.
Other Univs are taking aggressive measures and crashing each others Networks with mutated CIHs etc.; so that FBI picks the one with a functional lab.
More news later. Keep your browser open. and refresh often.
This Site is cool. Dont be a fool. Click here
Pretty decent thing to do. At least now the kids in the universities will stop hacking and do some constructive work. Hope they Don't take this stuff the other way round though...
A cool Site to see. Is entry Free.
Anyway, I'm sure some uberhackers will subvert Carnivore into logging all traffic, thus boobytrapping the public support.
Stop the brainwash
You have to wonder what the FBI is up to.
GeneralKael -- Slacker Extraordinaire
I love fat cuny girls!
Sendmail is hosed and SIMS won't be ready for the beginning of the semester.
Now there's an interesting thought. Can carnivore keep up with SIMS? A packet sniffer can catch the packets, but sustained operation requires both capture and analysis. SIMS's MTA can be quite a handfull.
Temkin
Okay... so now we can pretend to find out who is causing those DOS attacks! ;)
Actually this is kind of scary, since most students who have any smarts should be using rsh, and pgp. I wonder if the school would have some sort of policy against those programs on their network if they were pushed to it.
kick some CAD
FBI's Carnivore To Undergo University Review
The final review team will include ...
Donald Kerr, the FBI's Laboratory division
assistant director ...
Sounds like this is gonna be real objective.
A pointless political stunt and a waste of taxpayer's money.
Yeah, that was a pretty funny follow-up :) But the idea of 'unbiased and objective' is so laughably funny that I break down into a small pile of shaking goo whenever I think of it. :)
If Carnivore passes, all of its opponents will claim that it was bias and pressure from its supports.
If Carnivore doesn't pass, all of its supporters will claim that it is bias and pressure from its opponents.
Of course, you could put both opponents and supporters on the review team and hope the biases balance out.
Eric ze Kidder
Sorry couldn't resist
So close and yet so far from the world's perfect ID number
It was meant as a joke about the earlier article, not an attack on Columbia, which is an institution that I actually find rather respectable.
Eh...
Perhaps it will be Colombia?
PSSST. FBI, I'll tell the world that your software is harmless if you slip me a $20 and a nice review.
Eh...
I wonder about the corrolation between this article and this one... http://slashdot.org/article.pl?sid=0 0/08/04/1824247
Why does the FBI get to choose the University that is going to review Carnivore in the first place?
Well if you ask Katz he'll tell you it's a conspiracy, because everyone knows the Universities are all for sale now.
Oh but wait, it gets better when they set up napster and w4r3z servers on all the Carnivore boxen they dissect. Heh, hotmail.com, yahoo, and more of the net's companies with the fattest pipes will become home to the latest RIAA CD and Id Software game.
I'm sad to say that I think you're absolutely correct.
Yup... it'll probably go to a "government-friendly" school... like RIT, a school well known for its wonderful ties to the CIA and government agencies...
Yeah... while they're at it, they'll probably plant a couple of FBI spies into the RIT architecture there too. I'll trust them... sure!
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
At least they didn't tie this up in some Senatorial Oversight Committee, or some equally useless, rubber-stamp group of Washington insiders.
A university is at least an objective (we hope) third-party. And if you select a university of sufficient size with a CS department of good reputation, such as MIT, Berkley, or Illinois/Chicago-Urbane (sp?), I think you could be assured of a good, professional evaluation. Two would be nice, but perhaps a bit of overkill.
"We will be putting Carnivore up for review by a selected University, which ever on is most owned within two weeks, then we will throw away their report, and make up our own. Any questions?"
====
Crudely Drawn Games
West Point?
University techs research the system in-depth. A flurry of emails flies back and forth.
By some coincidence, the FBI is not caught by surprise.
Well, I wouldn't really call anything developed by the FBI "art", but even if you could, how can they prove it if they won't release any info about it?
(btw, I hope no one's taking me seriously here)
-Space for rent
And which Corporation is going to fund this research? Maybe they'll get daring and try to patent carnivore so that the FBI can't use it...
-Space for rent
This FBI software displays nothing new, fundamentally. The only major difference I see is the scale of the effort. As has been said, the chances are pretty good that this kind of activity of this size has been going on anyway.
Plain-text e-mail has always been non-private. When you send it, you are using other people's property to facilitate the transfer. What could be more public domain than that? Talking on a sidewalk or at a mall or other crowded place is not much different (except that no one would assume their conversation was not overheard).
It would be nice if you could trust everyone to respect your privacy via the honor system. But you can't. Practically speaking, encryption (or some other form of strict authentication) makes more sense in enforcing privacy.
I'm stating, I suppose, my belief that this responsibility ultimately falls on all parties who stands to lose by having a piece of info unintentionally shared. In this case, however, the cynical approach seems to be the most rational if privacy is the goal.
People who take a phrase about JonKatz, and pervert it into something about Christ?
One future, two choices. Oppose them or let them destroy us.
LMAO!!! i lived in thunder bay for just over 3 years. you are soo right!! it is a fun university tho.
What's preventing them from simply using a flash upgrade or something of the sort.. once the thing is installed across the country and all ?
-Billco, Fnarg.com
It seems to be available...
An Education is the Font of All Liberty
Say that the object of the FBI investigation (aka joe_blow) has an account with his ISP. He gets his email sent to the mail server at the ISP. If the FBI decides to investigate joe_blow, can't they just subpoena the backup tapes from the mail server for the last month? Couldn't they recreate email to joe_blow for the period in question? If joe_blow uses some semi-anonymous email service on the web, couldn't the FBI get a warrant and sniff the ISP for the period? Couldn't someone with the proper motivation read whatever they wanted out of the sniffer output? Carnivore, shmarnivore. If they want you, they got you.
the review this is tricky stuff~ you see, it's like when you have to review your boss, you give each other good scores, lest 'mutally assured destruction' occurs. feds=fed funds
"and Mathilda said... are those dreams or are those prayers?" tom waits
I don't have a problem with the FBI going after criminals Emails either. What I do have a problem with is that carnivore to get the criminals emails MUST record ALL trafic on a system that it is connected to. That would be like a phone tap of one guys phone line recording every conversation in the city. BAD IDEA.
JOIN !LINK CLUB!
Now that we know, thanks to Jon Katz, that our universities are just bribed by corporations, how do we know whether we can trust their choice? Or maybe it will be a university whose football team coincidentally happens to play in the Louis Freeh Stadium...
Or maybe it'll just be a crummy university with no CS department...
Screaming headline:
Reed College professors clear controversial FBI program,
declaring: "Carnivore Code Looks Like Cuneiform"
I had a feeling cnn.com wasn't the best source for the story, but a quick yahoo/google search didn't find anything better. I was a little curious how the FBI could turn over a totally classified system to a university. And what do they think the university is going to find? "Yup, it's a packet sniffer with a really cool decryption chip built in..."
After working on a (possibly related) similar project for 2 years and seeing the security required as a contractor, I was a little doubtful of the effectiveness of the review. What project? Well, it was mostly for these folks. Atleast we know the government knows we want someone to watch the watchers.
-----
My karma is still less than my age.
Planning to be moderated ± 1: Bad Pun.
Now, would that system be reviewed by professors, students, doctorate students, or by whom?
Tongue-tied and twisted, just an earth-bound misfit, I
Learning to fly, Pink Floyd.
Having a leading university review Carnivore is a Good Idea (TM).
Having a leading American university review Carnivore is a Bad Idea (TM). Why? Oh, sure, like the FBI doesn't have any research or academic interests. Puh-LEASE.
Just fire up one of them there Carnivore machines to a Canadian university (lots to choose from, and even a handy ranking tool to help). The FBI can't come snooping, us Canucks will be pretty much impartial, and with luck the machine will get hung up at Customs and the FBI will have to pay duty on the thing.
Mr. Ska
Well, let's assume they choose a Canadian University. The FBI gets to choose, right? So that would be, what, Lakehead?
Reno said the university experts will have "total access" to any information they need to conduct their review.
I hope this means that the source code is included in that promise. Until I got to this part of the article, I had envisioned the FBI dumping a set of software specs on some professor's desk and saying, "here's the design, so begin your 'review'". I'm also somewhat suspicious that the FBI will give the work to some outfit that depends on lots of federal government grants and contracts, which will call their objectivity into question. Law enforcement knows exactly which friendly judges to go to to get a warrant, so what makes academia any different?
"If I have seen further than other men, it is by stepping on their glasses." - Michael Swaine
I am a Unix administrator at a large land-grant research university in the South. We have 36000 users spread across 5 campuses. Sendmail is hosed and SIMS won't be ready for the beginning of the semester. There are only 8 of us administering this mess. And only 3 who handle the mail hosts. Put this on us and we will die like Viking war dogs. I am begging you pick the University of Alabama...
Sincerely,
Anonymous Coward
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
No. No. No. Liberty University. Jerry Falwell rules!
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Because testing this on a university LAN is like shooting fish in a barrel.
"..don't you eat that yellow snow."
I don't think you are confused at all.
"..don't you eat that yellow snow."
Relax, my friend. This material nonsense won't last too long. So we get beat-up by the fearful and hateful, big deal.
"..don't you eat that yellow snow."
The only way for the American people to protect their liberty against this intellectual predator is to include at least one word in each email that it might construe as criminal or seditious. But, for this to work we must all pick a word and use it in every transaction. Like Ben Franklin said, "We must all hang together or we will most assuridly all hang separately." My word for the day is; letterbomb.
"..don't you eat that yellow snow."
I worked in a college, for years, and lemme tell ya, the Capitol Hill gang couldn't possibly form more committees, sub-committees, task forces than any two people in academia if left alone in a room for 15 minutes.
The truly amazing thing was to see that comparatively, glaciers absolutely rocket down mountains into the sea.
I've been gone 3 years now, I wonder how many of those old committees still count me as a member in good standing?
Vote Naked 2000
A feeling of having made the same mistake before: Deja Foobar
I wonder if the university will be in the US.
And then we're supposed to accept the results as having some significance or relevence?
Excuse me, but have you EVER known an "impartial" review, when the reviewee pays the reviewer?
OF COURSE they're going to pick people most likely to be sympathetic, and ply them with "sweeteners" to "encourage" a favourable result.
If the FBI wanted a genuinely honest result, they would be taking a hands-off approach. They'd make Carnivore available to a RANDOM assortment of Universities, place NO constraints on who was to do the testing (detailed records would be ok, though, and very desirable), and provide proof that they had NO contact with the researchers, the University, or ANY friends or relations, during the work.
(They could reasonably be expected to ensure that no other intelligence agency did, either, though.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
No, I think it is cheaper to just bribe someone at an university to say there's nothing wrong with it than appointing an entire comittee :-)
Every expression is true, for a given value of 'true'
Hey, wait a minute, how does Carnivore get its logs back to the FBI? Is the FBI going to have removable media in this thing and have the logs sent by snail-mail? Otherwise how the heck is this thing going to transmit stuff back when its installed at a busy site with a saturated outgoing connection? Would the ISP be able to do traffic analysis on the transmitted traffic to determine what kind of data the thing is logging?
So many questions, so few answers.
-- Remember: Wherever you go, there you are!
Um, no. The FBI has been exonerated repeatedly for what happened at Waco.
Not that I would trust the FBI to keep its nose clean, but at least blame them for things that are actually their fault.
-jon
Remember Amalek.
I was thinking they would probably send it to School of the Americas.
Where did you get the idea I was anti-gov't? I'm actually pro-gov't. The reality is that academic research is skewed by government funding.
In the end, only Congress and the courts will be able to check the powers of the DOJ, which is reaching beyond the 4th ammendment with Carnivore.
The court of public opinion will only be satisfied with complete public disclosure and verification that their rights aren't being violated.
I bet the University they select will be
one that receives grants from DOJ. If not,
then there would certainly be some other
financial/political conflict of interest. After
all, Every university receives copious ammounts of funding from the US Government.
Actually, it wont be the University as much as the professors at the university. There *has* to be at least one professor in the DOJ's pocket somewhere.
Shouldn't they be appointing a comittee that will take a few years to make up their minds?
They had better make it public. I wonder if the documents that the universities recieve will be part of the publicized review, or is that too much to ask of the FBI.
I am always wary of that sort of thing because universities are easily pushed around by the NSA and other similar bunches of spooks-in-suits... If they are easily pushed around on what cryptography research they can do and/or publish, why not deliver a fixed report after some smoke-filled-room discussions... Not to sound like a paranoid, but i'm usually skeptical of this sort of thing because we always find out 20 years later once things get declassified that the public was being lied to. It happened with the civil rights movement, where the army and the FBI were keeping lots of surveilance people busy watching potential rabble-rousers... It will happen again now with this, and we'll only find out after it's too late, and it'll happen yet again with tomorrow's technology so the powers that be can keep any free thinkers under thier thumbs...
---
Play Six Pack Man. I
I would suggest that if ISPs and privacy minded individuals are really bothered by a Carnivore system - why not put our own filter in place upstream of the Carnivore box?
Filter out all but the packets that pertain to the subject under the warrant - the Carnivore system gets NO chance to exceed its legal bounds.
You could even get fancier and "expunge" the subject line from the mail header packets that are fed to Carnivore.
I doubt this would be more than a few weeks worth of work for the right hackers 8-) Maybe even be a "floppy" distribution like the one-floppy router project. Call it ZooKeeper (feeds the Carnivores and Omnivores).
The FBI can't really object - we can make the source code available for THEM to audit. It does exactly what they need, so a court should back up someone using it (i.e. they ARE cooperating fully).
Any takers?
I think the FBI is great and does a great job, but I'm not going to give them the keys to my house because they tell me they won't search it without a really good reason.
OK... From the story....
But privacy advocates and some members of Congress fear the system may cast too wide a net, encompassing private information about legal activities and leading to potential abuses.(emphasis added)
Some members of congress feel that there is potential for abuses. The only way for potential abuse is for monitoring information of non criminals/suspects which means private americans and corporations, From what I understand the FBI was instuted to protect, in part, the protection of Americans privacy. Some of our own congressmen admit, by implication, that the FBI is corrupt. I don't know about everybody else but if I had a choice I would not want the FBI involved in anyhthing remotely close to me due to the possibility of abuses. In fact if I had a choice I would have the power of the FBI GREATLY reduced so that Americans privacy would have more protection.
If at first you don't succeed, skydiving is not for you.
I remember seeing a interesting documentary on A&E about Las Vegas slot machines. There's an industry where the software that runs the machines quite likely could be (and as the documentary pointed out, has been) tampered with in favor of the issuing party. This is extremely serious, because if people don't believe the machines are giving them fair odds, they won't play, and Vegas would be finished (the machines run the town).
To prevent this, the ROMs that the machines run are *tightly* monitored by a government review board, who, I would assume, employ assembly language gurus and the like to make sure nothing fishy is up - and this board can randomly inspect any machine, at and time, for any reason, and god help you if your rom doesn't match the one on file.
Such a system would work very well to control the carnivore system, I think. Of course, my country isn't proposing to do anything this insane, yet.. When I think about it, sweet jesus, it's scary - they want to be able to tap any email or internet connection (packets are packets, right) at any time!
There's got to be a mecahnism put into some of the popular mail readers (mozilla?) to allow for hard encryption during transit happen real soon like. I mean, who gives a @#$@ how crappy the passwords are stored (put them in a .conf file) just so long as they're being *used* for email, ideally, transparently. Then carnivore is effectively useless. Too bad Microsoft wouldn't implement something like that - would be sweet. Or even if ICQ supported it (there is a ICQ client for secure comm now, Linux only..)
Just some thoughts.
..don't panic
Phone rings...someone on the other end of the line picks up.
Voice: "Hello?"
FBI Director: "Uh, yes, hello, this is the director of the FBI speaking. Ummm...I'm doing some..uhh..research here and I need to know the top ten most government funded universities in the US."
Voice: "Well, University X received this much, University Y received this much, and University A tops the list with a wopping X amount of money given to it by the government."
FBI Director: "Right!! Thanks!"
Director slams down phone. Leans out of office window, yelling:
"Johnson!! That university that we were looking to test Carnivore? I've got one lined up!"
This was meant to be humorous, not to be taken serious by any stretch of the imagination. Please moderate and reply accordingly
This is ridiculous. The government is monitoring communications and won't reveal the manner in which they do it? The FBI should be forced to comply with FOIA requests for any and all documents related to Carnivore. The FBI is the servant of the citizenry, not its keeper, and should be put back in its place.
Oh, but Bush and the CIA didn't do anything! And he certainly didn't pardon most of the people involved before he left office!
Pax Digitalia
They should pull a trick like the CIA did when it was discovered their involvement with cocaine and Latin American contras - do an internal investigation and state that we found nothing out of order. The media/public bought it last time.
You are more than the sum of what you consume.
You are more than the sum of what you consume.
Desire is not an occupation.
After getting reaction from privacy and law enforcement groups, one will be recommended to Attorney General Janet Reno. He said the university will be selected partly based on its technical expertise in computers and its ability to conduct a "thorough and timely" review. Reno said the university experts will have "total access" to any information they need to conduct their review.
OK Kids.. Here's five dollars, you have twenty minutes to 'review' the system.. No you may NOT open the box - Heres the instruction manual:
Welcome to new CARNIVORE system
Your new CARNIVORE system made from component of hi quality. If use, keep dry. Not to open style case with not user serviceable parts inside.
To Operate
1) Press POWER button
2) plug to NETWORK connection
3) Wait for single beep tone
4) Leave connected- Only AGENT use now
If Problem occur
1) Check power cord - Is plug in?
2) Did POWER button completely depress?
3) Contact AGENT for assistance, No user serviceable parts inside.
air and light and time and space
This may be a little reaching, but perhaps instead of a university researching it, why not have Universities test it out on a private internet?
Internet2 is already there, with several tech-filled campuses using it. Why not just have the Internet2 test out the Carnivore and have those U's figure out its flaws, its innards, and what vulnerabilities to people's rights it would have.
To me, that seems like the best idea, and it won't disturb anything with other countries or people's rights, just make the U's on I2 a little more worked, but for the good of everyone.
Dragon Magic
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
Seriously, do you want to end up with a bunch of students reading through (Ada, no doubt) obfuscated (wait, I already said Ada) source code and trying to figure out what it does? After all, the researchers are all too busy working on corporate research to be able to do this...
Anyway, all there needs to be is ONE buffer overflow/security hole in the code, and then the FBI can get in and push bits around on the stack until it's reading everybody's email. Remember to check for that!
Free BeOS, runs from a Linux partition
Question: Does the FBI Training Academy count as a university?
Fire and Meat. Yummy.
Someone unbiased and objective, I'm sure. Kinda ironic this followed right on the heels of Katz's article on the tainting of academia from outside influences.
"Extremism in defense of liberty is more fun."
I've got a plate of rice crispie treats and a pint of Guinness that says they do it. Anyone want to bet?
This is my signature. There are many signatures like it but this one is mine..
If you're looking for an objective review of software, you don't go to the company chosen by the publishers, as it will obviously be swayed.
If this is a public inquiry required by the gov't, why not let the public decide which university? Anyone else think this is a bit strange?
Also, totally OT, but... this is killing me...
Anyone else worried about G.W.'s ties to the CIA? I mean, his father was the head of the CIA for a while (during iran contra, i might add), and now, all of a sudden, BOOM his son is up for President. His son with 5 years of political experience...
So the former head of the CIA pulls some strings and gets his son nominated for president... Said son states that one of his 3 main platforms is national security....
I'm scared, and I'm wondering why noone is talking about this.
I guess it isn't really even offtopic. I mean, Carnivore is the FBI's surveilance system. Does anyone honestly believe that the CIA doesn't have a surveilance system in place?
I don't like Gore either, but with GW's puppetness, CIA ties and stated platform of national security, I'm more than a little worried.
Now, this should only be done when a full wiretap authorization has been given by a court order. The part that needs Real Close Examination is the logging of enabling and disabling such captures. If that's sloppy or has holes then anyone could be monitored without proper authorization.
Beyond that one should be asking what will be done to review that logging - will this be done by the FBI, making sure that the FBI is only watching who the courst have said they could? Self monitoring has certain weaknesses ...
This also applies to the "trace and trap" or "pen register" modes, where only the From: and To: information is being captured. The code review can confirm that the mode works as it should, but it also should confirm that moving from trap and trace to full capture mode gets logged as well
US citizens might consider the establishment of a standard for wiretap authorization; perhaps as a rider to CALEA. This would involve digital signatures for enabling levels of authorization, with an indirect process to generate the electronic command - the FBI asks, the court grants and sends the enabling command. And the code is well reviewed for any holes in the enabling and logging logic.
The real question is whether or not they will suspend use of the box during the investigation- otherwise they can just milk this thing for as long as they want and keep using the system, or switch to a different method that is equally invasive...
Is this going to be used as a final decision regarding the use of this email interceptor?
We just read an article which suggested that Academia is progressing towards profitability and less credibility
Am I too harsh in thinking that nothing will come as a result of a long and drawn out process of 'experts' reviewing the integrity of the system. It all depends on who they ask to review it.
If we are lucky, then somebody of good faith will be able to post intimate details of the inside guts of the system. Can we only hope, so we can keep our right to privacy?
The FBI should ask Jon Katz what university would be best for the review. Without his help, they might select a university influenced by UnichemaMcPetroColaNikeDollars and not really do any real research.
-------------
The truth is out th- oh, wait, here it is...
Let me reiterate.. at least two universites.
Having only n universities examine the machine is a 'bad idea'(TM). For any real security evaluation, you ought to have at least n+1 teams examine the device.
Let me reiterate... at least n+1 universities.
Why do they even need the system in the first place? ISP's can provide them with all the information they are legally entitled to when they present the ISP with a court order. Why do they need their own unmonitored access to all email on the ISP?
As stated in the above post, this outside review of the software doesn't prevent the FBI from making changes in the future without notifying anyone. I think the FBI is great and does a great job, but I'm not going to give them the keys to my house because they tell me they won't search it without a really good reason.
Don't forget that Friday is Hawaiian shirt day.
"We will provide a superb education for all our students for years to come," said an FBI-U rep. "Well, at least until our 'faculty' get done 'researching' that Carnivore thing."
Sandidge
Bob Jones seems an obvious choice.
"Extremism in defense of liberty is more fun."
Why does the FBI get to choose the University that is going to review Carnivore in the first place? Why a University? It's like asking Bill Clinton to choose the person to investigate his latest impropriety (Ginger Lynn, the porn star... wait for it.) Or like Micro$oft appointing the Judge to preside over their anti-trust trial.
/. reader, but because the hackers and the Fed are natural adversaries. It's the only way to make sure Carnivore gets a thorough PEER-REVIEW. Hackers would really get under the thing's skin, while academics will complement it's object-oriented design, oogle the UML specs and give a favorable review in exchange for a research grant. The only hope is that, since this thing will end up at a University... Well, their security ain't the best.. We'll get to see it somehow.
The decision of who and how will review Carnivore OUGHT to be made by a panel of SECURITY EXPERTS, not the people accused of 'wrongdoing' in the first place. I'd like the decision-maker to be Bruce Scheiner, and I'd like him to hand Carnivore over to the L0pht guys (umm, excuse me, @stake).
It should be the hacker community that gets to scrutinize Carnivore. Not because I'm a
In the very least, I hope a formidable research University gets the nod. Someplace like CMU, MIT, or UC Berkeley would/might do this right. I'm sorry but if they hand it to Harvard or Yale, our communal goose is cooked.
-- What you do today will cost you a day of your life.
The WSJ ran an article this morning that had a less happy veneer. The high points were that the FBI was claiming Carnivore was classified information, and that thoguh they'd submit it for evaluation, it would not become public knowledge in any form whatsoever. The article is here at http://interactive.wsj.com/articles/SB965861735609 205665.htm
And here are relevant excerpts:
"The Federal Bureau of Investigation declined to give to Congress details of its Carnivore Internet surveillance system, telling a member of a House oversight committee that some of the documents he requested include classified information and others are the subject of a pending lawsuit seeking their release"
"...the bureau wrote that it is "not presently in a position" to provide documents he requested. "There remains substantial public misunderstanding and misinformation about the system," wrote John Collingwood, assistant director for public affairs."
"...the Justice Department has been negotiating such a review with the University of California at San Diego's Supercomputing Center, said Tom Perrine, the center's manager of security technologies."
and my favorite:
"Mr. Perrine said that part of the FBI's challenge using Carnivore is conducting Internet wiretaps under U.S. laws that predate the Internet. "Carnivore is probably the best program and the most privacy-protective program that [the FBI] could have written given the lack of guidance in law from Congress," he said."
Returned Peace Corps IT Volunteer
What we need here is a redundant array of inexpensive universities (RAIU). At least four universities should be set to the task of evaluating Carnivore, independantly. Meanwhile, one additional university is given the task of checking the findings of the other four as they come in. If any of the results don't match previous statements made by the FBI, you throw them out.
;-)
Seems simple to me...
Once the FBI submits Carnivore to public (the university) scrutiny - will they then be able to install their boxes with impunity, without continuous monitoring? Perhaps I'm stating the obvious, but how hard would it be for them to fill a box with some fairly innocuous code and then run whatever they want once they get the green light and the spotlight dies down? Just a thought.
-artistX
Let me reiterate.. at least two universites.