Slashdot Mirror

← Back to Stories (view on slashdot.org)

University to Review Carnivore

Posted by Hemos on from the interesting-take-on-things dept.

stubob writes "CNN.com is reporting in this article that within the next 2 weeks a university will be selected to review Carnivore. This is apparantly a follow-up to this story posted on Slashdot last week. It will be a hardware and software review, lasting until December. The FBI has not decided which university will perform the review, and no information was given on who at the university will actually be performing the review."

5 of 128 comments (clear)

  1. Choose your own executioner? by jabber · · Score: 5

    Why does the FBI get to choose the University that is going to review Carnivore in the first place? Why a University? It's like asking Bill Clinton to choose the person to investigate his latest impropriety (Ginger Lynn, the porn star... wait for it.) Or like Micro$oft appointing the Judge to preside over their anti-trust trial.

    The decision of who and how will review Carnivore OUGHT to be made by a panel of SECURITY EXPERTS, not the people accused of 'wrongdoing' in the first place. I'd like the decision-maker to be Bruce Scheiner, and I'd like him to hand Carnivore over to the L0pht guys (umm, excuse me, @stake).

    It should be the hacker community that gets to scrutinize Carnivore. Not because I'm a /. reader, but because the hackers and the Fed are natural adversaries. It's the only way to make sure Carnivore gets a thorough PEER-REVIEW. Hackers would really get under the thing's skin, while academics will complement it's object-oriented design, oogle the UML specs and give a favorable review in exchange for a research grant. The only hope is that, since this thing will end up at a University... Well, their security ain't the best.. We'll get to see it somehow.

    In the very least, I hope a formidable research University gets the nod. Someplace like CMU, MIT, or UC Berkeley would/might do this right. I'm sorry but if they hand it to Harvard or Yale, our communal goose is cooked.

    --

    -- What you do today will cost you a day of your life.
  2. It's not a public review. by griffjon · · Score: 5

    The WSJ ran an article this morning that had a less happy veneer. The high points were that the FBI was claiming Carnivore was classified information, and that thoguh they'd submit it for evaluation, it would not become public knowledge in any form whatsoever. The article is here at http://interactive.wsj.com/articles/SB965861735609 205665.htm

    And here are relevant excerpts:

    "The Federal Bureau of Investigation declined to give to Congress details of its Carnivore Internet surveillance system, telling a member of a House oversight committee that some of the documents he requested include classified information and others are the subject of a pending lawsuit seeking their release"

    "...the bureau wrote that it is "not presently in a position" to provide documents he requested. "There remains substantial public misunderstanding and misinformation about the system," wrote John Collingwood, assistant director for public affairs."

    "...the Justice Department has been negotiating such a review with the University of California at San Diego's Supercomputing Center, said Tom Perrine, the center's manager of security technologies."

    and my favorite:

    "Mr. Perrine said that part of the FBI's challenge using Carnivore is conducting Internet wiretaps under U.S. laws that predate the Internet. "Carnivore is probably the best program and the most privacy-protective program that [the FBI] could have written given the lack of guidance in law from Congress," he said."

    --
    Returned Peace Corps IT Volunteer
  3. Re:One university? No. by ajs · · Score: 5

    What we need here is a redundant array of inexpensive universities (RAIU). At least four universities should be set to the task of evaluating Carnivore, independantly. Meanwhile, one additional university is given the task of checking the findings of the other four as they come in. If any of the results don't match previous statements made by the FBI, you throw them out.

    Seems simple to me... ;-)

  4. I'm a little confused. by artistX · · Score: 5

    Once the FBI submits Carnivore to public (the university) scrutiny - will they then be able to install their boxes with impunity, without continuous monitoring? Perhaps I'm stating the obvious, but how hard would it be for them to fill a box with some fairly innocuous code and then run whatever they want once they get the green light and the spotlight dies down? Just a thought.

    --
    -artistX
  5. One university? No. by wmoyes · · Score: 5
    I am sorry, but having only one university examine the machine is a 'bad idea'(TM). For any real security evaluation you ought to have at least two teams (which implys diffrent skillsets) examine the device. Also if a university examines it it will likely be a professor or two and a handful of students (that might not have the skills that I would concider necessary).

    Let me reiterate.. at least two universites.