Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carnivore Comes Up Hungry

Posted by Hemos on from the it-should-be-a-herbivore dept.

voodoogumbo writes "A USA TODAY article says universities are declining to review the FBI's controversial Carnivore email sniffer. Academics are concerned that the Justice Department is looking for little more than "rubber stamp" approval of the system. The sordid details are on their site."

16 of 131 comments (clear)

  1. This has to be the best part of the story... by Sawbones · · Score: 4

    Quoth the article:
    -Researchers may examine only those matters the government wants examined.

    Gov't: Please verify that this device has a power switch.

    University: check.

    Gov't: Thank you, this concludes your exhaustive evaluation.

    --

    Ad in classifieds: Pandora's Box (no box) $5
  2. Re:Thank you Purdue! by Fervent · · Score: 3
    Sarah Lawrence College, where I go to (quick plug, we got Time Magazine's school of the year award with 4 other schools), has a damn extensive privacy policy. No school administrator or Dean can touch a student's email on the main server, users aren't logged, users have the option to install Netware or not (to use a few shared servers) and won't be logged anyway, all commercial and user web access is kept private, and users don't need to sign in when they use the lab.

    This beat my last college, Boston College, hands down. Working in the student computing lab here, the administrators wouldn't even think to use a system like Carnivore.

    --

    - I don't care if they globalize against free speech. All my best free thoughts are done in my head.

  3. Of course they want a "rubber stamp" by bluesclues · · Score: 4

    A lot of people are probably going to accuse me of being paranoid here but... I'm sure the government would like nothing more than a big university like MIT to say carnivore is okay. It's part of a propaganda war. Those who are then less educated or lazy will just think the government isn't spying on me, the folks at MIT even said so, and the as a whole Americans give up another bit of privacy. If the government was truly interested in letting the American people know carnivore was about they would open source it. What do they have to loose? There not going to sell the code to carnivore or are they. They want to assure the American public their privacy isn't being violated, don't they? If carnivore is truly what they say it is, let everyone look, not just the "elite" at a university.

  4. simply by jaa · · Score: 3
    they don't want us to see how feeble this stupid sniffer is. Here are the Carnivore rules:

    • if email "From:" matches (target) CAPTURE
    • if email "To:" matches (target) CAPTURE
    • if email body contains (target) CAPTURE
    • if URL contains (target) CAPTURE
    • if IP packet contains (target) CAPTURE
    • else ignore

    So, encrypt, or forge headers/ip addresses, or tunnel, or...

    whatever. move on, nothing to see here.

    --

    Never meant half of the things I said to you. So you know, there's a half that might be true - G. Phillips

  5. I guess the U.S. is officially a police state by TheFrood · · Score: 4
    Justice's Colgate counters the FBI already has laws it must follow to intercept e-mail. "What we don't want is a debate over the government's inherent authority to conduct electronic surveillance.

    The government's inherent authority to conduct electronic surveillance? Funny, I thought the government was only supposed to have the powers enumerated in the Constitution, and I'm fairly sure Madison&co. didn't include an "inherent authority to conduct electronic surveillance."

    TheFrood

    --
    If you say "I'll probably get modded down for this..." then I will mod you down.
  6. Why do they need carnivore... by jesterzog · · Score: 3

    ...when they can just purchase the information they want from any number of private organisations that monitor traffic every day? All carnivore does is to put an idiotically suspiscious sounding name on the process.

    If people want to protect information over the net they should encrypt it, which unfortunately is very infeasible at the moment because 99% of people don't have the right software installed to use it on the other end. (In short, the current infrastructure is dismal.)

    That said, the net is an open system like it or not. The concept of privacy by regulation (government or otherwise) is as unfeasible as expecting information to be automatically delivered to the place it was sent without any end-to-end intervention to check the correct information actually got there. This is why TCP is used so much, because it creates reliable information streams over an open system.

    If net privacy is going to go anywhere seriously, it has to be end-to-end. Relying on anyone, government included, to turn their back because you ask nicely doesn't make much sense in the long term. Encryption needs to be opened and standardised fast. It also needs to be more decentralised, so nobody can take control of it. (At the moment my favourite idea for email decentralisation is if ISP's began running their own public key servers for email addresses on their domains.)

    Other useful things to happen would be if web providers started using secure connections automatically. This would be much easier to get going if browser makers would stop popping up annoying dialog boxes that "warn" people when they're entering a secure session by default.

    Warning about entering an insecure session is understandable, even though this almost never happens unless the user was in a secure session first. Otherwise all the dialog boxes do is provide an incentive for web designers not to make things secure until they absolutely have to.


    ===
    1. Re:Why do they need carnivore... by copito · · Score: 3

      Carnivore does what no 3rd party private company can do, put an unreviewed, secret source, remotely administered, low level packet sniffer in the heart of the data center of every major ISP.

      Granted, email is not particularily secure, since any computer on an network in the path can read it in a similar manner to what Carnivore does. But Carnivore is a terrible precedent since it means that the Government has a _right_ to read our mail, which it can take all necessary means to enforce even when it is no longer technologically sensible.

      I can easily envision a future where email is seamlessly encrypted but To and From is recorded for all emails and anybody can be forced to hand over encyption keys given any hint of suspicion of criminal activity (like recieving an email from someone who received email from a person under investigation).

      As you say, the only solution is end to end, but that means really end to end, i.e. no ISP mail servers. Even then it is hard to see how we can technologically prevent the government from monitoring traffic patterns.

      As far as HTTPS goes, since RSA is expiring soon, SSL can be much more widely deployed, but SSL certificates are per IP so they can't be used on IP sharing virtual servers which are most common.
      --

      --
      "L'IT c'est moi!"
  7. Why Bother? by zeugma-amp · · Score: 3

    The secrecy FEDGOV is attempting to maintain around this Privacy Invasion Tool(PIT)(tm) is laughable if you even think about it just a little while.

    FEDGOV appears to be implementing what is essentially just a custom filter that seems to be tweakable to some degree that is designed to suck up email (and possibly other traffic) for a targeted individual. The key to this is that they aren't willing to settle for logs and the cooperation of the ISP they are placing their black box in front of. Seems to me that they are trying to do a bit of an end-run around any possible accountability that might somehow be seen if they had to actually ask politely and show a warrant like they have had to do in the past.

    This is the real danger of such devices being placed in the network. What is it that will be coming out of this box? Bits and Bytes. Are we really supposed to trust the FBI by essentially writing them a blank check? Let's consider that question in light of the fact that the FBI has been known to manufacture evidence when they feel the need is "pressing".

    If they want to place these PITs on a network, there need to be verifyable protocols to determine that the bits the FBI claims were found were actually there. I think if they are entirely on the up-and-up, these things should be opened up and the internet community solicited for comments on how to make sure that they are verifiable and trustworthy.

    Z

    --
    This is an ex-parrot!
  8. If you really want to tweak the Feds by Nanookanano · · Score: 3

    Change your name to Sarin N. Gas. Find a pen-pal in Saudi Arabia. Have the word LETTERBOMB as your letterhead. Talk exclusively about 'freeing the people'. And end all correspondance with the cryptic phrase, "My Bird takes a long walk."

    --
    "..don't you eat that yellow snow."
  9. Hrm by jaa · · Score: 3

    I'm guessing they don't want the public embarrassment of the universities disclosing the fact that ROT-13 will defeat 99% of their snooping ability.

    --

    Never meant half of the things I said to you. So you know, there's a half that might be true - G. Phillips

  10. Rubber Stamp... by DustyHodges · · Score: 5

    If they really feel that this software is nothing to be worried about, why don't they put it up as an 'Ask Slashdot'?

    Janet Reno asks:"I have the source code to a piece of software that my employer is a bit worried about. Do you think that this is a violation of anyone's rights?" So, what do you think crowd? Go ahead and check it out, and feel free to let us know what you think...

    ((Source Code Follows, then followed by 12 first posts, 18 Dickinson Poems, 23 Penis Birds, 4 rants on MDMA, and 1 comment about how the FBI sucks, moderated up to +5 Insightful.))

  11. D'ohhh! - Fixed Links by mholve · · Score: 3
    D'ohhh! Try these links - they're fixed.
    1. Statement for the Record on Internet and Data Interception Capabilities Developed by FBI presented by Donald M. Kerr, Assistant Director FBI Laboratory Division to the House Judiciary Committee's subcommittee on the Constitution.
    2. The Carnivore System: the FBI's own report on it.
    3. Open Internet Wiretapping: a paper by Steve Bellovin and Matt Blaze.
  12. Decrypting message content not necessary by scotpurl · · Score: 3

    With phone records, and in court, you only need to show record that something passed between two parties. You don't need to show what passed between two parties, only that the two parties communicated.

    It's also funny that academia, usually seen as the enemy of Big Brother, is now seen by the FBI as saviour.

  13. The Castrated Supreme Court by CaptainCarrot · · Score: 4
    Justice's Colgate counters the FBI already has laws it must follow to intercept e-mail. "What we don't want is a debate over the government's inherent authority to conduct electronic surveillance. If researchers find there are issues that have to be addressed, we can do that," he says. (Emphasis mine.)

    Here is a government official, one of the top law enforcement officers in the country, who does not understand his own Constitution. The government has no inherent authority whatsoever! All the government's authority is delegated to it by the American people. If our Supreme Court weren't populated by a bunch of balless pinheads, they would have made that clear by now in numerous rulings. Instead they are by and large content to expand the government's ability to invade our privacy and usurp our rights pretty much whenever they are asked to.

    It's things like this that make me despair of the Republic.

    --
    And the brethren went away edified.
    1. Re:The Castrated Supreme Court by CaptainCarrot · · Score: 3
      Uhh...judges aren't law enforcement officers. Nominally at least, law enforcement is tasked to the executive branch (e.g., DOJ, FBI.) Interpretation is the purview of the judicial branch.

      Leave off the basic civics lesson and read the article. "Colgate" is Stephen Colgate, Assistant Attorney General.

      We have twelve years of Reagan/Bush to thank for no small part of this, so remember that in November

      You don't even pay attention, do you? Justice Scalia, a Reagan appointee, takes a strict view of the Constitution and most often rules in favor of individual rights over governmental intrusion. Thomas often joins his opinions. The others are generally disappointments, but recall that the Democrat-controlled Senate consistently rejected any other Supreme Court nominees who thought along these lines, even if that meant they had to lie outright about his record. There's a reason "bork" is now a verb in Washington.

      That's what you get, and what you deserve, for insisting on "rights" that are not in the Constitution and making them a litmus test for the Supreme Court. If the Constitution can be misconstrued so as to give you something you want it can be misconstrued for other purposes as well, and the same people who are willing to do the job for you are just as happy to do it for someone else.

      They (supposedly) base their decisions in part on previous applicable rulings... More basic civics. Look, I know this. Why do you think this is so worrisome? The situation will take decades to repair, if it even can be repaired - and once that process is begun, which may not happen.

      --
      And the brethren went away edified.
  14. Whoa man... chill out by soldack · · Score: 3

    It seems that some people are pretty angry about this. Perhaps you have listened to too much Rage Against the Machine (as I am now)? Those guys can really get you going! :-)

    Seriously though, what has the government done to each of you specifically that you are so angry about? I am not a Canivore lover either but I am also not ready to burn the White House.
    The way I see it, you have two choices:
    1. Work within the sytem to make things better. Vote. Write letters. Write e-mails. Get involved.
    2. Move somewhere better. Good luck finding a place with as much oppertunity for success and freedom. When you get there, send us a post so that we can visit you.

    Most /. readers are involved with technology and those of us who are out of college know that we all do pretty well economically. Guess who is partly responsible? Yep, the government. While many of us may not remember (or may not want to remember it) there was a time 20-30 years ago when we had double digit inflation and a much larger jobless rate.

    My point is that while things are far from perfect, they are much better than they are else where and much better than they were here. We are in the midst of one of the longest streaks of prosperity ever. Lets use this time to keep making things better with constructive ideas.

    --
    -- soldack