Slashdot Mirror
Vinton Cerf Says Carnivore Source Best Left Closed
ljrittle writes: "Vinton Cerf might be the
rubber stamp that the FBI was trying to find. The
ACM article says that according to Vinton, Carnivore
``does not pose a threat to innocent computer users'
privacy'' and that [we] mere Internet users need not
see code." This is nearly as reassuring as the Justice Department's decision to change the name of Carnivore, as pointed out by observant reader Ripped_Edge. Walks like a duck, talks like a duck ...
I can see it now, young teenagers are no longer using their xDSL/cable modems to play quake with LPB qualities and run game servers, but instead load up a small server program, about the size of omnihttp (1.4megs) that uses a combination of a pop3/stmp server and an eliza type program and a reader that grabs various nouns and verbs (ak-47, clinton, shoot, attacked, bolivia, nuclear war, ect)off of AP feeds and spits out emails to other Anti-carniVOre Servers (AVOS?), which bounce emails around the net through annonomous proxies in a gnutella-type fashion. Eventually the feds will give up monitoring any emails coming out of those proxies, and people can route their email traffic through the AVOS system. Or somthing.
moox. for a new generation.
Well, it depends. Frankly, some code is proprietary, and as such, we cannot legally look at it. We still can see what it does, and if we know what language it was written in, we can reverse-engineer it, but there will most likely be differences between that code and the original.
Also, I can understand, from a security standpoint, that some code may not be made freely available in order to provide greater security for the program that the code is for. I don't necessarily agree with it, but I can understand it.
Now, given that Carnivore can be accessed from outside secure facilities, it would be a bad idea not to make this as secure as possible. While I don't automatically trust the FBI with what they are doing or where they are going with this whole data collection scheme, I would prefer to see it be as secure as possible, to avoid the possibility that some hacker geek can get into the system easily.
Finally, I have to agree with a previous article and position on Slashdot: Information does not want to be free; people want information to be free. Frankly, until society is free of people who would act irresponsibly with information, I prefer it if not all information is free.
Kierthos
Mr. Hu is not a ninja.
Without non-government oversite, how do we know that...?
Agents who violate the law in the name of the law are a problem. But the larger issue is derived from the argument that ISPs would cooperate with legal surveillance, but would baulk at illegal, warrantless operations. The history of cold-war NSA/CIA operations shows that carriers willingly engage in and cooperate with known illegal operations against the people.
FBI operations at Waco, Texas are a good case in point. Using a modified cellular phone, agents stripped the digital ID number from a cellphone used by David Koresh. This revealed the cellular service provider who allowed an illegal wiretap to be installed at the cell-site. Keep in mind that the cellular provider has to prostitute himself to the FCC to get a license to operate. And the FBI is part of the same government as the FCC. So despite the inner workings of Carnivore, it is the nature of licensees to violate the law for continued operations and profits that we need concern ourselves. Scripturally, the love of money is the root of all evil. This absolute was established some 1700 years before the telegraph.
More details on FBI/FCC and other government criminal operations in violation of the Communications Act are at Research on Criminal Government.
I live in Charlottesville. I've been out at all hours. I've even said hello to cops at 3:00 a.m. As long as you're not being loud, walking like you're drunk, or doing anything else terribly rude, they don't do anything. I don't think anyone has ever been brought in on it, either, though they've given a few warnings.
:)
:)
Welcome, fellow Charlottesvillian!
They bring in a few dozen people a year. You know who they bring in? Black kids. This was the plan, as stated by former Police Chief Wolford (forced out of his job a few years ago) before City Council before the law passed. White kids make up a very small percentage of those snagged. As Wolford said, "those kids from Garrett Square [public housing development] are the troublemakers."
To be honest, I find that much worse than the constitutionality of it. You raise a good point, which we used in our lawsuit:
They ordinance has been very carefully constructed so that basically anyone who knows how to say the words "first amendment" can go merrily about their way without harassment. I know this was not the case with the original incarnation of the ordinance proposed, but it is true of the version finally passed.
That's absolutely the case. Essentially, anybody with enough education (middle-class and up) is OK, but people less educated (poor, lower-class) get snagged. I don't know if you remember, but I printed up and sold (for the cost of printing) hundreds of "I'm Exercising My First Amendment Rights" t-shirts. Simply wearing this t-shirt exempted kids. I wish I could have given more away to poor kids, but I didn't have the money to do that myself.
I guess it's not too late -- there's still a curfew. I may even have a few of them left...
-Waldo
-------------------
I love the hypocrisy you see in out government, particularly the law enforcement, sometimes. It's so sad that the FBI isn't satisfied with fair, lawful means of doing their job (which is, mind you, law enforcement, not crime prevention).
Here's my challenge to the FBI. You trumpet so loudly that the innocent have nothing to hide (an unconstitutional assertion on which to base this system, by the way, since it implies presumption of guilt until innocence is proven). Very well; prove that you really believe this. If Carnivore, or whatever else you may call it, really is such an innocent system, then don't hide it. Let us see the source. After all, if it really only does what you say it will, then there's nothing to worry about, no? And who knows; maybe there are security bugs that you don't see yet; surely you'd want people in positions to help you fix the bugs to see them, wouldn't you?
----------
The dead white guys that wrote the U.S. Constitution were a gang of revolutionaries with the blood of their opressors on their hands. Don't confuse them with live guys and gals of any shade who suggest that revolution is bad for you.
I wrote parts of this stuff
Hey, as fortune(6) told me this morning when I logged in:
There is absolutly no reason whatsoever to assume that he had been arrested at all. The fact that he could be has no relivence to the above post.
ReadThe ReflectionEngine, a cyberpunk style n
These are all good questions, which I think the FBI should answer. Even so, I don't know that I'd trust their answer without having the code be public, or at least having a group of people whom the computing community trusts look at the code. Something with as serious a consequences as this needs public scrutiny to make sure it is doing what it is supposed to, and only what it is supposed to. It is the latter that I am most concerned with.
Mere internet users do not need to see the source. But, I am not a mere internet user, and I doubt that many people who read this are. So I guess that means that we can see the source, by his definition? We should band together and write a letter telling him about us and the contributions we as a community have made, and make it evident that we are NOT 'mere internet users.'
If you think you know what the hell is going on you're probably full of shit. -- Robert Anton Wilson
If you think you know what the hell is going on you're probably full of shit. -- Robert Anton Wilson
jdube is who
Indeed.
While Carnivore itself isn't likely to ruin my life (because I don't use email for anything interesting), the "your crime will be tattooed on your hard drive/TCP logs; all we have to do is read it and lock you up" attitude behind it could.
If you looked at a list of my HTTP requests for the last week or so, you'd find me to have visited sites by/about serial killers and rapists, borderline child pornographers and NAMBLA types, fake-ass 31337 hax0rs, and computer security experts. Now why would I be doing that if I'm not planning to, say, stalk and kill some 13yo hotties by IRCing them up, getting their IPs, cracking their mommies' b0x0rs, hex-dumping their Passport binaries in search of an address, etc.? It looks like that's what I've got in mind, right? Better keep an eye on me.
The thing is, all I'm doing is trying to learn how these highly specialized "creeps" talkÑtheir speech patterns, jargon, cant, the frequency with which they end their sentences with prepositions, their favored emoticons, etc.Ñso I can write a character who's easily mistaken by readers for today's favorite boogie/bogeymen (hackers and child predators), because he talks the talk. [Is that ironic?]
Explaining an as-yet-unwritten section of a complex "avant-garde" book to the FBI would not be fun. For all their alleged smarts, they have a hard time with this artsy crap, and all I have now is potentially damning notes and web archives. Not that they'd ask me anyway. They'd just question my neighbors about the lurking predator on the block, ask them what suspicious behavior the skinny [drugs?] Jewish [conspiracy?] guy [penis?] with the shaved head [a Nazi Jew? is he schizophrenic?] down the street has been up toÑthings like being up all night sitting in front of his computer [writing], drinking [coffee], with his hand in his lap [broken right wrist]Ñand let them ruin my life. Certainly been done before.
Point: FBInet bad, Freenet good. It's not only criminals who think so.
And VINTCERF's name looks like an acronym for a CIA plot to assassinate Castro [winky smiley].
Your mouth is like Columbus Day.
taxpayers have the right to know where the taxes
that theyre paying is going to. (this is true in
any democratic government)
i am not american but i am very concerned, my
systems are directly connected to an American
backbone for Internet access. you may ask "so
what about it". this greatly affect OUR policies
etc, we might have a very strict privacy policy
here but when emails are routed through our
backbones, that policy might go down the drain.
in the industry peer review is the best procedure
to find bugs. if crackers want a "crack" at it
its best that several other persons have checked
the code, and maybe found some flaws, and have
corrected it.
remember, a democratic government "is by the
people, and for the people". i think this is
mentioned on the oath the President takes.
(whatever)
yorosiku,
sessya.
i trust no one.
- not everything that can be counted counts, and not everything that counts can be counted
I guess that makes me trustworthy (NOT!)
His opinion may be a little bit biased.
Just a thought.
Trust the low slashdot number (now just 1072 more people to *ahem....*)
At this point, even his technical opinions can be considered suspect, I'd wonder what his political agenda was in the context of figuring out what should be taken seriously in anything he says for the rest of his life, assuming I bothered to read what he's got to say.
The good news... the rest of us can bet against any technical initiatives he's involved in for the rest of his career, with the exception of IPv6 if he has anything to do with that. (however, if he is involved with it, it's our responsibility to check it for ugly surprises, but it would be anyway)
When I say bet, I mean taking the short side of any stock in any company he's involved in.
Tech Public Policy stuff
alot of people aren't aware of this, i know i sure wasn't
moox. for a new generation.
Cerf, who recently traveled to the FBI's Quantico, Va., campus to review Carnivore, said that scenario would not only raise even more personal privacy issues but also might end up corrupting the evidence. "I have a feeling," he said, "that the ISP geeks would be less familiar with restraints than the FBI gentlemen."
Fuck me with a chainsaw if that ain't a denouncement of the BOFH and everything it stands for.
A responsible admin is always less of a BOFH with equipment in the workplace than equipment which they wholly own themselves...but not that much more so. No, Vinton is dismayed at the uncouth, ungentlemanly behavior of system administrators who are accustomed to steamrolling over everything in their path. All well and good, but BOFHness can be used for ill as well as good, we all know that. No, I side with the bastards because it is the proper attitude; it is right and proper to defend oneself from attack. The police have no obligation to protect anyone, and I trust a BOFH future more than any police state.
Fuck Slashdot
A cop will find someone walking around in a ski mask and bulletproof vest suspicious. The digital equivalent, anonymous encrypted traffic can be viewed just as suspicious.
Only when it's the exception. If ski masks and bulletproof vests were the latest high fashion items they wouldn't stick out...
Your slippery slope argument doesn't hold, because all the other cases you mention (the elderly, blacks, etc.) are all full citizens under the law, unlike minors.
:)
Minors *are* full citizens -- see Tinker vs. Des Moines. The ruling stated "First Amendment rights are available...students...Students in school as well as out of school are 'persons' under our Constitution. They are possessed of fundamental rights which the State must respect, just as they themselves must respect their obligations to the State."
That pretty well settles it for me. Where's James Tyre when you need him?
-Waldo
-------------------
To better know why FBI cannot be trusted with communications intercept software, you need to visit http://wacofacts.home.mindspring.com and see how FBI and FCC work together with White House, US Attorneys, Department of Justice and a corrupt House and Senate to cover up their criminal violations of the Communications Act. By the way, Rep. Bill McCollum, one of the chief coverup agents, is running for Senate and must be stopped, unless you want Secret Government. Force the Feds to own up to their still outstanding violations before getting more authority!
Compared to the possible harm that the FBI with its weapons and authority COULD cause, but not actually does
Tell that to the Branch Davidians. The ones who aren't crunchy bits now.
I'm no militia-man, but the FBI has a lousy record of abusing their power, even when the director isn't a closet transvestite being blackmailed by the mob like J.Edgar Hoover was.
Do we really think Martin Luther King needed survellance? John Lennon? What people are saying here is yes, we trust them to a point because to some extent all their normal searches etc. happen in meatspace and there is physical evidence or photos of their survellance attempts, for instance of the demonstrators in Philly during the GOP. That's the whole problem - from now on there won't be any record except what's in Carnivore, and we know that'll be whitewashed beforehand if anyone actually gets to the point of trying to subpoena those logs.
And yes, I'm sure they might have actually stopped some bad people with the system already. The question is do you allow blanket searches on the entire 280M populace to catch 20 drug dealers and 10 pedophiles?
The revolution will NOT be televised.
Maybe it's just my distrust of government agencies (especially alphabet ones) after the entire information gathering thing up here in Canada, but does anyone else find this just a little hard to believe?
Kerr is simply emulating his (ultimate) boss -- it all depends on what the meaning of "snoop" is.
In their own minds, the COINTELPRO people weren't "snooping"; they were "monitoring a threat to national security" or such such thing.
/.
/. If the government wants us to respect the law, it should set a better example.
Who's telling the worst lie? I see a whole LOT of mouths moving!
Whether or not to believe this report (please don't laugh until I'm done, folks) depends on how much you believe the individual links in the chain (see also 'fuzzy logic'). Fortunately, this chain only has three links:
1) The Federal Bureau of Investigation: the government agency whose job it is, essentially, to spy on Americans. They do this to go after anyone planning the violent overthrow of the government or especially heinous crimes against the citizens, like mass murder, child pornography, willful drug use, copyright violations, etc.
If they give away their secrets, they lose their effectiveness. People learn how their measures work, and sidestep them in order to get away with things. And in this case, we have to consider their source code one of those secrets.
However, they want to be trusted. So they want someone to come forth and Bless This Carnivore -- (carnivore? animal? beast? The Beast? Revelations? No wonder they're changing the name! Sorry folks, couldn't help myself, got carried away there) -- so that everyone can feel safe on the Internet.
So they have two choices:
1a) Find an expert who can both comprehend the source code, verify that it does what they claim it does, and stay quiet about the details, or
1b) Lie through their teeth, provide false source code, and/or coerce the scientist of their choice to give it the thumbs up or he'll be shipped off to whatever constitutes Siberia in the United States (probably Nebraska).
2) Vinton Cerf, First Lemming, stepped forward and was counted, looked over the source code he was handed, and filed his report.
Even though he may be a suit and a corporate shill, he wants to be trusted too. If he goes along with the government too closely on this, and it is revealed later that Carnivore is indeed Opening Everybody's Mail, then he's just shot whatever credibility he had in the foot. With a Howitzer.
He also has to agree to the government's terms in order to review the Carnivore Code, and I bet they made him sign "The NDA On Steroids." (Like most non-disclosure agreements, but this one is backed by government lawyers on taxpayer money.) And in this case, it would make sense for the government to do that: this legally binds him from revealing the source code and giving away government secrets.
Given that he wants to be trusted, I would expect him to scream bloody blue blazes to every media agency in the world if the FBI turned a less-than-glowing report into an endorsement.
Unless, of course, The NDA On Steroids prevents that. If the government can keep him from talking about the source code, I bet they can keep him from revealing any details in the report too. Including the fact that his copy of the report and the FBI's published copy of the report don't jive.
If Vinton Cerf has a lawyer, and he read that clause, he'd probably do what I'd do: advise his client that signing that document would shaft him up to the sternum. Or not; that depends how much you trust Cerf's lawyer, but that's another screed. By the way: the NDA, if t exists as such, might be something available through the Freedom of Information Act... someone might want to look that up too.
So, do you trust Vinton Cerf? He's either:
2a) A scientist who reviewed the Carnivore code handed to him and honestly reported on it,
2b) A suit who wouldn't know C++ from FORTH, and handed in a report that makes him look credible. For the moment, never mind the possibility that he was duped by legal wranglings in the NDA. You'll see how that factors in just a moment.
Do you choose to trust the Vinton Cerf Carnivore report?
Where:
P(x) is the probability of a given event between 0 and 1,
1a=the government is telling the truth,
1b=the government is lying,
2a=Vinton Cert knows what he's talking about,
2b=Vinton Cert doesn't know what he's talking about, and
t=The report is correct,
Then:
P(t)=P(1a)*P(2a).
It doesn't matter which you trusted less... regardless, I bet you got a low number. So did I.
Sometimes I wonder if we're a little too cynical. But then I think about what it is we're being cynical about, and I have to wait until the gorge stops churning before I worry about it again.
You cannot truly appreciate Dilbert until you read it in the original Klingon.
"that [we] mere Internet users need not see code."
Yeah, we're stupid. we're dumb.
Is'nt this obstruction of the right to free information?
You know what? I don't care any more. This kind of stuff is just ridiculous, and somebody needs to have the guts to make some serious waves, if only for a moment.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
--
--
We have fought the AC's, and they have won.
Under the current administration, we MUST mention "protecting the children".
----- LoboSoft specializes in Digital Language Lab
That might be why they didn't take the case -- we don't know. They turn down 99% of cases without explaining why. Too bad -- it would have been a good test case. Not idea, but good. I guess all of these questions are what make the case interesting, and I sure would feel better if the Supreme Court would rule on curfews, or at least cases like them related to youth rights.
Though curfew cases are usually pushed as first-amendment issues, they really are more about the fourth. It may be years until we get clear guidance on youth rights. Organizations like Peacefire and ASFAR are helping push the envelope, so maybe we'll get something sooner. Who knows?
-Waldo
-------------------
Really though, I don't see why, if it's just a packet sniffer that offloads the data to removable storage, there's such a hub-bub about it. But, I'm also thinking that, if they would bother to write software that's already out there in abundance, it must do more than just packet sniffing on a network that the computer is on.
Chris Hagar
"The price of freedom is eternal vigilance." - Thomas Jefferson
You can bet your hind quarters that you'd best hope the Charlottesville police never find a legitimate reason to arrest you--cops and lawyers like power, and don't like people who outsmart them, right or wrong.
That's great. On one hand you say this kid is a jerk for abusing the court system and local cops, on the other you acknowledge the possibility of being railroaded as a personal vendetta by same.
So, are you an Anonymous Coward or an Anonymous Cop? Let me tell you, if you've never been harassed by cops as a kid you must have missed a bunch of kid-hood. Or maybe you're one of those people who had a kid and completely forgot what it's like to BE one.
Personally, when I hear curfew I hear Iron Curtain. It's just a means of control and a way to get away with stopping anyone they want. After all, they don't know your age until they've stopped you, right? By then they can sniff around and find some other excuse to harass you if you're the wrong color or economic class.
I have plenty of respect for cops; I have friends who are cops. But that doesn't prevent their buddies from terrorizing me anytime they want. I've been stopped for doing 2 miles UNDER the speed limit, just because it was quota night, and after all if you're drunk you might drive slowly. Yeah, and if you know a cop car is sitting there with the radar on you might drive slowly too!
Cop: Why were you driving under the speed limit?
Me: Because last time I drove OVER the speed limit you gave me a ticket!
Cop: So why'd you put your brakes on at the top of the hill?
Me: So I didn't get air going over it!
Then I was a wise-guy. It's not a far step from there to obstructing a police officer and a night in jail. Just for not "keeping your mouth shut".
I don't know about you, but I often use my brakes going down a hill. But he had some OTHER idea that I was trying to avoid him or something. By slowing down. Logic is not their strong point and the indivdual's civil rights are often quite beside the point.
The revolution will NOT be televised.
So, let me see if I get this straight.
The Federal Government, wants us to allow them to look at our email, but, they lose the email of White House staffers?
Their software will intellegently seperate your mail from mine, but in the Whitehouse, their systems couldn't respond properly to an issued subpeona?
Sure, I trust the. NOT.
----- LoboSoft specializes in Digital Language Lab
His biographical information can be found here. He's just a suit, albeit with a PhD. Nothing to see, folks; just move along.
I don't understand what people think a review of carnivore code will do for them.
If anyone with half a brain wrote network monitoring software it would be very flexible. You could change a little config file and go from something none invasive to something that grabs everything.
So, I think it depends more on who is using the software and what methods of oversite exist.
Of course, it isn't that far removed from the co creator of the Web saying everyone should have a license to surf the Web (yeah, apparently this is not a new opinion for him).
Fuck Slashdot
Who says the code we will see will be the code deployed anyway. There's going to be "PATCHES" released, the then the arguement with start all over again.
Eat right. Stay fit. Die anyway.
I agree. I am much less concerned that the FBI botched the job and left a hole open (they are smart guys, after all--if they didn't find it, I won't), I am worried about what it is *designed* to do. I don't want it around, even if it perfectly conforms to the description the FBI already gave.
I suppose some people are worried that the FBI would leave a secret back-door in there, but I seriously doubt it--they have little to gain from doing so (can get unauthorized data without a warrant... If the FBI wants a warrant, they can get one), but much to loose (someone else could exploit it, the public could discover it and demand Carnivore be shut down, someone in the agency could use it as blackmail, foriegn governments could spy on the US).
I suppose that they want something that sounds less threatening then "carnivore"
How about... Sharing our Feelings
Hopefully I didn't put any [] around my words.
The spirit of carnivore is good, the idea that they can target one potential criminal, and read all email pertaining to him in an attempt to arrest him is great. The FBI needs somthing like that.
The FBI has always relied on covert surveillance. Carnivore is not exactly new or ground-breaking. But one has to wonder at how effective ANY system of this sort would be against technically-adept individuals. How many people who want to evade surveillance would email in plain text? Strong cryptography is frightening to the government precisely because they don't (yet) have a way to stop it. It seems to me that anyone who wished to evade detection could do so -- but I'm no expert in these matters.
The Freenet mailing lists have interesting discussions on these topics, mainly because Freenet's design goals include anonymity and untraceability.
The letter though, says only the FBI gets a good look at the code, and they can impliment it anywhere, anytime, on anybody, without any notice.
I don't think that's strictly speaking true. Mostly, police surveillance in this country requires some strong indication of wrong-doing. The Fourth Amendment provides for protection against "unreasonable searches and seizures." I don't have any specifics regarding Carnivore but I would assume (hope) that monitoring everyone all the time would constitute an unreasonable search or seizure.
It is not in the government's best interest to open source it -- even though it may be in ours.
That was a mistake from the start, their PR department is getting spanked by the public...
Yes, a PR nightmare, assuming anyone is listening. I haven't seen it on network television lately.
I'm sure ISP's wouldn't mind adapting the software as a government-provided-spam-blocker, we spend enough money as it is trying spam email cases as it is.
I don't know about spam-blocker, but as for voluntary ISP participation... It seems unlikely to me that ISP's would volunteer to be the bad guy unless it was in their best interest, ie, to avoid lawsuits or prosecution. Customers certainly wouldn't appreciate it. We get annoyed when our ISP's try to throttle bandwidth, never mind about them volunteering to spy on us and rat us out to the gov't.
Controlling the language often means controlling the argument. If this was called something oblique, half the people wouldn't have cared.
So for the benefit of the justice department, here are, some suggestions for nicer sounding names and of course names that obfuscate the intended purpose of the device.
* The Datastream Tickler
* Electro-Bad Guy Nabberometer
* The Anti-Evil Communication Filtration Device
* The eBloodhound safety system
* The TCP/IP En-Route Packet-Routing Intermediatary Device Monitor Analyzer System
* The Justice Box
* The Nothing-To-Worry-About System
* The Fluffy Bunny Machine
* The Enigma Trapped In A Riddle Machine
* The J. Edger Hoover Memorial Email Sniffer
It would also help if they painted the box red white and blue and put silver stars on it too. Then I'd be less likely to be concerned about potential abuses.
Thanks
W
-------------------
-------------------
This is my SIG. There are many like it, but this one is mine.
If I had mod points (and hadn't already commented to this thread), I'd mark that "Insightful".
This is a classic example of exploiting people with the wrong type of expertise to cast a patina of credibility. It reminds me of the distinguised scientists who endorsed Uri Geller's spoon-bending -- however knowledgeable they may have been in their fields, they were clueless when it came to sleight-of-hand and distraction.
/.
/. If the government wants us to respect the law, it should set a better example.
Seriously? Shit. I didn't realize that even the cops accepted the words 'Look at me go, exercising me First Amendment rights' quite so merrily. In that case, I'd work to get the law struck down on the grounds that it's unenforceable; if that really is the case, than that law doesn't cover anything that either a) isn't illegal anyway and b) isn't covered by any other laws. Also, I'd try to get statistics on white arrests vs black arrests. Then, go to court, and request a change of venue to get the case heard somewhere else. After all, the judges aren't going to like being accused of racisim. Bearing in mind that I am not a lawyer, and I'm not as sauve as Raymond Burr, who played Perry Mason (and the obligatory acronym: IANASARBWPPM)
Vintage computer games and RPG books available. Email me if you're interested.
Define innocent computer usage.Sorry guy's I dont trust the FBI. Or any other three letter agency to leave our telecommunication systems alone . I would rather die on my feet than be forced to live on my knees
everyone knows carnivore is just mailsnarf in a box. that's probably why they don't want anyone to see the source code.
Vint Cerf has something up his sleeve.
- Mike Hughes
The dangers of knowledge trigger emotional distress in human beings.
Hrm, I don't take back anything I said. You said he had gotten arrested beacuse he was the plaintiff in a lawsuit. That statement is clearly bassless. If you did know the diffrence, you were ignoring it.
ReadThe ReflectionEngine, a cyberpunk style n
cellular service provider who allowed an illegal wiretap to be installed at the cell-site.
Certainly, corperate oversight won't work since corperations are too easily threatened by the government. It's individuals in the corperations who pose a threat to widespread illegal operations by law enforcement. That comes into play if the FBI has to have the ISP's admins direct a particular users traffic to an otherwise isolated sniffer such as carnivore.
In that scenerio, surely if the FBI had all traffic, or even a large percentage of traffic diverted, the admins would know it. Sooner or later, one of them would tell the world (possably involving getting drunk at a convention, possably not).
It's not good enough, but it does at least prevent routine large scale violations.
Sean Doran, SprintLink: "Vint Cerf is on drugs."
From the Netheads vs Bellheads story in Wired 4.10.
"Web Users Should Not Engage in Promiscuous Browsing" --CERT
Mind you, i have no idea what it does... but the FBI's staunch refusal to let me see only makes me want to see!
One more thing, why are the FBI afraid of crackers (or are they actually afraid of hackers taking over the system? Mmmmm... that would be very amusing) taking over Carnivore? Crackers love closed-systems... besides that, they already can do all the stuff the FBI claims Carnivore can do. Of course, there could be 'undocumented features' the FBI wants to keep out of the hands of crackers.
-Elendale (BTW, i think we should keep calling it 'Carnivore' regardless of what the FBI decides to change the name too)
IANAT (I Am Not A Troll)
What exactly is reading everyone's email going to protect US citizens from?
--
Soma: because a gramme is better than a damn.
--A ruling by the Supreme Court stating that any use of Carnivore will be considered a violation of the Fourth Amendment to the Constitution until this system is subjected to an objective outside review, sponsored by the courts rather than by the department whose neat new toy is being reviewed.-- This is a good point and the courts is likely where it will end up. After all, the DOJ isn't a disinterested party, and the 'independant' review with the restrictions suggessted likely wouldn't hold up in court. While we're all concerned with the privacy aspect, which is good, try looking from a different perspective. IANAL, BUT, how about the first time anything is presented in court obtained by carnivore. Does not the defense have the right to tear this thing apart with experts of their own? It seems reasonable doubt can be alluded to simply by 'my client didn't get that email', 'carnivore altered the contents, that wasn't what the mail said'. After all, this isn't a disinterested 3rd party supplying the data under court order, it's the interested party, the FBI or any other group. If the defense isn't granted 'experts' cannot the court itself appoint an expert? I am beginning to wonder if the FBI will EVER attempt to place anything in evidence obtained from carnivore. Even if not evidence, if carnivore is simply used to further along an investigation does that not put it under the same scrutiny? ....there ARE some pretty fiesty judges out there. As a side note, as one said Mr Cerf does deserve some respect as 'tcp/ip man'. However, that doesn't make him a consitutional law expert. IMHO, HIS opinion on the subject should have no more weight or 'respect' than anyone on /., unless someone on /. is a constitutional lawyer, then he/she gets the benefit.
When the FBI starts killing more people then criminals each year, then you should start worrying.
That wouldn't be a problem if they'd start killing all those DMCA and copyright violators..
--
Soma: because a gramme is better than a damn.
Believe it. (Ask Kevin Mitnick if _he_ believes it.)
Law enforcement agencies (incl. FBI) can apply for court orders to:
* read your mail
* bug your home/business/car/meeting-place
* wiretap your phone and public pay phones
* track and tap your cellphone
and now, add...
* read all your data traffic (not just email) - this will be extended to wireless traffic, too.
They don't need permission to record what anyone says in public, since there is no reasonable expectation of privacy in public.
(BTW, you'll recall that they caught Mitnick by tracking his cellphone.)
According to the Constitution, all they have to do is convince a Judge that their intended "search" is not unreasonable. They can usually do this by showing that they have "reason to believe" a crime has been committed or is being planned. IANAL, but it seems a broad standard.
The real danger of Carnivore is that it could easily be abused to collect/scan/analyze _all_ data traffic _all_ the time, as NSA's Echelon is reported to have been doing for quite some time.
The only interesting aspect of "Altivore" is that it showcases the level of competance in the developers Network ICE hires. Here's a hint, kids, packet header fields are under the control of attackers, and they don't have to be self- consistant. Length fields are unsigned. Negative signed numbers make big-ass unsigned numbers...
And when the TCP header length can be longer than the entire packet length, maybe the equation "len = header - packetlength" isn't a great idea.
Its amusing to see a vendor that doesn't seem to know how to sanity check a pointer dereference complain about other vendors taking sequencing "shortcuts". Maybe an interesting "contribution" to the body of GPL software would be actual TCP reassembly code --- but given the sub-Phrack quality of this example, I think the only advantage a competant tech would get out of access to that code is a heads-up warning about the general lack of quality-control at closed, proprietary commercial software houses.
Seeing movie that started at 9:30 could easily have gotten me arrested. Seeing John D'earth at Miller's on Thursday night could have gotten me arrested. Failing to carry ID could have gotten me arrested.
Bothering somebody isn't required. Playing loud music isn't required. Simply taking a walk, sitting outside and watching shooting stars, or walking to the 7-11 to get a Slurpee -- all illegal under youth curfew laws.
There are lots of violations of liberties, and battles against all of them are important. I've chosen youth curfews as a cause. The First Amendment guarantees Americans the right to freely assemble. Curfew laws take that away.
Your suggestion that this particular battle is "wasted" is offensive, at best. At worst, your belief that my anger is portable, and can simply be carted to some other offensive law, is ludicrous.
-Waldo
-------------------
from an essay I wrote a couple of months ago:
The Panopticon was a prison concept developed in the late 18th century. In the Panopticon prisoners were placed in individual cells arranged in a circle around a central tower. Prisoners could be observed at any time by a gaurd in the tower, but, because the tower had shuttered windows, they did not know when they were being watched or who may be watching.
Carnivore is the tower, we are all the prisoners.
We will never be allowed to see how the program works, because it may not be doing anything at all. It is not about catching criminals. The object is to take away the sense of anonymity, so that we know that we can be identified, and to create parnoia that we may watched at any time. The target is not criminals, but the general population. The effect is that it suppresses any radical ideas, creates complacence and conformity.
I need to go, the Thought Police will be at my door any moment...
All that we see or seem is but a dream within a dream.
Vinton Cerf just blew a lifetime of credibility in one ill-considered article.
Yep, just becuase he expressed an opinion that differed from your own, he's thrown away all that he's accomplished over his career.
When I say bet, I mean taking the short side of any stock in any company he's involved in
Great, go ahead and short a bunch of MCIWorldcom. Post your brokerage statement on the web. It will be amusing to see how much money you lose. If you make money, you can donate it to the FSF or the EFF or one of them folks.
DrLunch.com The site that tells you what's for lunch!
The point is that a whole hell of a lot of people do care what he thinks, and that he's built up some serious credibility over the years from his contributions. Serious question here, not a flame, but why should anyone care what you think about it, compared to any other Joe Blow who hasn't contributed anything to the internet?
Cheers,
You kind of glossed over the point that Mitnick was breaking the law and got what he deserved. If you aren't being an idiot like Mitnick your odds of showing up on the FBIs radar screen are damn close to 0.
DrLunch.com The site that tells you what's for lunch!
Let's just say that Carnivore is open sourced for the entire world to see. Everyone agrees that its "safe".
Whats going to stop the FBI from sending one remote command to the box and have it "update" the software. Oh look. It doesn't do the same thing anymore.
"Hmm.. Someone is getting suspicious as to what is going on." They update the software again, and 2 minutes later, the software does what its supposed to be doing again.
This is what we need to worry about. Only by having the ISP themselves control what the software is doing can anyone truely be safe. No matter what we think, there is always going to be the potential to abuse any software. The real problem is just how easy it is to happen, and how easy it is to cover the tracks when it does. I don't believe it will be a matter of "if" Carnivore will be abused, but rather a matter of "when".
One of these days i'm going to find this 'peer' guy and reset HIS connection!
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
What I'm worried about are the people who will be invstigated improperly because they're talking about something that snags the filters. You could have a conversation with your friend about lawns and be tagged as a drug kingpin. Throw in an innocent vacation to Mexico and suddenly you get to prove your innocence.
You can send email to a lot of people on the net that you don't know; that web of contacts is one of the things they're looking for. So I sell race tickets to a guy in California, and he's a bad guy and again, I have to prove my innocence because I'm guilty by association. I agree they need a way to "tap" email to some extent; I just don't agree with the approach. They can get the logs now from the ISPs with a court order.
The revolution will NOT be televised.
Cerf is a VP at MCI. Of course he's going to suck up the Gummit...
I can appreciate what you say as I was once a youth with those same concerns, but as I got older and spent time in college studying history, government and social science, I was made aware of the fact that there is a big difference between being a resident of a country and being a citizen of the same. One of the problems with modern law is that we are very quick to grant constitutional protections and rights to residents when in fact these protections are guaranteed to citizens. As I said, I appreciate what you say, but in truth, if you are under 18 you are a minor and have only a limited subset of protections offered to citizens under the constitution.
Do I agree with what's happening, no, but until someone steps up to the plate and demands change we're stuck with it. To paraphrase the Declaration of Independence, although not technically an American or US document, a government derives its powers from the consent of the governed. There are times, such as election years, when we need to remind the people in Washington who's boss.
"Draw them in with the prospect of gain, take them by confusion." Sun Tzu
Not likely. Even if we do type enough garbage to overload Carnivore processing today, there is no way that would continue to be the case in the future. The amount of data that people generate manually cannot increase at the rate of Moore's Law.
What would work is if everyone ran a "flood Carnivore" process on their spare cycles instead of distributed.net or seti@home. But it would have to be complex enough so that Carnivore could not filter it out by its pattern of output.
Let's look at an analog. The Government *loves* cryptography. They love it so much because it's very, very good stuff. Good crypto is damn hard to break; in a good (and well-used) implementation of a cryptograhic system, you're better off hiring somebody to go beat the snot out of one of the communicating parties. The trouble is, cryptography is *too* good. As far as the public domain goes (I have no idea what J. Random Spook has up his sleeve) ElGamal or RSA (at sufficient key size of course) is unbeakable. Cryptosystems can, in all likelihood, stop content analysis of your traffic.
Unless a government has figured out how to break these cryptosystems, encrypting your data will keep it relatively well hidden--from Carnivore or anything else like it.
The problem, of course, is Gov't trying to discourage people from using crypto. There are no 'standards bodies' for crypto software... ever wonder why? I can't imagine Big B. is exactly pushing for a public crypto commission.... either way, we have means of protecting our content from simple random sieving.
Personally, I still want to see Carnivore open-sourced (or at least made fully available for public scrutiny) The reason is this: *traffic* analysis.
"Them" reading your mail is about as dangerous as "them" infringing my privacy *and that of my friends and family* by mapping out my sphere of correspondence. Especially if the Feds decide to reduce the national debt by selling out to some junk-mail co's.... ;-)
Even if I break out my copy of GPG and gin up 3 40Kb keys and triple-encrypt everything I send out, it's still trivial for Big Bother to map out who we talk to, and when. This is traffic analysis. You've probably all heard the stories about how you can tell when something big is going on in (fav. spook group here) by watching the pizza deliveries; this is the same concept.
I haven't browsed through all the Carni comments and Q + A's out there, but I don't recall seeing anything saying they can't do traffic analysis with it.... or indeed what the restrictions are on exactly what data they can legally collect. (not just legally use) Can anyone confirm / deny this, with supporting docs?
The point is, we have technology (of probably high but technically uncertain worth) for content protection. Now we need technology for traffic-pattern protection. See FreeNet for an interesting spin on this.
OK, rant's done. To summarize:
cat email | sed -e 's/sp.*am\.//g'
Well said. Somebody mod this guy up.
The revolution will NOT be televised.
There are two kinds of warrant under which the FBI can monitor communications. The more wide-ranging is the Title III warrant, which enables the FBI to intercept the actual texts of e-mails. However, this kind of warrant is more difficult to obtain.
Carnivore uses the weaker "trap and trace" and "pen register" warrants, but in a new and wider way. These warrants were designed for the phone system; to trace the number of origin of a phone call or a list of the numbers called from a phone. Carnivore uses these warrants to intercept the headers of all e-mails on the system, and then filters out those not "to" or "from" the surveillance target.
Besides e-mails, Carnivore can also intercept instant-messaging systems, visits to Web sites and Internet relay chat sessions.
So it looks like Carnivore is more of a traffic analysis tool; who is talking to whom. This type of surveillance doesn't care if you encrypt your email or not (in fact, using the phone analogy, Carnivore should be ignoring the message body when deployed under a trap and trace warrant). And the URL/AIM capture is a nice touch, too.
Where do you want to go today - Microsoft
Where did you go today - Carnivore
Never meant half of the things I said to you. So you know, there's a half that might be true - G. Phillips
- Get investigated by the FBI. This is not as difficult as it sounds, and to judge from the neo-Nazi rumblings coming from the DOJ about the "inherent power" of the government to monitor our communications, it'll probably just get easier as time goes by.
- Once you have reasonable confidence that the Carnivore parasitizing your ISP's network is following you, begin sending carefully prepared (and perhaps machine-generated) messages to and from a variety of email accounts, some bogus, some belonging to friends and relatives.
- This being done, wait until you're no longer under investigation by the FBI. (How to accomplish that is left as an exercise to the reader.) Use the Privacy Act to get a copy of your dossier and all the email Carnivore captured. Using this -- if your test data set was well prepared -- you should be able to deduce quite a bit about the behavior of Carnivore.
Of course, this entails some personal risk, but liberty usually does.Alternatively, if you think your local Carnivore is monitoring something it shouldn't, flood it with data and sit outside of your ISP's NOC and see how often the MIBs come to change the tapes.
Resistance to tyrants is obedience to God.--Thomas Jefferson
--
Proud member of the Weirdo-American community.
I wonder what the new name will be? Looking at the current adminastration, it'll probably be called:
The Digital Millenium Child-protection secure scanner for the War on Drugs, TDMCPSSFTWOD for short.
I'm glad they're renaming it. It shows they think people are really, really stupid. Hmm, let's rename it and hope the problem goes away...
Michael
...another comment from Michael Tandy.
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
Okay, so we all know that Al Gore invented the internet, right?
:)
But did you know that without his help, Vinton Cerf never would have invented TCP/IP?*
Yeah. I guess I'll vote for Nader, then.
(*Helpful hint for ACs and moderators: read the link!)
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
hehe, sorry, couldn't resist...
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Doesn't the concept that minors aren't full citizens seem a little odd? By that logic, anyone that doesn't meet a special qualification could have various rights violated.
oh man... you exactly described an idea I thought up a few days ago, and am planning to implement this week. check my site for details soon... this garbage is getting out of hand, and for once i am deliberately going to step in the FBI's way.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
Carnivore in itself is not good or evil, it is simply a tool that can be used to catch a mass-murderer or provide info on all /. users. Society grants powers to law enforcement and trusts them not to abuse them. For the reporting of any abuse of these power, procedures exist. Tens of thousands of law enforcement people carry guns, and we trust them not to turn into psychotic killers. If we had the same reservations about other powers as we had about Carnivore, the FBI would not be allowed to investigate crimes, arrest people, carry weapons, tap phones, perform searches or keep records on criminals.
Compared to the possible harm that the FBI with its weapons and authority COULD cause, but not actually does, Carnivore is really not that new.
what mitnick did was the cyber equalivant of spraying grafetti (sic), sure its a crime, but no one was really hurt. The government (and their big business friends )got their little feelings hurt due to Kevin, due to such feeling, they gave kevin a royal fucking. Sorry to say, but you step on big business's toe, it steps on you with all 800 pounds. Welcome to the Corporate Fascist states of America :(
Lawyers, MBA's, RIAA? A jedi fears not these things!
They generally do not aid in stopping crimes and can be called into effect entirely too easily. With just the slightest suspicion of illegal activities, law enforcement can get a warrant to surveil you.
Also there is a distinct likelyhood of such snooping meaning filling jails with petty criminals and political prisoners. Thus making it appear that a good job of law enforcement is being done. Whilst largly ignoring major league crooks.
The FBI, under Hoover, did exactly this.
Tune in next week, when alizard watches his favorite episode of Star Trek, then proceeds to write a nasty letter about Stephen Hawking and "all his half-baked theories." You'll laugh 'til you cry!
ha
--
I see from the link that you guys lost. Sorry to hear it, and good luck.
Goddamn, excuse me, but I'm getting sick of governmental and legal crap (er, the Net being exempt from all legal precedent) screwing up the Net. Anyone working on something better out there? Should we go back to dialing up local BBSs? I can't think of any technology out there that has ever been the subject of more legal exceptions and privacy 'concerns.' Now I'm sad :(. BTW, I am not at all impressed with Cerf: "he led the engineering of MCI Mail, the first commercial email service to be connected to the Internet." Sounds like one of the turds who told the world about the Net to begin with. Argh... where's my time machine?
The first question is whether it's competently written. Here are some _initial_ questions:
- Does it just capture emails to/from a specific email address, or does it trace _all_ traffic to/from a designated IP address?
- If the former, can it capture email traffic that doesn't use the ISP's mailserver, but another one?
- To intercept logins (ISP/mail), it would have to access ISP authentication; does this mean that it has the entire ISP database?
- If the latter, does it adjust for varying DHCP (dialup/cable/DSL) leases?
- Might it scarf traffic from _innocent_ users who acquire a previously targeted DHCP address?
- Could _innocent_ users be confused with the target?
These are serious issues that deserve public scrutiny. Otherwise, things could get out of hand.
=====
Its amusing how the readership of this site hangs on the words of Linus, Alan, ESR, Larry Wall, etc.
=====
Obviously every movement will have leaders. Whose words would you prefer the Slashdot community hold in high respect? Yours? Mine? Compare what you and I have done for this community to what those named above have done and perhaps then you will be less amused by their following and more informed from their statements.
Maru
The AC who replied also got it right. See my .sig.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
When I heard about the curfew, I knew they weren't going to enforce it completely, I knew it would be selective, but the issue is the criteria. I hadn't heard any good statistics, just by word of mouth. I assume by your involvement in the lawsuit involving Daniel and company (yes, I know him, too. small world, err... city) that you have better facts than I. It would appear that my fears have been realized.
On a side note, I actually know Max and Will and some of the people I saw references to on your page. I've heard a lot about you. Funny the people you meet on Slashdot.
WARNING: there is a trojan on your
He who would give up his (or her) rights never deserved to have them.
In other words, I'm going to fight to keep carnivore the hell our of my ISP's servers. I hope all the trolls and spammers and pale losers can rise up as one to defeat this system.
And, of course, and overused and overly cliched quote:
If the goverment wants us to obey the laws perhaps they should set a better example.
Kris
botboy60@hotmail.com
Nerdnetwork.net
Kris
botboy60@hotmail.com
Nerdnetwork.net
The FBI won't release the source to Carnivore? We should take the lead and write our own version of Carnivore and call it 'Carnivore'. Write an email sniffer that snoops on port 25 and captures emails
to/from a configurable address. Make it infinitely configurable and have a nicer interface than anything the FBI can possibly have.
Then we announce it on Freshmeat and release it GPL. We send press releases to all the major news outlets. That will make sure every script kiddie everyhwere has a copy.
Watch the FBI explain repeatedly that it isn't their Carnivore but the free Carnivore. The public, however, will only hear about 'Carnivore'. This way we effectively FORCE the ISP's to start using tls/ssl for port 25 and we force the internet community to start encrypting email
at the MUA level.
Who chose this guy? Oh wait, it's the folks who want Carnivore to get accepted, isn't it.
Shouldn't the people (and yes it should be people) who examine Carnivore be chosen by the people Carnivore is meant to examine? (no taxation without representation! ;) I know I'd rather have hundreds of Open Sourcers examining it (even under NDA) than one guy chosen by them who used to work for DARPA, and thus obviously has the right attitude to be in the fed.
I wonder if I can find contact info for whoever's responsible... I doubt it, they're probably hiding like most people behind this sort of thing. (random question: why doesn't work in the preview? Soon I'll know if it works in the comments too, but whether it works or not, it's a bug.)
---
END OF LINE
Everyone knows Dan Quayle invented the internete.
The current Slashdot moderation system is made by gay communists!
And the people at People for internet responsibility think that opening the source is important but consider far worse problems with the entire carnivore idea.
-------- This space intentionally left blank --------
The whole point of the post on slashdot is that Cerf *isn't* qualified to give an endorsement. The Wall Street Journal and other papers are carrying articles about how Cerf says Carnivore is OK. The FBI PR department and the big papers are pushing to the public that Cerf's opinion should somehow matter.
Did you bother to read the blurb above? It ends with 'This is nearly as reassuring as the Justice Department's decision to change the name of Carnivore...' I mean really, the WSJ headline I mentioned reads 'Web Guru Cerf Defends FBI's Use of Carnivore.' It goes on to claim Cerf is 'widely regarded as the the "father of the internet."'
Methinks you have misdirected your post against slashdot instead of against the mainstream press...
Jim
From a MSNBC article:
http://www.msnbc.com/news/457153.asp
----- LoboSoft specializes in Digital Language Lab
All of those points are also valid examples of times where a group was discriminated against for a rather simplistic reason.
It's been a long time since we had the oportunity to have a slashdot interview, and I'd love to ask Mr. Cerf a couple of questions (regarding carnivore, but also some general questions regarding hiswork on TCP/IP and the creation of the Arpanet).
/.-folks, get us an interview with him, please.
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
read up on COINTELPRO and related stuff from the 1960's. The FBI sux.
-- My comment is above.
Oh, bra-vo! Well done! You've just fabricated out of thin air a situation involving waldoj and a police officer, and then scolded him for the behavior you imagined him displaying. That'll teach him to mouth off to imaginary policemen in your made-up little world.
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
I sort of took it for granted that Mitnick was doing Bad Things. Sorry, should've mentioned it.
I don't see how releasing the source code 'would be bad' if the system is as robust as they claim.
Maybe the refusal should be considered strong evidence that the system is not as robust as claimed (or that it enguages in activities not yet disclosed.)
Carnivore and it's older cousin, wiretapping, both provide one thing: easier convictions. They provide a means for law enforcement to get a confession without the person even knowing they are condeming themselves. Not only do these methods violate the 4th amendment, but also the 5th, i.e. not providing testimony against yourself. They generally do not aid in stopping crimes and can be called into effect entirely too easily. With just the slightest suspicion of illegal activities, law enforcement can get a warrant to surveil you. Unless this is stopped (and I realize posting here is doing no good), then we are one step closer to have a stronger fake sense of security, and a leap closer to having less privacy.
This mixed with the anti-terrorism acts of the 1990s could result in arrests and detainings by association. If someone (anyone) sent you an email that stated intent to subvert, collapse, or overthrow, it could be construed as _your_ intent, thereby making you a party to a terrorist group. And all of your associations could be placed in the same group. The CIA could send out spam to anyone who would dissent and then arrest them on the grounds that they were of a particular association. Egads!
http://foad.fbi.gov
fyi
--
--
"It is now safe to switch off your computer."
without defending the system or taking sides, I believe that the "robustness" claim was about the secure authentication and data transmission (they're probably using ssh :) while the disclosure they wish to avoid is how the "AI" or "grep" that they're using works, what it keys on, vocabularies, etc. because they don't want people to work around it.
Don't forget, this guy is also one of the big defenders of Al Gore's claims to have been instrumental in the development of the Internet. So he's obviously right about this as well!
We need to get rid of Carnivore period. This is just the Big Brother phenomeon developing right in front of us. It shouldn't be in any form whatsoever. If this is allowed to be used by the FBI it can have devastating consequences. It would turn the Internet from a save haven for people to exchange information to a place where you have to hire a lawyer to make sure the content you're trying to place on a server isn't gonna be considered by the government to be a "threat to national security."
I will not be sastified until every last Carnivore system is trashed and used for some other purpose.
US businesses that currently accept chip and PIN/signature
The above poster does make a point though, that while Vint Cerf has done some astoundingly impressive things in his career, his current employment is as "a suit", and his employment has never once been related to privacy or security concerns.
/. number?
I'm not attempting to trivialize his accomplishments in the computing field, but honestly I just don't see why his opinion matters in this case.
And by the way, since when is 12,000 a really low
----------------------------
That would be double-plus-un-clear!
developed in the late 18th century
Prisoners could be observed at any time by a gaurd in the tower, but, because the tower had shuttered windows, they did not know when they were being watched or who may be watching.
At least, Sheriff Joe Arpaio won't be able to claim a patent for putting his jail in a webcam.
__
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Except I only have a Master's, I sleep in the lunchroom and I browse /. And I run redhat not BSD (doh!)
"Even if you're on the right track, you'll get run over if you just sit there" - Will Rogers
"The FBI cannot and does not 'snoop," said Donald Kerr, FBI assistant director. (from the MSNBC article)
Maybe it's just my distrust of government agencies (especially alphabet ones) after the entire information gathering thing up here in Canada, but does anyone else find this just a little hard to believe? (The 'does not' may be true, but I bet you the 'cannot' isn't)
-GreenHell
"I won't mod you down - I feel the need to call you a twit explicitly, rather than by implication."
I see, so there's nothing wrong with government privacy violations if you're a law-abiding citizen.
I was a plaintiff in Schleifer vs. City of Charlottesville -- we sued our city over the youth curfew. What we heard over and over from the lawmakers and judges was "what would a law-abiding kid be doing outside after midnight?" The answer, of course, was "whatever the hell we see fit."
The innocent need not be concerned with their privacy? That's rich.
-Wadlo
-------------------
IMHO, the entire 'examination' is worthless and is designed to distract from the real problem with Carnivore.
For the sake of arguement, let's say for the sake of argument that unlike every other computer based system in history, it is hacker (and cracker) proof, and always does exactly what it's user wants it to do (no more, no less).
Further, let's assume that the source is released, and 100,000 respected experts are satisfied that the above is actually true.
The problem still remains: Without non government oversite, how do we know that the FBI isn't on a giant random fishing expedition? Sure, the warrant says JoeBlow@isp.net but how do we know that the perfectly authenticated FBI guy dodn't set it to scan for '.*@.*' with keyword filters instead? How do we know that the actual units being installed at ISPs have any internal resemblance to the one that was examined? Perhaps it has enough hard drives to actually hold '.*@.*' for several days.
In short, we don't need a detailed independant examination of Carnivore, We need a detailed independant examination of the FBI and DOJ.
Freedom of information act, of course *laws* don't mean anything to the FBI, do they? There is enough crap being passed through right now that if anybody pisses off a member of the gov't, high enough in the 'system', they can be thrown in jail with no warrant, and no trial in the forseeable future. You *know* the FBI is not going to release information gathered via carnivore to the public. What makes you think it would even be released in a courtroom setting?
--
Restating the obvious since nineteen aught five.
Bad Bad things are on the horizon, although nobody wants to say it, the FBI/NSA probably already has taken their seat in many places you wouldnt want them. Maybe we can do something to make it harder for them.. Much like an ATM (bank machine) that generates/transmits random data when it's idle, maybe flooding the net with useless data would be effective in this situation as well. ie. Build a client or some sort of automated system (maybe built into your fav mail client) that encrypts useless data to 10 of your friends, those 10 friends do the same, and so on... every little bit counts, may seem feeble and hopeless but if they have to spend even 5 minutes more analyzing the junk coming from EVERYWHERE, its worth it.
You know what this whole thing has gotten me to do? get off my lazy ass and figure out (for the most part) how to use gpg. I remember in the (awesome)book _cryptomnicon_ a part where some business man is saying, "didn't you get my email?" and some friend of the protaginist says, "I remember getting an email from someone claiming to be you, but I dont respond to any email that's not encrypted". Or some such like that.
So you know what I have to say to carnivore? screw it! screw it all! All of my emails are going to be signed,and _anything_remotely_senisitive_ will be encrypted with my 1024 bit key.
End of story.
why should you be forced to trust either.
ReadThe ReflectionEngine, a cyberpunk style n
The FBI has a well-documented history of using misinformation and agent provocateurs to discredit and entrap organizations and individuals what they believe to be any sort of 'threat'. Want a link? Use a search engine.
Legal interception capabilities are there to catch organised criminals and child pornographers.
However a big enough criminal organisation (especially if it started as a legitimate business) may well not be caught at all. e.g. Microsoft. Also IIRC at one time the biggest distributer of child pornography was some US law enforcment agency or other.
How about this. If every e-mail contained something like a sig, which was maybe a list of words or phrases that triggered snooping you might innundate them with so much information that it would be impossible for them to cope with.
*BenZilla*
I'm sure that Vint is a really smart guy, but let's _not_ forget that he is suggesting that we trust the same FBI that brought us Waco.
// Agent Green (Ian / IU7)
The email I generally write would probably not be flagged for use by the FBI. However, I am a firearms enthusiast and a libertarian...two things that aren't exactly popular on the feds list. The government has absolutley no business to snoop where it doesn't belong.
It's not the abuse of power I'm concerned about...it's the power to abuse that scares the hell out of me.
/* ---- */
// Agent Green (Ian / IU7 / KB1JQO)
// IEEE 802.3: All 10base Are Belong To Us
Um... I don't think anyone here has any high opinion of Cerf's opinion. That's the point. He's not quallified to comment on privacy or on code openness, esp for somehting as important as this.
:-)
I think the FBI wants the general public to think that his opinion matters, which is why it's important that it show up on slashdot.
Read the headline this way:
FBI finds 3rd grader who says Carnivore isn't that bad! General public rejoyces that their privacy is safe!
Better now?
-- IANAEG - I am not an elder god.
I just think its very important that we seperate the technical innovation that some of these folks have been part of with their political or idealogical views.
From Article: Cerf also said that it would be a bad idea to force the FBI to reveal Carnivore's source code, as many of the system's critics have requested
Bad? Bad how? Does anyone have any other links that might have direct quotes? I don't see how releasing the source code 'would be bad' if the system is as robust as they claim.
Why not release the source code of the system? I mean, if it is really well designed and the authentication is so robust, what do they have to fear from full disclosure?
From Article: Carnivore's detractors had suggested that hackers may be able to gain access into the system.
Actually, for me the issue is more about the FBI themselves abusing this system than some future threat of a hacker takeover of it...
--
--
We have fought the AC's, and they have won.
Has anyone actually seen the code? I mean does this software just pull packets of relays? Then if you encrypt your email via Kerberos or the like could they still pull it and crack it? I run my own SMTP and POP server so does this mean that I by some wacky juristriction am in violation of the law if I do not comply to their standards? Not to mention that this is internation traffic we are dealing with, due to Intelligence Oversight Laws, and the inherent domestic only role of the FBI, wouldn't this then be under the juristiction of the CIA?
I have two cans and some string if I talk over it then do I have to allow the FBI to tap it?
msNBC.com's article tells a differnet story:
Vint Cerf, an Internet founding father who was selected to serve as an unbiased technical adviser on the Senate panel, was even harsher in his assessment of the suggestion that Carnivore be put in the hands of ISPs. The proposal "strikes me as alarming, quite frankly," he said.
--Benjamin Franklin
(probably paraphrased)
--
Restating the obvious since nineteen aught five.
This isn't a rip on him - its a rip on slashdot for expecting him to say something momentous.
Its amusing how the readership of this site hangs on the words of Linus, Alan, ESR, Larry Wall, etc.
Make up your own mind folks, forget the celebrity worship.
The spirit of carnivore is good, the idea that they can target one potential criminal, and read all email pertaining to him in an attempt to arrest him is great. The FBI needs somthing like that. The letter though, says only the FBI gets a good look at the code, and they can impliment it anywhere, anytime, on anybody, without any notice. I'm sure people speaking out against carnivore are on their list of people to watch, if nothing more than to test out carnivore. Which brings up the subject; is this carnivore version 2.0? How long have they been testing this program on the general public without informing us about the program? On the flip side, yes, everyone is fairly aware that the FBI and whatnot agencies have always been able to efficently monitor the people they want, but for them to blatently pointing out "yes, we're quite capable of reading all of your email, and yes we're not letting you see what kind of technology we're using, and we're going to keep it that way.". That was a mistake from the start, their PR department is getting spanked by the public, at the very least they could have predicted a reaction even half of this, and they probably could have released a basic skeletal (or even fake) version of carnivore? Either way, we're a government of the people, by the people; if the people are beginning to opensource many new software projects, it'd be nice to see the government at least attempt to follow with current trends and opensource the carnivore program. I'm sure ISP's wouldn't mind adapting the software as a government-provided-spam-blocker, we spend enough money as it is trying spam email cases as it is.
comments?
moox. for a new generation.
i cannot believe that the fbi has the power to read what i write to others. what's the next step from recording what i say in a public building, or in my car, in a public road, or in a mall .. the only other thing i can thing of, that is relative to this, is a mall. i don't wanna be a mallrat, but lots of people talkign to each other, it would be like the fbi setting up microphones becuase it's a national security risk?
i say we all send emails to looping addresses, saying how alah is going to blow up the president on the 1st moon of december, if we just loop the emails from east coast to west coast, the fbi will have alot of fun ...
anyone got the brains to code such a program ?
Runnin' On Empty
I'm relatively new to this whole internet thing, but i'm wondering how this guy get's called "father of the internet", or at least which people see him as such...
I've been brought up under the impression that Jon Postel, RW Stevens, and CmdrTaco made up the 3 men who concieved the internet (the baby)...
_Carnivore itself_ does not violate anyone's privacy. People forget and blame carnivore, when what we should be concerned about the untrained, dishonest FBI agents using this thing.
====
Crudely Drawn Games
There is no guarantee that what we would be given would be the "real" carnivore code anyway. For all we know, the FBI could have planned for this and created a dumby carnivore which would look as harmful to our civil rights as a knock on the door from the police wanting to ask a few questions, but the "real" carnivore code is worse than anything from 1984.
/.'ers that might be in the 6th district of VA like me you can go to house.gov/goodlatte to find the email link.
The only solution to this is to NOT ALLOW this thing to be used, period! I've already written my Congressman about this and ya'll should too. For those
Yes, I understand the whole privacy argument - but really, if I follow everything correctly, all this software does is allow the government to do what any reasonably intelligent geek on your local network has been able to do all along - packet sniff. Correct? If you really want privacy, don't whine about the government having access to your e-mail - encrypt it. They can sniff my e-mail all they want, they're still not getting anything from it.
Is it just me of doesn't it seem that Carnivore's "potential for abuse" is the whole reason we need to get rid of it? I mean, who cares if it has the best authentication ever...I don't mean to sound like a conspiracy theorist here...but, legitimate FBI agents (completely authorized to use Carnivore) could be the ones we should worry about. We all know that sometimes law enforcement officials will do whatever is necessary to put behind bars someone that they believe to be guilty. That is what we need to protect ourselves from...not outside hackers breaking in to Carnivore. We can't be sure that the "evidence" collected by this thing isn't completely forged. It sits AT the ISP they could easily make it look like someone did/said something that they never had anything to do with. Has the world gone nuts?
Yes, but the problem you run into there is that, in order to inspect the system in any meaningful fashion, the inspectors have to have access to the source. I doubt the people shouting about this would be satisfied if they let a bunch of compsci profs look at the insides of the hardware. So they have to, at some point, let someone see what they've done in there. And it would probably be fairly trivial to work around it anyway, for a reasonably serious criminal. See various articles on this very site about encryptin, burying message data in image files, etc. I'm concerned about the implications for the "average citizen." There are only three logical reasons I can think of why they'd want it kept so top-secret:
-RickHunter
Are you SURE they aren't getting anything? I mean...you have upgraded your PGP haven't you? :)
According to this Linux Today story/press release, "Network ICE is disclosing the source code to a new e-mail sniffing program called 'Altivore.' This software provides a potential alternative to ISPs who do not want to install the FBI's secretive black-box known as 'Carnivore.'" The press release is at NewsAlert, and the source is here.
:-)
Can't stop snickering...
Legal interception capabilities are there
to catch organised criminals and child
pornographers.
Nobody wants to read your silly
emails anyway.
All proper red-blooded Americans are asleep. Only pinkos and foreigners are around to post.
If you wanna get a better idea on what kind of intelligence info the FBI gathers, and the type of people it gathers it on, peep the FBI's Freedom of Information act site:
http://foia.fbi.gov/
The site has reams of declassified FBI files on famous people like John Lennon, Lucille Ball, Jackie Robinson, Charles Lindbergh, Elvis Presley, John Steinbeck. They're all in PDF format, but at least that way you get to see the nifty black marks over the parts they didn't declassify.
--
proposals from outside organizations wishing to review Carnivore is past and a selection team is reviewing applications, Reno said. Several universities have rebuffed requests from the Justice Department to submit review proposals, citing unreasonable constraints set out in the review guidelines
Translation:
We asked people to ask us to review it, but they said no.
Anybody else see the irony?
"retro-fitting for the unwitting"