Slashdot Mirror
Carnivore Comes Up Hungry
voodoogumbo writes "A USA TODAY article says universities are declining to review the FBI's controversial Carnivore email sniffer. Academics are concerned that the Justice Department is looking for little more than "rubber stamp" approval of the system. The sordid details are
on their site."
Quoth the article:
-Researchers may examine only those matters the government wants examined.
Gov't: Please verify that this device has a power switch.
University: check.
Gov't: Thank you, this concludes your exhaustive evaluation.
Ad in classifieds: Pandora's Box (no box) $5
... for not foisting this crap on us.
If the DoJ had their way, they probably wouldn't even let PUCC tell us about it before they started sniffing our mail.
All of you college students out there, get a hold of your computing center's admins. Let them know that this is a bad idea. Most likely, they're geeks like us who are willing to listen (I know the guys around here at Purdue are somewhat accessible, but I also had press credentials at the time. Still, doesn't hurt to try.) Give them a link to this Slashdot story. Just make sure to get the point across in a clear, rational manner.
It's pretty common for universities to test products/software/policies that the government wants to issue. That's how they get those grants, you know. For example, my school was involved in determining the privacy implications of the Intelligent Transportion System.
The publishing restriction is quite common, as is the requirement that they be screened. The real issue is the middle restriction, that "Researchers may examine only those matters the government wants examined." This means that the government can basically say "look at this irrelevant stuff only, and tell us whether it works." The university would not be able to actually examine the product as a whole. That is a restriction that few researchers are willing to live with. It basically renders any opinion worthless. So, I'm with those researchers that are unwilling to do this. I don't think they're going to find a reputable university to do the review... of course, there are many third/fourth tier universities that will do backflips for the grant money.
Thalia
These schools do not want to liable if Carnivore. Is used for the wrong reason. Would want to be the school that OK a sysytem that framed the wrong man.
A lot of people are probably going to accuse me of being paranoid here but... I'm sure the government would like nothing more than a big university like MIT to say carnivore is okay. It's part of a propaganda war. Those who are then less educated or lazy will just think the government isn't spying on me, the folks at MIT even said so, and the as a whole Americans give up another bit of privacy. If the government was truly interested in letting the American people know carnivore was about they would open source it. What do they have to loose? There not going to sell the code to carnivore or are they. They want to assure the American public their privacy isn't being violated, don't they? If carnivore is truly what they say it is, let everyone look, not just the "elite" at a university.
The secrecy sorrounding the entire sordid affair needs to go to the wayside. If they have no dirty secrets to hide, they should willingly expose carnivores innards for review. Especially when viewed with their logic that only "criminals" need to be concerned about privacy.
So, encrypt, or forge headers/ip addresses, or tunnel, or...
whatever. move on, nothing to see here.
Never meant half of the things I said to you. So you know, there's a half that might be true - G. Phillips
--
What follows is an executive summary of Carnivore. The information provided is accurate to the best of my ability. I am not responsible for any omissions or factual errors.
--
First, it is called Carnivore. Second, "victim" is spelled "victim". I will make a brief summary for those who have not heard of it. Carnivore is a network of black boxes the FBI is planning on deploying at all major ISPs to monitor e-mail traffic. One of the first major ISPs to be asked to install it, Earthlink, refused on the grounds that it was incompatible with their network infrastructure. Based on information released, it is essentially a glorified packet sniffer modified to capture e-mail communications.
The FBI claims that Carnivore is needed because criminals are becoming more sophisticated and using e-mail to carry out criminal activity. There is some precident to support this, as well as evidence that the FBI may very well be justified in this. In many cases since the early 80's phone logs have had a substantial impact on forensics. The phone companies currently maintain logs on who calls where for an indeterminate period of time, generally atleast 90 days. It makes sense to provide a network where this information could be garnered online. The fact that e-mail is "plain text" and requires no additional processing (unlike voice, which requires someone to actually listen and transcribe the conversation), there is a lower barrier to entry. Translated, it is cost effective.
Those are the justifications. Now, essentially the argument against this boils down to one simple statement: Do you trust the government? There is plenty of reason not to trust the government. There have been a variety of high profile cases where the government spied on citizens without a warrant or any judicial approval. In particular, the handling of the Waco, TX and Ruby Ridge incidents come to mind for the FBI. As a result, the FBI has been busily modifying judicial procedures to allow them to tap without a warrant, as well as the ability to use illegally obtained evidence. They have continually been expanding their power base. Something which was illegal 5 years ago is now not only legal but approved by the majority of citizens. Carnivore could be seen as part of a larger initiative by the FBI to remove accountability for its actions and also to treat the average citizen as the enemy until proven otherwise (guilty until proven innocent). The current political atmosphere the so-called "baby boomer" generation has engendered has further fostered this attitude.
Other intelligence / law enforcement agencies have also been busily adapting their organizations to take advantage of net-based technology. Recently it was discovered the NSA had (and continues to) partner with several countries including Great Britain, Franch, and Australia to form a global monitoring network called Echelon. It is a more general information gathering network than Carnivore and is more in-line with the NSA's role in our government - handling signals intelligence (SIGINT).
I would request in advance that political discussion on this matter be taken offline, as this issue has been hashed and rehashed on a variety of websites, lists, and zines. Further information is available by simply searching on Google (www.google.com).
--
Signal 11 -o- BOFH, boredengineers.com
All truth goes through three stages. First, it is ridiculed.
Then, it is violently opposed. Finally, it is accepted as self-evident.
The government's inherent authority to conduct electronic surveillance? Funny, I thought the government was only supposed to have the powers enumerated in the Constitution, and I'm fairly sure Madison&co. didn't include an "inherent authority to conduct electronic surveillance."
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
If people want to protect information over the net they should encrypt it, which unfortunately is very infeasible at the moment because 99% of people don't have the right software installed to use it on the other end. (In short, the current infrastructure is dismal.)
That said, the net is an open system like it or not. The concept of privacy by regulation (government or otherwise) is as unfeasible as expecting information to be automatically delivered to the place it was sent without any end-to-end intervention to check the correct information actually got there. This is why TCP is used so much, because it creates reliable information streams over an open system.
If net privacy is going to go anywhere seriously, it has to be end-to-end. Relying on anyone, government included, to turn their back because you ask nicely doesn't make much sense in the long term. Encryption needs to be opened and standardised fast. It also needs to be more decentralised, so nobody can take control of it. (At the moment my favourite idea for email decentralisation is if ISP's began running their own public key servers for email addresses on their domains.)
Other useful things to happen would be if web providers started using secure connections automatically. This would be much easier to get going if browser makers would stop popping up annoying dialog boxes that "warn" people when they're entering a secure session by default.
Warning about entering an insecure session is understandable, even though this almost never happens unless the user was in a secure session first. Otherwise all the dialog boxes do is provide an incentive for web designers not to make things secure until they absolutely have to.
===
The secrecy FEDGOV is attempting to maintain around this Privacy Invasion Tool(PIT)(tm) is laughable if you even think about it just a little while.
FEDGOV appears to be implementing what is essentially just a custom filter that seems to be tweakable to some degree that is designed to suck up email (and possibly other traffic) for a targeted individual. The key to this is that they aren't willing to settle for logs and the cooperation of the ISP they are placing their black box in front of. Seems to me that they are trying to do a bit of an end-run around any possible accountability that might somehow be seen if they had to actually ask politely and show a warrant like they have had to do in the past.
This is the real danger of such devices being placed in the network. What is it that will be coming out of this box? Bits and Bytes. Are we really supposed to trust the FBI by essentially writing them a blank check? Let's consider that question in light of the fact that the FBI has been known to manufacture evidence when they feel the need is "pressing".
If they want to place these PITs on a network, there need to be verifyable protocols to determine that the bits the FBI claims were found were actually there. I think if they are entirely on the up-and-up, these things should be opened up and the internet community solicited for comments on how to make sure that they are verifiable and trustworthy.
Z
This is an ex-parrot!
Change your name to Sarin N. Gas. Find a pen-pal in Saudi Arabia. Have the word LETTERBOMB as your letterhead. Talk exclusively about 'freeing the people'. And end all correspondance with the cryptic phrase, "My Bird takes a long walk."
"..don't you eat that yellow snow."
I'm guessing they don't want the public embarrassment of the universities disclosing the fact that ROT-13 will defeat 99% of their snooping ability.
Never meant half of the things I said to you. So you know, there's a half that might be true - G. Phillips
Warning: this post is going to be seriously random.
I almost can't take this anymore. How can we wake up the public to see that our Constitutionally guaranteed freedoms are being stolen right from under our nose? On a related note, check out this article Harry Browne wrote about his Supreme Court litmus test (question 1: "Can you read?").
Back to the serious part: what can we do? What organizations are out there watching the government now? A thousand angry Slashdot readers are nothing but noise. How can we organize; create an "open source" protest against this ("this" not being Carnivore specifically, but the gradual movement of the USA to Oceania)? Let's get some suggestions here.
I tried to register unconstitutional.org yesterday but it's already taken. Does anyone know of a site that lists all of the laws in effect which are clearly unconstitutional? I'd love to see that.
--jb...that everyone thinks 1) the FBI is looking for a rubber stamp in order to lull the avg. american (further) into her/his sense of complacency - or provide continuity in it; 2)the FBI has consistently illustrated its inability to control itself in regards to information gathering on the 'average' person (if you think the FBI is watching you, you're probably NOT paranoid); and 3) if the FBI implements it anyway, they will probably only catch the 'dumb' criminals who communicate/work on-line.
The question is: will the FBI care (read: 'revise' or 'not use/release') if no educational institution provides the rubber stamp? I have no faith (but that's beside the point), and I have no trust that any congressional committee/panel/hearing will in any way change the actions of the FBI (though it might change their line of BS).
If they really feel that this software is nothing to be worried about, why don't they put it up as an 'Ask Slashdot'?
Janet Reno asks:"I have the source code to a piece of software that my employer is a bit worried about. Do you think that this is a violation of anyone's rights?" So, what do you think crowd? Go ahead and check it out, and feel free to let us know what you think...
((Source Code Follows, then followed by 12 first posts, 18 Dickinson Poems, 23 Penis Birds, 4 rants on MDMA, and 1 comment about how the FBI sucks, moderated up to +5 Insightful.))
September 4, 2000
1. The Department of Justice reconfirms its acceptance of all relevant resolutions of the People of the United states, including the declaration of independence and the bill of rights. The Department of Justice further reiterates it's undertaking to cooperate fully with the People of the United States.
2. The People of the United States reiterate the consent of all people to respect the lawful application of justice. We hear by give the department of justice permission to execute our will as defined by the Constitution and bill of rights.
3. The Department of Justice undertakes to accord to The People of the United States immediate, unconditional and unrestricted access to CARNIVORE
4. The People of the United States and the Department of Justice agree that the following special procedures shall apply to the initial and subsequent inspections of CARNIVORE.
a) A special group shall be established for this purpose by the People. This group shall comprise a group of people selected an modded on /. The group shall be headed by a commissioner elected by the group. Possible people include Linus Tovaralds, Steve Gibson, Neal Stephenson and Kevin Mitnick
b) In carrying out its work, the special group shall operate under no mandated guidelines other than this: Find the Truth. This is the will of the people.
c) The report of the special group on its activities and findings shall be submitted to the People.
5. The People of the United States and the Department of Justice agree that all other areas, facilities, equipment, records and means of transportation shall be subject to Inspection at all times.
This contract was derived from The memo we sent Iraq in regards to inspections involving weapons of mass destruction...The DOJ is pulling all the same tricks that Iraq did. This is an example of Government NOT deriving their just power from the consent of the governed.
If voting were effective, it would be illegal by now.
With phone records, and in court, you only need to show record that something passed between two parties. You don't need to show what passed between two parties, only that the two parties communicated.
It's also funny that academia, usually seen as the enemy of Big Brother, is now seen by the FBI as saviour.
More likely it's due to the restrictive rules imposed on whichever university audits it.
By 'rubber stamp' they mean that the auditing guidelines are such that the university cannot actually publish negative results, and basically is just supposed to 'rubber stamp' it without really testing.
You can't wake everyone up.
Because "people are WILLING to give up essential liberty to obtain a little temporary safety." (Didn't one of the founding fathers WARN about this?!)
The Constitution has, unfortunately, become just another piece of paper.
Everytime we turn around, we need "permission" (aka licenses) to do anything, and we're the ones that let the crooks, er government get away with demanding permission from us, even though WE ORIGINALLY have the right! What ever power we DON'T give, we RETAIN. But somehow congress has twisted that into meaning, people don't have ANY rights, and must ask them for permission! The NERVE! And we let them get away with this crap!
The best we can do, is get people to READ this book to see documented cases of just how tyrannical the U.S. has become. (Yes, it really is called: The Rape of the American Consistution) It starts off with a discussion on the BACKGROUND on "Colonial crisis with Great Britain, the Articles of Confederation, the Constitutional Convention, and the Bill of Rights."
Here's one quote: Alexander Hamilton,
Unfortunately, its going to get a whole lot worse before it gets any better. One World government is being rammed down people's throats even if they don't want it. e.g. Social Security is already established in most countries, but governments fail to mention that you can legally "opt-out".
Another great book is It's None of Your Business, A Complete Guide to Protecting Your Privacy, Identity, and Assets by Larry Sontag.
Once people are aware of the problem, THEN they can start working on a solution. Like maybe a return to Common Law, Lawfull money, and Trial by Jury.
--
"The only people I can't tolerate are the intolerant bastards that try to tell me how to live my life..." - (ZanThrax?)
Here is a government official, one of the top law enforcement officers in the country, who does not understand his own Constitution. The government has no inherent authority whatsoever! All the government's authority is delegated to it by the American people. If our Supreme Court weren't populated by a bunch of balless pinheads, they would have made that clear by now in numerous rulings. Instead they are by and large content to expand the government's ability to invade our privacy and usurp our rights pretty much whenever they are asked to.
It's things like this that make me despair of the Republic.
And the brethren went away edified.
It seems that some people are pretty angry about this. Perhaps you have listened to too much Rage Against the Machine (as I am now)? Those guys can really get you going! :-)
/. readers are involved with technology and those of us who are out of college know that we all do pretty well economically. Guess who is partly responsible? Yep, the government. While many of us may not remember (or may not want to remember it) there was a time 20-30 years ago when we had double digit inflation and a much larger jobless rate.
Seriously though, what has the government done to each of you specifically that you are so angry about? I am not a Canivore lover either but I am also not ready to burn the White House.
The way I see it, you have two choices:
1. Work within the sytem to make things better. Vote. Write letters. Write e-mails. Get involved.
2. Move somewhere better. Good luck finding a place with as much oppertunity for success and freedom. When you get there, send us a post so that we can visit you.
Most
My point is that while things are far from perfect, they are much better than they are else where and much better than they were here. We are in the midst of one of the longest streaks of prosperity ever. Lets use this time to keep making things better with constructive ideas.
-- soldack
it became such a radical issue when it went into the universal declaration of human rights:
Article 12.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
ofcourse the US is one of the few countries that has NOT signed this. big surprise...
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
- Universities and any other contractors must agree not to publish anything the government deems sensitive.
-Researchers may examine only those matters the government wants examined.
-Teams must agree to clear all personnel working on the evaluation with the government.
On a practical level I can understand the first and third requirement. Actually the first follows from the third. If there is a restriction on publication then you have to know who you are restricting. This is fairly standard Federal Gov stuff. One of the downsides to doing research for say, the DOE or the NSA is there is lots of work that could probably win a Nobel or a Fields but it will never be published.
It's the second requirement that is probably the stumbling block. It's just bad science to be restricted in WHAT you MAY evaluate.
Network ICE Releases Open-source Carnivore
They are saying this gives ISPs the ability to do what Carnivore is supposed to do on their own, and thus eliminate any need to allow Carnivore to be installed to comply with an intercept order.
The Altivore Page
Newsalert coverage.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.