Slashdot Mirror
Vinton Cerf Says Carnivore Source Best Left Closed
ljrittle writes: "Vinton Cerf might be the
rubber stamp that the FBI was trying to find. The
ACM article says that according to Vinton, Carnivore
``does not pose a threat to innocent computer users'
privacy'' and that [we] mere Internet users need not
see code." This is nearly as reassuring as the Justice Department's decision to change the name of Carnivore, as pointed out by observant reader Ripped_Edge. Walks like a duck, talks like a duck ...
I love the hypocrisy you see in out government, particularly the law enforcement, sometimes. It's so sad that the FBI isn't satisfied with fair, lawful means of doing their job (which is, mind you, law enforcement, not crime prevention).
Here's my challenge to the FBI. You trumpet so loudly that the innocent have nothing to hide (an unconstitutional assertion on which to base this system, by the way, since it implies presumption of guilt until innocence is proven). Very well; prove that you really believe this. If Carnivore, or whatever else you may call it, really is such an innocent system, then don't hide it. Let us see the source. After all, if it really only does what you say it will, then there's nothing to worry about, no? And who knows; maybe there are security bugs that you don't see yet; surely you'd want people in positions to help you fix the bugs to see them, wouldn't you?
----------
There is absolutly no reason whatsoever to assume that he had been arrested at all. The fact that he could be has no relivence to the above post.
ReadThe ReflectionEngine, a cyberpunk style n
These are all good questions, which I think the FBI should answer. Even so, I don't know that I'd trust their answer without having the code be public, or at least having a group of people whom the computing community trusts look at the code. Something with as serious a consequences as this needs public scrutiny to make sure it is doing what it is supposed to, and only what it is supposed to. It is the latter that I am most concerned with.
A cop will find someone walking around in a ski mask and bulletproof vest suspicious. The digital equivalent, anonymous encrypted traffic can be viewed just as suspicious.
Only when it's the exception. If ski masks and bulletproof vests were the latest high fashion items they wouldn't stick out...
Compared to the possible harm that the FBI with its weapons and authority COULD cause, but not actually does
Tell that to the Branch Davidians. The ones who aren't crunchy bits now.
I'm no militia-man, but the FBI has a lousy record of abusing their power, even when the director isn't a closet transvestite being blackmailed by the mob like J.Edgar Hoover was.
Do we really think Martin Luther King needed survellance? John Lennon? What people are saying here is yes, we trust them to a point because to some extent all their normal searches etc. happen in meatspace and there is physical evidence or photos of their survellance attempts, for instance of the demonstrators in Philly during the GOP. That's the whole problem - from now on there won't be any record except what's in Carnivore, and we know that'll be whitewashed beforehand if anyone actually gets to the point of trying to subpoena those logs.
And yes, I'm sure they might have actually stopped some bad people with the system already. The question is do you allow blanket searches on the entire 280M populace to catch 20 drug dealers and 10 pedophiles?
The revolution will NOT be televised.
Maybe it's just my distrust of government agencies (especially alphabet ones) after the entire information gathering thing up here in Canada, but does anyone else find this just a little hard to believe?
Kerr is simply emulating his (ultimate) boss -- it all depends on what the meaning of "snoop" is.
In their own minds, the COINTELPRO people weren't "snooping"; they were "monitoring a threat to national security" or such such thing.
/.
/. If the government wants us to respect the law, it should set a better example.
You know what? I don't care any more. This kind of stuff is just ridiculous, and somebody needs to have the guts to make some serious waves, if only for a moment.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
--
--
We have fought the AC's, and they have won.
I just lost a lot of the respect I had for Vint Cerf...
-- Fester
-- Fester
"Freedom is the freedom to say that two plus two make four. If that is granted, all else follows."
His biographical information can be found here. He's just a suit, albeit with a PhD. Nothing to see, folks; just move along.
Of course, it isn't that far removed from the co creator of the Web saying everyone should have a license to surf the Web (yeah, apparently this is not a new opinion for him).
Fuck Slashdot
I agree. I am much less concerned that the FBI botched the job and left a hole open (they are smart guys, after all--if they didn't find it, I won't), I am worried about what it is *designed* to do. I don't want it around, even if it perfectly conforms to the description the FBI already gave.
I suppose some people are worried that the FBI would leave a secret back-door in there, but I seriously doubt it--they have little to gain from doing so (can get unauthorized data without a warrant... If the FBI wants a warrant, they can get one), but much to loose (someone else could exploit it, the public could discover it and demand Carnivore be shut down, someone in the agency could use it as blackmail, foriegn governments could spy on the US).
I suppose that they want something that sounds less threatening then "carnivore"
How about... Sharing our Feelings
Hopefully I didn't put any [] around my words.
The spirit of carnivore is good, the idea that they can target one potential criminal, and read all email pertaining to him in an attempt to arrest him is great. The FBI needs somthing like that.
The FBI has always relied on covert surveillance. Carnivore is not exactly new or ground-breaking. But one has to wonder at how effective ANY system of this sort would be against technically-adept individuals. How many people who want to evade surveillance would email in plain text? Strong cryptography is frightening to the government precisely because they don't (yet) have a way to stop it. It seems to me that anyone who wished to evade detection could do so -- but I'm no expert in these matters.
The Freenet mailing lists have interesting discussions on these topics, mainly because Freenet's design goals include anonymity and untraceability.
The letter though, says only the FBI gets a good look at the code, and they can impliment it anywhere, anytime, on anybody, without any notice.
I don't think that's strictly speaking true. Mostly, police surveillance in this country requires some strong indication of wrong-doing. The Fourth Amendment provides for protection against "unreasonable searches and seizures." I don't have any specifics regarding Carnivore but I would assume (hope) that monitoring everyone all the time would constitute an unreasonable search or seizure.
It is not in the government's best interest to open source it -- even though it may be in ours.
That was a mistake from the start, their PR department is getting spanked by the public...
Yes, a PR nightmare, assuming anyone is listening. I haven't seen it on network television lately.
I'm sure ISP's wouldn't mind adapting the software as a government-provided-spam-blocker, we spend enough money as it is trying spam email cases as it is.
I don't know about spam-blocker, but as for voluntary ISP participation... It seems unlikely to me that ISP's would volunteer to be the bad guy unless it was in their best interest, ie, to avoid lawsuits or prosecution. Customers certainly wouldn't appreciate it. We get annoyed when our ISP's try to throttle bandwidth, never mind about them volunteering to spy on us and rat us out to the gov't.
Controlling the language often means controlling the argument. If this was called something oblique, half the people wouldn't have cared.
So for the benefit of the justice department, here are, some suggestions for nicer sounding names and of course names that obfuscate the intended purpose of the device.
* The Datastream Tickler
* Electro-Bad Guy Nabberometer
* The Anti-Evil Communication Filtration Device
* The eBloodhound safety system
* The TCP/IP En-Route Packet-Routing Intermediatary Device Monitor Analyzer System
* The Justice Box
* The Nothing-To-Worry-About System
* The Fluffy Bunny Machine
* The Enigma Trapped In A Riddle Machine
* The J. Edger Hoover Memorial Email Sniffer
It would also help if they painted the box red white and blue and put silver stars on it too. Then I'd be less likely to be concerned about potential abuses.
Thanks
W
-------------------
-------------------
This is my SIG. There are many like it, but this one is mine.
If I had mod points (and hadn't already commented to this thread), I'd mark that "Insightful".
This is a classic example of exploiting people with the wrong type of expertise to cast a patina of credibility. It reminds me of the distinguised scientists who endorsed Uri Geller's spoon-bending -- however knowledgeable they may have been in their fields, they were clueless when it came to sleight-of-hand and distraction.
/.
/. If the government wants us to respect the law, it should set a better example.
Hrm, I don't take back anything I said. You said he had gotten arrested beacuse he was the plaintiff in a lawsuit. That statement is clearly bassless. If you did know the diffrence, you were ignoring it.
ReadThe ReflectionEngine, a cyberpunk style n
cellular service provider who allowed an illegal wiretap to be installed at the cell-site.
Certainly, corperate oversight won't work since corperations are too easily threatened by the government. It's individuals in the corperations who pose a threat to widespread illegal operations by law enforcement. That comes into play if the FBI has to have the ISP's admins direct a particular users traffic to an otherwise isolated sniffer such as carnivore.
In that scenerio, surely if the FBI had all traffic, or even a large percentage of traffic diverted, the admins would know it. Sooner or later, one of them would tell the world (possably involving getting drunk at a convention, possably not).
It's not good enough, but it does at least prevent routine large scale violations.
The only interesting aspect of "Altivore" is that it showcases the level of competance in the developers Network ICE hires. Here's a hint, kids, packet header fields are under the control of attackers, and they don't have to be self- consistant. Length fields are unsigned. Negative signed numbers make big-ass unsigned numbers...
And when the TCP header length can be longer than the entire packet length, maybe the equation "len = header - packetlength" isn't a great idea.
Its amusing to see a vendor that doesn't seem to know how to sanity check a pointer dereference complain about other vendors taking sequencing "shortcuts". Maybe an interesting "contribution" to the body of GPL software would be actual TCP reassembly code --- but given the sub-Phrack quality of this example, I think the only advantage a competant tech would get out of access to that code is a heads-up warning about the general lack of quality-control at closed, proprietary commercial software houses.
Seeing movie that started at 9:30 could easily have gotten me arrested. Seeing John D'earth at Miller's on Thursday night could have gotten me arrested. Failing to carry ID could have gotten me arrested.
Bothering somebody isn't required. Playing loud music isn't required. Simply taking a walk, sitting outside and watching shooting stars, or walking to the 7-11 to get a Slurpee -- all illegal under youth curfew laws.
There are lots of violations of liberties, and battles against all of them are important. I've chosen youth curfews as a cause. The First Amendment guarantees Americans the right to freely assemble. Curfew laws take that away.
Your suggestion that this particular battle is "wasted" is offensive, at best. At worst, your belief that my anger is portable, and can simply be carted to some other offensive law, is ludicrous.
-Waldo
-------------------
from an essay I wrote a couple of months ago:
The Panopticon was a prison concept developed in the late 18th century. In the Panopticon prisoners were placed in individual cells arranged in a circle around a central tower. Prisoners could be observed at any time by a gaurd in the tower, but, because the tower had shuttered windows, they did not know when they were being watched or who may be watching.
Carnivore is the tower, we are all the prisoners.
We will never be allowed to see how the program works, because it may not be doing anything at all. It is not about catching criminals. The object is to take away the sense of anonymity, so that we know that we can be identified, and to create parnoia that we may watched at any time. The target is not criminals, but the general population. The effect is that it suppresses any radical ideas, creates complacence and conformity.
I need to go, the Thought Police will be at my door any moment...
All that we see or seem is but a dream within a dream.
Vinton Cerf just blew a lifetime of credibility in one ill-considered article.
Yep, just becuase he expressed an opinion that differed from your own, he's thrown away all that he's accomplished over his career.
When I say bet, I mean taking the short side of any stock in any company he's involved in
Great, go ahead and short a bunch of MCIWorldcom. Post your brokerage statement on the web. It will be amusing to see how much money you lose. If you make money, you can donate it to the FSF or the EFF or one of them folks.
DrLunch.com The site that tells you what's for lunch!
You kind of glossed over the point that Mitnick was breaking the law and got what he deserved. If you aren't being an idiot like Mitnick your odds of showing up on the FBIs radar screen are damn close to 0.
DrLunch.com The site that tells you what's for lunch!
What I'm worried about are the people who will be invstigated improperly because they're talking about something that snags the filters. You could have a conversation with your friend about lawns and be tagged as a drug kingpin. Throw in an innocent vacation to Mexico and suddenly you get to prove your innocence.
You can send email to a lot of people on the net that you don't know; that web of contacts is one of the things they're looking for. So I sell race tickets to a guy in California, and he's a bad guy and again, I have to prove my innocence because I'm guilty by association. I agree they need a way to "tap" email to some extent; I just don't agree with the approach. They can get the logs now from the ISPs with a court order.
The revolution will NOT be televised.
- Main Entry:
- police state
Not necessarily just guys with guns. Reading my email without even telling me what you are doing, when, where, why and how it is happening, is an arbitrary exercise of power by police [FBI] and especially secret police [NSA].Function: noun
Date: 1865
: a political unit characterized by repressive governmental control of political, economic, and social life usually by an arbitrary exercise of power by police and especially secret police in place of regular operation of administrative and judicial organs of the government according to publicly known legal procedures
My point was, that at least the answers to these questions are covered by publicly known legal procedures, when it comes to tapping phones.
Thank you: your article supports my post :-)
cheers,
G
-
What has made OpenBSD so successful is not the many eyes, but rather the FEW GOOD eyes.
Very good point. But remember that the OpenBSD guys took what was meant to be one of the most secure OSes, and gave it a damn good polish. Also, a lot of their job, was going through outstanding bug reports, that no one had got around to fixing. Would *BSD have been as secure as it was, to give them such a good foundation, without the hundreds more OSS programmers using/working on it for years? Would they have recieved the same quality of information in bug reports, if BSD users did not have the source code? Do you think Windows public beta test are really useful for anything more than guaging public opinion of the product?I'm not meaning to dismiss the work done by de Raadt et al, and know that I am not providing empirical facts. But I do not doubt that the coders in the public having the source helped the core development team.
- Get investigated by the FBI. This is not as difficult as it sounds, and to judge from the neo-Nazi rumblings coming from the DOJ about the "inherent power" of the government to monitor our communications, it'll probably just get easier as time goes by.
- Once you have reasonable confidence that the Carnivore parasitizing your ISP's network is following you, begin sending carefully prepared (and perhaps machine-generated) messages to and from a variety of email accounts, some bogus, some belonging to friends and relatives.
- This being done, wait until you're no longer under investigation by the FBI. (How to accomplish that is left as an exercise to the reader.) Use the Privacy Act to get a copy of your dossier and all the email Carnivore captured. Using this -- if your test data set was well prepared -- you should be able to deduce quite a bit about the behavior of Carnivore.
Of course, this entails some personal risk, but liberty usually does.Alternatively, if you think your local Carnivore is monitoring something it shouldn't, flood it with data and sit outside of your ISP's NOC and see how often the MIBs come to change the tapes.
Resistance to tyrants is obedience to God.--Thomas Jefferson
--
Proud member of the Weirdo-American community.
Okay, so we all know that Al Gore invented the internet, right?
:)
But did you know that without his help, Vinton Cerf never would have invented TCP/IP?*
Yeah. I guess I'll vote for Nader, then.
(*Helpful hint for ACs and moderators: read the link!)
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
hehe, sorry, couldn't resist...
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
oh man... you exactly described an idea I thought up a few days ago, and am planning to implement this week. check my site for details soon... this garbage is getting out of hand, and for once i am deliberately going to step in the FBI's way.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
Carnivore in itself is not good or evil, it is simply a tool that can be used to catch a mass-murderer or provide info on all /. users. Society grants powers to law enforcement and trusts them not to abuse them. For the reporting of any abuse of these power, procedures exist. Tens of thousands of law enforcement people carry guns, and we trust them not to turn into psychotic killers. If we had the same reservations about other powers as we had about Carnivore, the FBI would not be allowed to investigate crimes, arrest people, carry weapons, tap phones, perform searches or keep records on criminals.
Compared to the possible harm that the FBI with its weapons and authority COULD cause, but not actually does, Carnivore is really not that new.
They generally do not aid in stopping crimes and can be called into effect entirely too easily. With just the slightest suspicion of illegal activities, law enforcement can get a warrant to surveil you.
Also there is a distinct likelyhood of such snooping meaning filling jails with petty criminals and political prisoners. Thus making it appear that a good job of law enforcement is being done. Whilst largly ignoring major league crooks.
The FBI, under Hoover, did exactly this.
OK, so the DoJ makes a phone call and DoD trots out a "well-known Internet designer" to say soothing things like "trust them" and "no one needs to see the code." I don't know whether Cerf worked directly for DARPA, or indirectly by way of DARPA grants. If he worked directly for DoD, then it's very possible that he still does.
(Many former Federal employees are still on-call as needed; I once met a HS girlfriend's "retired" father at a job fair, behind the CIA recruiting table; a former coworker who was a "retired" SEAL regularly disappeared from work,... for several months.)
The point is that government "Of the People, By the People, and For the People" is at stake here.
This is why we have Open Meetings laws (and the Judiciary enforces these when they're flouted). As a parallel, it seems that what we need now are Open Source laws. Strong ones, with teeth.
Any citizen should be allowed to read the source code of any/every government information system, without barriers, fees, or harrassment. This is simply an extension of existing practices that laws, court decisions, and government rules and regulations must be published for all to see.
Since government IT systems actually _implement_ regulations, it seems not only fair but even imperative that the public should have access to review the logic actually used by government entities, i.e., the rules coded in their software systems. The IRS quickly comes to mind, here....
If such laws had been in place several years ago, the California DMV might have thought twice about _selling_ information from their databases of licensed drivers to commercial interests. They got their hands slapped for that one, but not before they'd already done it for quite a while. People had to _infer_ that they were doing that.
Government source should be open for all to view.
Who chose this guy? Oh wait, it's the folks who want Carnivore to get accepted, isn't it.
Shouldn't the people (and yes it should be people) who examine Carnivore be chosen by the people Carnivore is meant to examine? (no taxation without representation! ;) I know I'd rather have hundreds of Open Sourcers examining it (even under NDA) than one guy chosen by them who used to work for DARPA, and thus obviously has the right attitude to be in the fed.
I wonder if I can find contact info for whoever's responsible... I doubt it, they're probably hiding like most people behind this sort of thing. (random question: why doesn't work in the preview? Soon I'll know if it works in the comments too, but whether it works or not, it's a bug.)
---
END OF LINE
And the people at People for internet responsibility think that opening the source is important but consider far worse problems with the entire carnivore idea.
-------- This space intentionally left blank --------
The whole point of the post on slashdot is that Cerf *isn't* qualified to give an endorsement. The Wall Street Journal and other papers are carrying articles about how Cerf says Carnivore is OK. The FBI PR department and the big papers are pushing to the public that Cerf's opinion should somehow matter.
Did you bother to read the blurb above? It ends with 'This is nearly as reassuring as the Justice Department's decision to change the name of Carnivore...' I mean really, the WSJ headline I mentioned reads 'Web Guru Cerf Defends FBI's Use of Carnivore.' It goes on to claim Cerf is 'widely regarded as the the "father of the internet."'
Methinks you have misdirected your post against slashdot instead of against the mainstream press...
Jim
It's been a long time since we had the oportunity to have a slashdot interview, and I'd love to ask Mr. Cerf a couple of questions (regarding carnivore, but also some general questions regarding hiswork on TCP/IP and the creation of the Arpanet).
/.-folks, get us an interview with him, please.
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
I don't see how releasing the source code 'would be bad' if the system is as robust as they claim.
Maybe the refusal should be considered strong evidence that the system is not as robust as claimed (or that it enguages in activities not yet disclosed.)
Well, it depends. Frankly, some code is proprietary, and as such, we cannot legally look at it.
What the fuck?
What the hell is wrong with you people? if code is proprietary, then we may not distribute it without a license thats all There is no law anywhere that prohibits anyone from looking at something, (unless that something happens to portray minors in a sexual manner...)
ReadThe ReflectionEngine, a cyberpunk style n
Carnivore and it's older cousin, wiretapping, both provide one thing: easier convictions. They provide a means for law enforcement to get a confession without the person even knowing they are condeming themselves. Not only do these methods violate the 4th amendment, but also the 5th, i.e. not providing testimony against yourself. They generally do not aid in stopping crimes and can be called into effect entirely too easily. With just the slightest suspicion of illegal activities, law enforcement can get a warrant to surveil you. Unless this is stopped (and I realize posting here is doing no good), then we are one step closer to have a stronger fake sense of security, and a leap closer to having less privacy.
Also, I can understand, from a security standpoint, that some code may not be made freely available in order to provide greater security for the program that the code is for.
This is simply saying that it uses "security by obscurity". Which isn't a good idea with something which is used for a long time or in a large organisation. Simply because sooner or later the informat will leak anyway.
http://foad.fbi.gov
fyi
--
--
"It is now safe to switch off your computer."
without defending the system or taking sides, I believe that the "robustness" claim was about the secure authentication and data transmission (they're probably using ssh :) while the disclosure they wish to avoid is how the "AI" or "grep" that they're using works, what it keys on, vocabularies, etc. because they don't want people to work around it.
The government (and their big business friends )got their little feelings hurt due to Kevin, due to such feeling, they gave kevin a royal fucking. Sorry to say, but you step on big business's toe, it steps on you with all 800 pounds.
I.E. the sort of approach which should be used against big business (or government departments) when they go off the rails...
Don't forget, this guy is also one of the big defenders of Al Gore's claims to have been instrumental in the development of the Internet. So he's obviously right about this as well!
We need to get rid of Carnivore period. This is just the Big Brother phenomeon developing right in front of us. It shouldn't be in any form whatsoever. If this is allowed to be used by the FBI it can have devastating consequences. It would turn the Internet from a save haven for people to exchange information to a place where you have to hire a lawyer to make sure the content you're trying to place on a server isn't gonna be considered by the government to be a "threat to national security."
I will not be sastified until every last Carnivore system is trashed and used for some other purpose.
US businesses that currently accept chip and PIN/signature
The above poster does make a point though, that while Vint Cerf has done some astoundingly impressive things in his career, his current employment is as "a suit", and his employment has never once been related to privacy or security concerns.
/. number?
I'm not attempting to trivialize his accomplishments in the computing field, but honestly I just don't see why his opinion matters in this case.
And by the way, since when is 12,000 a really low
----------------------------
That would be double-plus-un-clear!
developed in the late 18th century
Prisoners could be observed at any time by a gaurd in the tower, but, because the tower had shuttered windows, they did not know when they were being watched or who may be watching.
At least, Sheriff Joe Arpaio won't be able to claim a patent for putting his jail in a webcam.
__
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
I see, so there's nothing wrong with government privacy violations if you're a law-abiding citizen.
I was a plaintiff in Schleifer vs. City of Charlottesville -- we sued our city over the youth curfew. What we heard over and over from the lawmakers and judges was "what would a law-abiding kid be doing outside after midnight?" The answer, of course, was "whatever the hell we see fit."
The innocent need not be concerned with their privacy? That's rich.
-Wadlo
-------------------
IMHO, the entire 'examination' is worthless and is designed to distract from the real problem with Carnivore.
For the sake of arguement, let's say for the sake of argument that unlike every other computer based system in history, it is hacker (and cracker) proof, and always does exactly what it's user wants it to do (no more, no less).
Further, let's assume that the source is released, and 100,000 respected experts are satisfied that the above is actually true.
The problem still remains: Without non government oversite, how do we know that the FBI isn't on a giant random fishing expedition? Sure, the warrant says JoeBlow@isp.net but how do we know that the perfectly authenticated FBI guy dodn't set it to scan for '.*@.*' with keyword filters instead? How do we know that the actual units being installed at ISPs have any internal resemblance to the one that was examined? Perhaps it has enough hard drives to actually hold '.*@.*' for several days.
In short, we don't need a detailed independant examination of Carnivore, We need a detailed independant examination of the FBI and DOJ.
Legal interception capabilities are there to catch organised criminals and child pornographers.
However a big enough criminal organisation (especially if it started as a legitimate business) may well not be caught at all. e.g. Microsoft. Also IIRC at one time the biggest distributer of child pornography was some US law enforcment agency or other.
How about this. If every e-mail contained something like a sig, which was maybe a list of words or phrases that triggered snooping you might innundate them with so much information that it would be impossible for them to cope with.
*BenZilla*
-
Well, it depends. Frankly, some code is proprietary, and as such, we cannot legally look at it.
I'm not asking for the source code to Windows. The FBI is not a private entity. It is meant to be there to serve the American public, and just saying, "it's our proprietary code, and we don't want to show you," isn't good enough. The American people paid for it. It is the American people's code.There are open protocols that the police have to follow if they want to tap your phone. Why? because this is not a police state. I have a right to ask what, when, where and how this may happen. Surely I have equal rights to know what is going on with carnivore. Was that FBI you said, or KGB? I couldn't quite hear.
-
We still can see what it does, and if we know what language it was written in, we can reverse-engineer it, but there will most likely be differences between that code and the original.
WTF? Are you a troll, or on crack?Are you suggesting people try to reverse engineer the carnivore communication protocols? Just how fast do you want a SWAT team on your ass? Please, don't try this at home kids, it would be a bad idea.
Or do you want to reverse engineer the carnivore program itself? If so, I recommend that an ouija-board will be more useful, than knowledge of what programming language it was written in. How, short of psychic powers, do you intend to calculate what a program that you never get to see running, which is running on a computer that you have no access to, and that you cannot directly communicate with (unless you happen to be a FBI agent), is up to?
-
Also, I can understand, from a security standpoint, that some code may not be made freely available in order to provide greater security for the program that the code is for. I don't necessarily agree with it, but I can understand it.
Ah - security through obscurity, that old favourite.Does the fact that Linux's source code is availably make it inherently more or less secure that Windows NT? Tough one to prove. But I would rather that carnivore was fully security auditted, OpenBSD-style. Many eyes. Shallow bugs.
Later, you go on to say, "I prefer it if not all information is free," well what if it comes down to this: making information about carnivore free, may make it less likely that your private emails are turned into freely available information. Saying, "I don't either to be free," may not be an option.
cheers,
G
Um... I don't think anyone here has any high opinion of Cerf's opinion. That's the point. He's not quallified to comment on privacy or on code openness, esp for somehting as important as this.
:-)
I think the FBI wants the general public to think that his opinion matters, which is why it's important that it show up on slashdot.
Read the headline this way:
FBI finds 3rd grader who says Carnivore isn't that bad! General public rejoyces that their privacy is safe!
Better now?
-- IANAEG - I am not an elder god.
I just think its very important that we seperate the technical innovation that some of these folks have been part of with their political or idealogical views.
From Article: Cerf also said that it would be a bad idea to force the FBI to reveal Carnivore's source code, as many of the system's critics have requested
Bad? Bad how? Does anyone have any other links that might have direct quotes? I don't see how releasing the source code 'would be bad' if the system is as robust as they claim.
Why not release the source code of the system? I mean, if it is really well designed and the authentication is so robust, what do they have to fear from full disclosure?
From Article: Carnivore's detractors had suggested that hackers may be able to gain access into the system.
Actually, for me the issue is more about the FBI themselves abusing this system than some future threat of a hacker takeover of it...
--
--
We have fought the AC's, and they have won.
Has anyone actually seen the code? I mean does this software just pull packets of relays? Then if you encrypt your email via Kerberos or the like could they still pull it and crack it? I run my own SMTP and POP server so does this mean that I by some wacky juristriction am in violation of the law if I do not comply to their standards? Not to mention that this is internation traffic we are dealing with, due to Intelligence Oversight Laws, and the inherent domestic only role of the FBI, wouldn't this then be under the juristiction of the CIA?
I have two cans and some string if I talk over it then do I have to allow the FBI to tap it?
msNBC.com's article tells a differnet story:
Vint Cerf, an Internet founding father who was selected to serve as an unbiased technical adviser on the Senate panel, was even harsher in his assessment of the suggestion that Carnivore be put in the hands of ISPs. The proposal "strikes me as alarming, quite frankly," he said.
This isn't a rip on him - its a rip on slashdot for expecting him to say something momentous.
Its amusing how the readership of this site hangs on the words of Linus, Alan, ESR, Larry Wall, etc.
Make up your own mind folks, forget the celebrity worship.
The spirit of carnivore is good, the idea that they can target one potential criminal, and read all email pertaining to him in an attempt to arrest him is great. The FBI needs somthing like that. The letter though, says only the FBI gets a good look at the code, and they can impliment it anywhere, anytime, on anybody, without any notice. I'm sure people speaking out against carnivore are on their list of people to watch, if nothing more than to test out carnivore. Which brings up the subject; is this carnivore version 2.0? How long have they been testing this program on the general public without informing us about the program? On the flip side, yes, everyone is fairly aware that the FBI and whatnot agencies have always been able to efficently monitor the people they want, but for them to blatently pointing out "yes, we're quite capable of reading all of your email, and yes we're not letting you see what kind of technology we're using, and we're going to keep it that way.". That was a mistake from the start, their PR department is getting spanked by the public, at the very least they could have predicted a reaction even half of this, and they probably could have released a basic skeletal (or even fake) version of carnivore? Either way, we're a government of the people, by the people; if the people are beginning to opensource many new software projects, it'd be nice to see the government at least attempt to follow with current trends and opensource the carnivore program. I'm sure ISP's wouldn't mind adapting the software as a government-provided-spam-blocker, we spend enough money as it is trying spam email cases as it is.
comments?
moox. for a new generation.
I'm relatively new to this whole internet thing, but i'm wondering how this guy get's called "father of the internet", or at least which people see him as such...
I've been brought up under the impression that Jon Postel, RW Stevens, and CmdrTaco made up the 3 men who concieved the internet (the baby)...
Yes, I understand the whole privacy argument - but really, if I follow everything correctly, all this software does is allow the government to do what any reasonably intelligent geek on your local network has been able to do all along - packet sniff. Correct? If you really want privacy, don't whine about the government having access to your e-mail - encrypt it. They can sniff my e-mail all they want, they're still not getting anything from it.
What the FBI would be interested in (presumably) is threats to national security, terrorists, virus writers, etc... (Yes, virus writers... the gov't doesn't take kindly to "malicious" code, be it for shutting down computer systems or decrypting DVD's...) For anything you personally consider sensitive and don't want the FBI peeking in on, you always have recourse to strong cryptography, though of course there are no perfect solutions.
If you wanna get a better idea on what kind of intelligence info the FBI gathers, and the type of people it gathers it on, peep the FBI's Freedom of Information act site:
http://foia.fbi.gov/
The site has reams of declassified FBI files on famous people like John Lennon, Lucille Ball, Jackie Robinson, Charles Lindbergh, Elvis Presley, John Steinbeck. They're all in PDF format, but at least that way you get to see the nifty black marks over the parts they didn't declassify.
--