Slashdot Mirror
Carnivore-like tool released as Open Source
Joe Smith writes "NetworkICE released a new Carnivore-like tool that does *everything* FBI said Carnivore is supposed to do." Of course there's no way the FBI will accept this, and the conspiracy theorists will use this as proof that Carnivore is doing more then the FBI is 'fessing up to.
That's debateable really, I was mainly trying to point out that pretending to be a pedophile on Slashdot is really, really sick. I was pretending to be a vigilante.
companies using their own technology: they have to make it possible to
do so, but they domn't have to smuggle in any mysterious black box.
The fuss about Carnivore is it breaks with this model, and with no
convincing explanation. You don't need to be paranoid to suspect
there is more to this device than the FBI alleges. (Cringely
suggested it might contain a sabotage device...)
The FBI has no choice but to accept an alternative to carnivore, methinks.
The whole issue is this: How do internet service providers comply with court orders which require they allow law enforcement agencies to monitor a customer's Internet use? The FBI has offered to install Carnivore for ISPs. ISPs should be free to choose to install an alternative system as long as they can comply with the letter of the court order. This was exactly why Earthlink refused to install Carnivore. They stated that they ALREADY had the necessary equipment to comply with a court order.
As long as it is functionally identical to what the FBI claims that carnivore does, I can't imagine that a court would care. Then again, this is the same court system that made it legal to post instructions on how to build an H-bomb, but illegal to post a song which celebrates a decryption algorithm.
Here's a way of ensuring that wiretap data submitted to a court are accurate and complete. The FBI has no reason to refuse to implement this proposal, unless it intends to change wiretap data or gather data outside the scope granted by a warrant.
Open source monitoring software is installed by the ISP on its own machines. The software is pretty simple - when a wiretap is in progress, this software logs all traffic to and from the user's IP address, encrypting the stream with a symmetric cipher before writing it to a log file. The encrypted stream is also forwarded to the FBI. The key is changed daily. Every day, the previous day's key and a hash of the previous day's traffic are sent to the court which granted the warrant.
In the event of legal proceedings, the ISP's log file is decrypted by the court and given to both the prosecution and the defence. The FBI can ensure that the ISP has been logging all the suspect's traffic because the monitoring software is open source. The public can ensure that the ISP has been logging only the suspect's traffic for the same reason. The suspect's lawyers and the FBI can both ensure that the evidence hasn't been tampered with, and more importantly, the court can determine which party tampered with the evidence, because it has a hash of the original traffic log.
melting snowballs! (or so says Larry Wall!)
BR.
Well, going on a public forum and saying that you're a pedophile might make people think that you are. Odd that, isn't it?
But would you plan such illegal activities in plain text? I know I sure wouldn't. Drug smugglering and other illegal activities have been using encryption technology (on phones and other communication devices) for quite a few years now. All Carnivore really allows is access to unencrypted data. They're going to catch the dumb criminals and individuals that may have commited a crime but aren't under investigation...oh and the dirty sex letters I write to my wife. So encrypt everything you say? Then what good is Carnivore I ask? PGP can't be easily decrypted, they can sniff all my encrypted bytes they want all that will do in todays society is lend credence to me doing illegal activities. It must be illegal, he encrypted what he wrote. Isn't that really the same as putting a letter in an envelope (which can be steamed open and PGP can't be - in theory).
I agree, they should have some technology to do network level wiretaps, I don't think Carnivore is that technology. I don't appreciate feeling like big brother is watching over my shoulder. I have nothing to fear, I haven't done anything wrong, but the feeling of being watched makes us all fearful. Carnivore is a trawler, dragnetting the internet for criminal information, it needs to be a scalpel, capable of ONLY picking up the information it's supposed to.
Amen to you.
I do wonder if the GPS feature of our future cell phones will be controlable by the user. I mean, will there be an off/on switch on the bloody thing? If yes, then go for it, I do like the idea of having a GPS to find my way, or when calling for rescue. If I can't control it, then I don't want it and I hope the market will not accept it either. Let's hope this feature is not required "by law" somehow...
Thinking about it, I believe the GPS feature turned on by obligation will not catch on, if only because so many just don't want their affairs to ever be known by their wife or husband. There was some big scandal in france about people being photographed while speeding with their car. The photo is then sent to their house where their conjoint then discover who was on the passenger seat :D
Oversight is!!!
Any network sniffing tool is going to be very configurable. A few changes to the filter config and you go from watching only specific communication to watching all communication.
The oversight of the organizations acting on their net-tap warrants is what is important.
True, but this "outrage" is all from groups which are dedicated to freedom at the cost of security anyway
.sig, quote from Benjamin Franklin.
Then they are in good company. See the
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
I would be willing to bet that the FBI was suppriesed by the outrage from Carnivore. They already did this sort of thing to all the phones in the US and nobody peeped. I feel that the only reason we are hearing about it is that they made a couple of mistakes that they did not make with CALEA.
So there you have it. It wasn't a small step towards a police state, It was a stumble on the rocks in their general stroll to it. They won't make the same mistake again.
----
crulx
crulx@iaxs.net
---
I have a user id of 3223.
Everything I say should be modded up to a +5.
A witch hunt is very different from tracking down (or hunting) pedophiles. Witch hunts ended in death, and alot of innocent people dieing. A pedophile tries to kill the soul(s) of innocent children. I speak from knowledge - children DO NOT "want" their sexually awakened.
That aside - This whole trail of replies seems to be stirred up more by an attention seeking (in need of a reality check) person than about the technology or issues in the original article.
My opinion is the government is never going to catch all the bad guys... but being the government I don't blame them for trying to invent new ways to help themselves (they need the help). I don't happen to agree that Carnivore is ethical on a long term basis (specially in the hands of government).
Altivore is a neat concept, but it delivers a weak version of that functionality it does deliver (no packet reassembly, several ways that it could catch the wrong data), is poorly documented (Except for details of what it does wrong, in an attempt to argue that carnivore probably does the same thing) and I'm not entirely certain that that functionality it -does- claim to deliver works correctly. ;)
I have been unable to do the headers-only-wiretapping sort of functionality, though I've gotten it to do the log-all-e-mail-coming-from-this-ip functionality.
OTOH, the source code is simple and pretty readable, and it's a really neat idea, so, basically, I encourage everyone who has a home net to download it, poke at it, play with it, patch it, improve it, and sneakily spy on all your own e-mails from your bedroom box to your living room box.
Fun toy, anyway, but it doesn't -really- compete with Carnivore - yet. It's more a proof-of-concept.
(It was, btw, posted to securityfocus several weeks back.)
--Parity
--Parity
'Card carrying' member of the EFF.
This'll get modded down as redundant, but the exact quote is my .sig.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
I don't know much on RIP, but as for *nivore, the access to the data is not unlimited. The collection is only enabled on a certain person for a certain period of time. For instance, if a review of the surveillee's phone records (legal with appropriate court orders) shows that they call "Joe's ISP" a whole lot, the *nivore system could be brought to "Joe"'s server room and enabled with a filter for "possiblebadguy@joesisp.com". Again, this would only be for a specific time period, after which it would be removed, unless the court order is extended.
Yes, the possible misuse of Carnivore is scary. However, with the appropriate review (not necessarily full-disclosure), it can be a great help.
Oh right, can you use that one in a court of law? Silly old me, thinking that when someone says he's a pedophile he is. Of couse, it's just "trolling". Yes I confessed to 10 murders yesterday, but the police let me off because I was trolling.
Obviously I know what trolling is. I don't think you do. It's meant to be funny or intelligent, not just sick.
No. It is not acceptable to kill all men in trenchcoats on sight. The ramifications of that are clearly over the border of common sense.
However, if the FBI/whomever knew that a bomb was expected to be placed in location X, by two men that look like (insert description here>), at a certain time, they could stake out the place, attempt to apprehend the men (if appropriate warrants had been issued), and, if after all that, the men pulled out shotguns, the police would be justified in shooting them.
(sarcasm)If all people were dead, there would be no crimes at all. Isn't that the perfect solution?(/sarcasm) And, you'd be surprised how many criminals DO use the net to plan their crimes...
You seem to have missed some key points in the community's general apprehension about the whole Carnivore mess:
Karma: Excellent, but still won't get you laid.
"They have to keep using Carnivore because they paid for it."
They may very well try to use this argument, but it carries no weight. It's the fallacy of "sunk costs"--whether or not they use Carnivore they've already paid for it. Continuing to use an inferior product doesn't regain that value--might as well ditch it and use something better. Especially so if the "something better" has no associated cost.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
If people would just encrypt their mail none of this would even be an issue. I mean come on people... all it does is search through messages as they go through the mail server and pull out the ones that are addressed to/from the persons being investigated. If those persons were SMART they'd encrypt the communication and all that could be gathered was a record of transmissions and nothing else.
if the damn universities had done their job and audited Carnivore in the first place.
-- the most controversial site on the Web
No-one thinks you're funny. Please just fuck off.
Bit slow mate, It's been passed now and is an Act
So as soon as they install the hardware the gov't will be able to read _anyones_ email....
which is why i got Freedom
Slight/Tolan
Please state you're real name and location, and I'm sure that there will be a lot of people happy to form a lynch mob and kill you.
The TLA's have other ways to determine what they feel people are up to. Just because you use GPG does not mean you are a criminal. (I use it quite often, in fact.) HOWEVER, if you e-mail back and forth often to persons known to participate in illegal acts, those people are currently known to be planning a criminal act (info acquired from HUMINT - Human Intelligence (real spy stuff) - sources), then they might consider going through the motions of obtaining a legal order to tap your e-mail.
As Post #27 said, its just a new way to do an old thing...
OK, suppose they do it. Now it's a black box that the FBI guy says is running the open-source version of Carnivore. Great.
Old version: "Trust us, the closed-source version only captures SMTP headers and throws out ones with the wrong From: line"
Open-sourced version: "Trust us, the CARNIVOR.EXE on this box was compiled from the open source version that you geek types wrote."
Hands up, anyone who's sleeping better at night.
Open source has nothing to do with this debate. It all comes down to trust. Do we trust the FBI or not? Regrettably, FBI's track record over the past 50 years has been pretty consistent in demonstrating that they're not worthy of our trust.
In 5 years, I'll no longer dare to make statements like this. Somehow, my political views will evolve to a more mature position, whereby I recognize that FBI has a legal and moral duty to defend me against terrorists, pedophiles, computer programmers, and drug dealers.
I wonder if FBI will have a brain-scanning version of Carnivore in 20 years that'll determine whether my political views really changed over that time, or if I was just duckspeaking in order to stay out of Room 101?
Unless you were a crypto expert I wouldn't try writing any encryption protocols yourself. It's been proven time and time again that what you think is secure can usually be easily reversed. Use proven encryption technology otherwise the only people you are hiding your message from is me and the rest of the idiots that haven't and never will design a good crypto implementation.
carnivore, the program that won't go away.
abcdefghijklmnopqrstuvwxyz
Yo Yo Yo! You got me all wrong. I'm all about inclusiveness. To prove this, I've posted a picture of my ASS on the internet!
Sincerely,
Bob Jones III
P.S. God Bless You!
I'm not so sure that wiretaps are 100% "owned" by the phone companies (whom, I must say, I trust less than the government). I'm pretty sure that although they might be physically placed by the phone companies, they are monitored directly by the FBI. Additionally, there aren't a lot of ways to tap a phone...
Everyone is very concerned about their rights. So they should be. But let me ask this.
How could the FBI perform their wiretaps in a legal manner, without enraging us all about our 'rights'?
How could carnivore-like stuff work without violating our rights? Or should it be wrong altogether?
I do recall someone likening it toa 'trunk-side wiretap'
So i guess this means just about anyone can spy on us, given the position/opportunity to do so. I hardly think this can be a good thing...
Uhhhh.... "Open Source" does not mean "open everything." The companies that produce defense hardware benefit from one of the major selling points of Open Source, in a way. The "many eyes" theory for source code also applies to things like ISO 9001 certification of business practices, etc. Even for non-ISO 9001 companies, anyone working on government contracts is "open source" in the sense that their management, accounting, and manufacturing processes are open to regulatory scrutiny. Even companies not working on government contracts are open to SEC scrutiny, and therefore scrutiny by the public investor as well.
This does not mean that all information traveling through corporate and/or government channels must be freely available. There are perfectly defensible reasons for keeping secrets. Why do you think Open Source advocates are usually also strong cryptography advocates?
Besides, how do you justify encrypting the "1337 DDoS w4r3z" and goat pr0n you have on your ostensibly "Open" system?
Bingo Foo
---
taken! (by Davidleeroth) Thanks Bingo Foo!
From a "Kill Carnivore" POV this was an excellent move. As noted in the summary, the FBI now has to explain why Carnivore is to be preferred over the open version with the same functionality.
But from a "Promote Open Source/Free Software" POV it's unfortunate because the explanation the FBI is likely to use is "open source can't be trusted". We already know that's false (whether diametrically opposed or orthogonal is a matter of debate), but how imagine Bill Gates quoting Louis Freeh or Janet Reno as saying that "our secrets have to be protected by secret software" or "open source == child molesting terrorists".
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Too bad you guys bash the United States every chance you get, strutting around about how great your respective country is with respect to us low brow Americans.
What you fail to realize is that we still have *some* freedom left. While the rest of you are just playing puppet roles for your respective "governments."
I personally feel that although the US is not perfect, we have managed to maintain some sense of an individuals independence (even if is is severely limited)
What we need is a global revolution to overthrow all governments so that we can sit down and found a "right and proper" method of ensuring freedoms for all men (and women) and still make sure that the criminal elements and sick bastards get their just desserts.
Perhaps we need to switch to a true democracy, with no representative middlemen. We have the technology now to ensure every single fucker can vote on an issue. Then we'll really know what the majority rule is.
.
h3ll are you thinking? Bush? The guy that said, "There ought to be limits on freedom."? The guy that made pollution control an option? Get a clue. Bush is all about who fills his pockets with green.
how about...
"Dastardly Japs Attack Colonially Occupied U.S. Non-State... Congress Declares War after Sneak Attack on US Imperial Holding... FDR: 'We Conquered the Hawaiians First'
I'd rather the government intercepted and stopped wackos before, rather than after the fact.
To do this you need an intrusive government. They need to be able to see what you are doing, thinking, writing, viewing, etc. in order to determine if you are a "wacko". If you pass some bureaucrat's notion of non-wackoness then you have nothing to worry about. However, if you are a wacko, by someone else's standards, you open yourself up to government surveillance. If, for instance, you own a gun and had been arrested for smoking pot back in college, you may be classified as an armed drug dealer, which poses a significant threat to society.
The fact is that everyone would be forced to live to some bland definition of normal. If you irritate one group than you may be considered a wacko and have your activities curtailed by the all-knowing government. Consider if your activities were subject to the same rules that the FCC dictates to television.
I would rather live in a world where I could do what I want without worrying that someone is watching. I would rather deal with the reality that a car-bomb may blow up at my kid's school than live under the ever watchful eye of big brother. Because as you pointed out, government is made out of people and they are not immune to the trappings of power. The checks and balances you mention should be swift justice for those who break the law not the subjugation of the citizenry to constant surveillance.
Remember, You are unique...just like everyone else.
What did we ever do to you?
I think the whole point is not what paedophiles do to me personally, but to children. Children are innocent to a certain extent, and that is one of the greatest assets a child has. Sick bastards who take that away deserve everything they get, and more.
Ok then, I'll find some good encryption modules from some security expert for my anti-FBI communication program. :)
When did it become necessary for American government to legislate responsibility for the actions of the populace? I'm relatively young, a twenty-something, and even I remember a time when people took at least some responsibility for their own actions. The people didn't need a watchdog over them, nor did government care to create one.
I must be reading your comments wrong, because from what I'm reading you're saying there's no purpose to law enforcement. Here's two questions for you: do you believe corporations should have a watchdog to look over them? How about a watchdog for government?
The populace at large falls prey to the same moral and ethical failings as both corporations and government (probably because they're all made of the same ingredient: people). Just like every branch of the federal government has checks and balances to keep them in line, all aspects of society need to have at least some kind of restraint put on them.
As a resident of Norman, OK, about 15 minutes away from the remains of the Murrah federal building, I'd rather the government intercepted and stopped wackos before, rather than after the fact.
As for governmental agendas, in my experience the agendas of private citizens and corporations tend to be just as petty and just as dangerous.
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
Sorry. The government, as our representative, has a role in monitoring criminal communications. Some random hacker who threw together a program does not.
I look forward to anybody caught using a tool like this without legal authority being flung into the slammer.
People do not fear Carnivore itself. They fear the fact they do not know what really carivore does. The internet is all about information. The feds want to make sure that some infomation is keep secret or is not a secret depending on who it is from. As long as we have do not know exactly what carivore does it will continued to be feared.
While I agree with most of your sentiments, my real dislike of the Carnivore (or RIP in the UK) situation is this:
Citizens don't mind that their government agents are able to obtain wiretap warrants on specific people, because the warrants have to come from a particularly high authority and there must be a valid reason for obtaining each and every individual wiretap. The privellege of being able to legally listen in on someone's conversations is balanced against the level of evidence required to be submitted in advance, and also the accountability for your actions if you wiretap for malicious reasons rather than investigating crime.
However, with these new systems, the government agents now have full unguarded access to most but not all of the country's email. There is full anonymity for the agents involved, and there is no accountability. They do not need to give any reasoning to obtain the authority to spy on people, because they've installed near-blanket surveillance on their nation.
Onto the topic of an open-source versus secret carnivore, I'd like to see that there really was a system of authority in operation, ie only the named person's email is captured. As for criminals reading the code to get out of the surveillance, firstly the FBI would be using this to _monitor_ someone, and if it all goes quiet they would investigate why, and if it's via manipulations to get out of the monitored stream, they could trace through that with the ISP and close any hole. Secondly, simply not using email or using an ISP without Carnivore will get you out of trouble, as will end-to-end encrypted IPv6 streams when they hit mainstream, much more effective than reading thorough source code.
Carnivore is the stuff of Orwellian futures, and I just want to see some declaration of accountability to the public here, not demonizing of Internet users as drug dealing terrorist paedophiles.
Does my bum look big in this?
Terrorist, cocain, pot, doobie, bomb, secret plans, assassinate, DeCSS, libral, Natalie Portman.
Now if EVERYBODY had a sig like that i believe we could render Carnivore and programs like it quite useless.
I am Jack's complete lack of surprise. -Fight Club
You forgot (c) it's bloody difficult for FBI to tap everyone's phone 24/7 and to turn all the conversations into easily-searchable transcripts.
Swap out the 120M removable media from the Carnivore box and replace it with a 100G hard drive next year, and you've got a reasonable shot at being able to record all email at that ISP and dump it into a big-ass database.
Anyone who thinks that the FBI will scan every packet going through routers in the US is living in a paranoid fantasy world.
Anyone who thinks that FBI does not want to dump every packet going through routers in the US is living in a Polyanna fantasy world.
It really escapes me what part of this experience would have given the Aussies such a high respect for their government -- and the crown, as evidenced by their rejection of the referrendum on becoming a Republic last November. Maybe there is something about the inferiority of the criminal mind...
And in my opinion, installing equipment with which it is entirely possible to monitor anyone's traffic, with no warrant and no reason, is not just over the border of common sense but over the border of human rights.
And, you'd be surprised how many criminals DO use the net to plan their crimes...
I doubt it. Nevertheless, if we can't stop them without an enormous and fundamental breach of everyone else's rights, then we can't and shouldn't stop them. Like, we could stop criminals that plan crimes by conversing in the middle of public parks, by bugging all the public parks. Should we?
errr....
..
perhaps ?
.
I do know people who were terrorized, so it's more common than you think. He was a high ranking engineer who thought unionizing would be bad for his employee owned company. He recieved a long string of threatening "prank" phone calls that were routed through institutions and untraceble. The pranks included survailence and were unseteling. Example: his son left to go play with his friends. Five minutes later he got a phone call where a teenage boy screamed "Help me! They've got me and they've pulled my pants down." Ha ha, not. They could just as well have done it. Phone taps, Carnivore, nothing would have stoped it short of FBI teams escorting each member of his family like Bill Clinton.
Protection for the home: 357. Gun control = good aim.
Friends don't help friends install M$ junk.
In a presentation today from the British government a new spying network was unveiled to a select group of ISPs and industry representatives. A spokeswoman from MI5 announced,
'Although we suffer greatly from underfunding in comparison to our counter-parts in other governments, we are very proud of what we have managed to achieve with our new email scanning network codenamed Herbivore', she said. 'The QBasic software runs on DOS 5, and is powered by our latest 286 hardware. We felt that scanning the whole of the UKs email traffic would require the best we could afford here in the UK, so we really went to town. TCP communication is handled by a 33.6k modem as our initial tests with a 14.4k found increasing eCommerce activity to be too much for such a slow connection.'
Details of the actual specification are classified. The reaction from the British public is not yet known, but analysts have been predicting the typical level of apathy.
http://twitter.com/onion2k
You're going to have to be more subtle than that. In your effort to persuade people against Carnivore, you're creating an analogy where the FBI checking out your email is like having the government go around killing people because of their clothes. Bzzzzt. It's called a sense of proportion, look into it. Now, I wouldn't have modded you down or anything for it, but it looks like you really suckered some of the other ones into grading you up.
Also, I'm not sure why everyone thinks that pedophiles and terrorists are some masterminds who won't be caught by this. It seems like every week there's a news item about some pedophile who brought his computer in to be fixed and got nabbed when they found all the kiddie porn on his hard drive. I'm a little surprised that nobody ever complains about that here, 'cause it seems as nosy as carnivore to me, since it means that everyone's hard drives are scanned, not just people under suspicion.
Cheers,
YM 'one kilocriminal'
So if Usama Bin Laden crosses the border at Niagara Falls, NY (lax border, for the most part), the FBI/CIA/whomever CANNOT place a wiretap on his hotel phone without a legal warrant to do so.
Good! That's how it's supposed to be. Just because someone accusation was repeated on CNN doesn't make it true. A judge must issue a warrant before things like that are done to prevent abuses. Sure, more criminals would be caught, but at what price? Living safely under the thumb of an oppressive government is worse than living in unsafe freedom.
I still think that a review of Carnivore is a good idea, but if looking at it's algorithms yielded information as to how to thwart it's capabilities, should that kind of information be out in the public?
Crypto? Stego? That's a non issue. People with something to hide WILL hide it, Carnivore is about snooping on peaceable people. A highly organized terrorist group will have access to public key crypto or one time pads. Less importantly, if the program is open sourced, more eyes will be looking at the algorithms, any weaknesses/workarounds can be easily fixed.
Would you be happy if, in the aforementioned scenario where your loved one is in danger, the criminals knew how to thwart the system, rendering the FBI's protection of your family useless?
I think you've jusr brought up a red herreng. Sure, I don't want anything bad to happen to my grandma, but I don't want people's rights trampled because at some point some unknown threat might be dangerous to her. If such a system were to be put into place, would we be able to sue the FBI if they fail to prevent a crime that they should have known about? Of course not! Law enforcement officers have no obligation to protect any one of us.
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
American answer: I should not have to worry, you you are not supposed to trust your government. That's why we have elections.
Friends don't help friends install M$ junk.
Unfortunately, there are many people whose lives were destroyed during the 50's and 60's when the cold war was raging who might disagree with you. People get railroaded (it's still happening-just ask Wen Ho Lee). It's been happening since the beginning of civilization. It's probably far better in the US today than in the past, and compared to other nations throughout history. But where there is power of surveillance, there will be abuse. The framers of the constitution believed that it is better that "ten guilty men go free than one innocent man put in jail". That is the economy of freedom. The FBI (or any other law enforcement agency) is almost always completely unapologetic when it is confronted with the fact that it put away an innocent man. That is their economy -- better ten innocent men go to jail than a guilty man go free.
-------------
-------------
The truth is out th- oh, wait, here it is...
invoked with the mandate of tracking devices for mobile phones. In
that case the federal legislation imposes technical capabilities the
mobile phone operators must meet, but how they meet the criteria is
up to them. That I understood is a direct analogue of the wiretap
legislation.
I think the Cringely suggestion is a bit tongue-in-cheek, but it
seems perfectly plausible that there is some switching or spoofing
capability built into these boxes. If so, the capabilities should be
discussed openly. If not, as Cringely put it, why the box?
What disturbs me about Carnivore is that it's too easy for the FBI to use. A wire tap takes plenty of effort, money, and personel to set up and maintain. So the FBI must be serious before they set one up. With Carnivore in 5 minutes the FBI could track everything you do on the web indefinitely. Would they have to produce a good reason to "tap" your email?
The problem with carnivore is that the FBI says yes we have this new way to read your mail and you won't be able to tell we are doing it, but we are only going to use it on the bad guys, trust us, really. I for one don't trust them or anyone. If you give someone the ability to does something then they probaly will. If they get a little curious then all of a sudden human nature takes over and the just peek a little. Or they have this thing sitting at the ISP and here is this guy they know is a bad guy so whats the harm in a little peek in his mail no one will know. The FBI probably would not set out with the idea of watch every packet, but its real easy once you are there to bend the rules a little just this once. And from there its easy to just keeo on bending those rules until eventually you are just breaking them. And the whole time you are doing this you know that all you are doing is protecting the good people and hurting the bad people. After all if you aren't a bad person you don't have anything to worry about if they read your mail. Once you let go of your rights it is incredibly dificult to get them back.
From the We-Are-The-FBI-And-We-Can-Make-A-Device-Better-Tha n-You-Can Department:
I just hope that the ISPs see that since these type of devices can be designed/managed in-house, they keep these Carnivorous bastards out of the last form of semi-private communiction on the planet. Uncle Sam doesn't need to read my email to my grandma. Don't think for a minute that these devices will only be used under 'court order'. For god's sake people...THIS IS THE US GOVERNMENT!!!
The only safe document is a tripple-encrypted document.
You are obviously a very disturbed individual then, have you thought about seeking therapy?
I meant stand.org.uk :P
FCC Makes Wiretapping Easier for Cops
FBI wants to wiretap phones without court order
ACLU & EPIC Challenge Wiretapping
There was a story last year about hundreds of convinctions in LA that need to be reviewed because defendants were never told that evidence came from illegal wiretaps. The latimes.com article has expired, but here's an archive from the IP list.
Not to mention the historic abuses of the FBI against people like Martin Luther King, Jr. King didn't do anything illegal, but the wiretaps did catch him having an affair. An anonymous FBI agent urged King to commit suicide to avoid exposure.
You can't say "it can't happen here". It *did* happen here. Just don't let it happen again.
-- Don't Tase me, bro!
Encrypting the body of your email message is not sufficient. Traffic analysis (knowing which parties are exchanging mail) can be almost as valuable as extracting message bodies, and is most likely the real purpose of Carnivore.
In order to perform the stated purpose of Carnivore, the software must check the SMTP sender and recipient of every single email crossing your network. Are we honestly going to believe that after logging all of this valuable information, the FBI is simply going to throw it away?
There's precedent to claim that no search warrant is needed to extract the 'envelope information' from every single message.
I do not deploy Linux. Ever.
The reason people were so pissed about the FBI's Carnivore is because we have no way of knowing what it really does.
Most people can appreciate the need for Big Brother to watch some of us some of the time, but the FBI's original plan gave no assurances that we weren't all being watched all the time, or even that that's the system's main function.
What I was really uncomfortable with was the FBI's demand that the Carnivore box be placed at every ISP, and that it's remotely operated. Setting aside the security issues, it would make it a bit too easy for the Government to pull the plug on significant chunks of the Net. At least with an open-source version, we know what the system's capabilities are.
Browser? I barely know her!
the above post was mine, and wasn't supposed to be AC - TACO, it's all your fault :) Someone mod it up at least one, though, I think it's really important.
While the FBI refuses to comment on specific products, spokeswoman Chris Watney confirmed that the information is all the bureau is interested in. How they get it, as long as it's legal and complete, doesn't matter, she said
um - is it just me, or does the above suggest the following methods for information retreival that would be acceptable to the FBI: (of course "legal" is thrown in - but we all know that *everything* the FBI does is legal)
- Carnivore
- Altivore
- Baseball bat to knees
- Gun to head
- Coersion (sp?)
- Audio Bugs
- Any other subversive method of obtaining info.
It seems that this gives some insight into the mentality of the f - b - i...
They own the information - you just merely happen to be the one creating it. Therefore the method in which they use to obtain the information they are after doesnt matter - as long as they get it.
See how much safer it is without guns? Pretty soon the government can watch after you 24x7 in case you do something bad. Its funny how england needs cameras on every street corner and highway to look for criminals. I guess its better that you can only get robbed blind and beaten instead of being shot.
Only the State obtains its revenue by coercion. - Murray Rothbard
So much for the vaunted "open source is more secure" mantra...
No, just an end to security through obscurity.
Does my bum look big in this?
-DS
"// this is the most hacked, evil, bastardized thing I've ever seen. kjb"
thank you.
I was not in 100% agreement with the parent posting - but I didnt see any hate aside from that of hating the current state of affairs this nation/world is in.
remember folks - there is more to life than linux!
No, that's what you said, not what the original writer said. I think it was clear that the comment meant that availability of the source makes it possible to know what information the system gathers, or more generally, what exactly it is that the thing does. Note that with Carnivore we don't know such things. And I see nothing whatsoever wrong with "planning a defence" against a perceived threat to privacy.
In short, the original comment has absolutely nothing to do with the impact of the open source model on the quality of software security systems.
If the FBI gets a wiretap against me, they can only listen to phone calls that I make. How do they know that all the email that is sent from my house is from ME, and not from my friend, or whatnot. There is where I see the problem. Should the FBI get more access to your life because you chose to use email over using the phone?
The greatest trick the devil ever pulled was convincing the world that he doesn't exist.
How about the fact that opensourcing the damn thing will keep Ubernerd-terrorist-paedophile-government officials busy trying to figure out a new spoof to keep from getting caught or monitored... Idle hands and minds would be worse, neh? just think what kind of skill it takes to stay ahead of this sort of thing... you'ld spend so much time sitting in front of a screen and smacking keys that you would rapidly gain enough weight to qualify as a bedsore ridden 500lb shut-in. This would greatly reduce your efficacy as a Ubernerd-terrorist-paedophile-government official. Either that or you've just got way to much time on your hands ( the terrorist cell communication thing is quite funny considering the layer of penetration of ISP's in the middle east ). I'm curious about the trailing and snooping of contents from randomly public internet facilities (ie US libraries and cyber cafe's) posting to free email (ala hotmail) - ya my home machine may be sniffed by my provider - but what about "public" places? imagine trying to sift through THAT traffic? and without any idea as to what the email addresses are ahead of time, let alone what the point of origin OR the ultimate destination are? what a pain.
Either you trust the FBI or you don't, but stop being hypocritical in what you complain about.
It takes time and effort to tap a phone line. It takes time and effort to bug a house. It takes a court order for them as well. Without knowing what makes Carnivore tick we have no guarantee that it's ONLY doing what the FBI says it's doing.
And NO, I don't trust the FBI. FBI agents have destroyed or "lost" evidence, FBI agents have shot unarmed women, anf FBI agents have helped to cover the misdeeds of others. I have no good reason to trust any of them.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
And, you'd be surprised how many criminals DO use the net to plan their crimes... ---> Frankly, I doubt it. You seem to have the somewhat common idea, fostered by movies and books, that crime and criminals actually engage in planning and so on. This is not the case. 99.99+% of "crime" is committed by guys who are just looking for the next bag of heroin or for a quick $50 to purchase a few cases of beer and smokes. And most of the planning involved consists of, "Hey Charlie, there's a sign that says GAS. Pull over and load the shotguns." Contrary to the impression conveyed in fiction, most criminals are truly not particularly bright (else they would not be criminals) and accordingly, their "planning" is pretty much spur-of-the-moment and non-existent. Therefore, if the average crook is incapable of planning a heist over a beer in a tavern with his "gang", why would he suddenly become a "mastermind" if he has an internet account? Most criminals wouldn't even have a computer unless they just ripped it off, and then only for the length of time it would take them to fence it. Let alone any idea of how to use the thing, for any purpose at all other than raising that $50 from the fence.
If you're a zombie and you know it, bite your friend!
Imagine if we had the Navy barking out the armaments and capabilities of our nuclear subs and aircraft?
Isn't that the point of nuclear disuassion (sp?)? Telling everybody how bad you could get if they don't behave? Like sending undetectable bombers over Irak to show that you can bomb anybody?
Besides, I suspect that US "national" security means worldwide insecurity, but that's not the point.
__
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Sorry, I forgot to ask. WTF is a Slashbot?
Americans, unlike Aussies, were united by states, with states having *some* power over the fedral goverment. The Brits and Aussies were united by a queen who everyone loved and a parilment who did the real goverment work, becuase of this they are more likly to "go with the flow" the goverment. Since they "love the mother of the empire", through today Aussies want nothing to do with the queen but they still respect her.
It's a matter of the respecting the goverment. Americans were born not to trust the goverment, and rightfully so, where Aussies has a higher respect for thier goverment, and rightfully so. The aussie goverment doesn't have enough nukes to blow us to hell. They don't want to control other people. The Aussie goverment is not power hungy bastards like the American Goverment.
I'm a Aussie living in America who can't wait move to Perth.
MarNuke
Could some respectable universities please audit this thing very quickly, and publish the results. Just to show that they can be professional and co-operative, when allowed to see what they are reviewing...
In Murphy We Turst
While you do make some valid points you should also notice the difference between the 2 systems.
:)
With a telephone tap you can select a single line and track all calls through that one. If I don't call that specific line, I won't get monitored.
An e-mail tap works differently. It scans ALL e-mails on some keywords. If you just happen to have a few of those keywords in your e-mail it gets picked out and read by some guy/girl who really has got nothing to do with it.
How about company sensitive info which gets read because the project just happens to be called 'Project Strike One' and is send to the department in North Ireland.
This may look a bit far streched but I don't want anybody looking through my mail whenever I have a few words in it they think are suspicious. I will have to re-evaluate every word I type hoping it will not be detected by an (any)ivore system.
Having to watch every move because of all the systems which are supposed to give you a safe feeling is exactly what a certain Orson Wells described in his famous book '1984' (yes, there it finally pops up
Sander Baaij
"Oooh, what does this button do?" - DeeDee
I was just thinking (dangerous, I know) that perhaps this whole Carnivore debate is really just a smokescreen. After all, if you're suspected of being involved in a federal crime, how difficult is it to track your e-mail? I'm sure that if the FBI came in with a subpoena, they could easily set up an e-mail wiretap at the ISP level. They could try packet sniffing, set up a dummy DNS server to intercept their transmissions, all without infringing on the privacy of others. The fact that an open-source project can do the same does seem to indicate that they have something to hide.
What exactly is the rationale for Carnivore then? It's like wiretapping every phone in America then saying that they'll only turn it on with a court order... you'd never be able to trust them at their word. Why shouldn't the same protections that protect us from unauthorized wiretaps protect our e-mail?
The real purpose behind Carnivore is probably less about catching criminals, and more about government testing the waters. They can get by with an Echelon in other countries because the average American wouldn't care if we spied on France. But, what would be the reaction if Echelon were used for domestic surveillance? (Which only the FBI can legally do?) Carnivore probably isn't going to do much to fight crime, just lead to criminals forging their e-mails, getting multiple Hotmail accounts, and generally making it impossible to accurately trace.
Carnivore as a system is irrelevant. It's real purpose is to see how far the FBI can go in this area, one step more on the slippery slope towards a Big Brother police state. Perhaps the intentions of Carnivore are good, but we all know what the road to hell is paved with...
Want to see more of the DMCA? Vote Gore, the favorite of the MPAA!
I dunno about anyone else, but if I were going to plot something that would attract the FBI's attention, I certainly wouldn't use email. I'd use some sort of peer to peer communication, perhaps a home made encrypted protocol between the other person and my self.
Just my $0.02.
What makes Carnivore different is:
Email has always been insecure. If you're really concerned about the mail that leaves your workstation, learn to use PGP, and get all your friends to use PGP. Suddenly, you won't care nearly as much about who's reading your email because it's all encrypted.
Being a satanist myself I'm quite looking forward to going to hell. However many pedophiles I take with me along the way is neither here nor there.
"They have to keep using Carnivore because they paid for it."
They may very well try to use this argument, but it carries no weight. It's the fallacy of "sunk costs"--whether or not they use Carnivore they've already paid for it. Continuing to use an inferior product doesn't regain that value--might as well ditch it and use something better. Especially so if the "something better" has no associated cost. I beg to differ - it carries plenty of weight. Rather than having to hire specialists to pore over the OS Carnivore alternative and fix any holes or weaknesses that they find, they can, at no cost, simply use the version that they paid for.
I also don't understand how an alternative that is different in only one respect (open sourced) and supposedly has the exact same functionality is superior to the closed source version. To me, a well-designed program is a well-designed program, whether it was designed in total secrecy or GPLed.
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
Whether it makes sense or not, the bottom line is, if they did pay for it, that's what they are going to stick with. And, having been a contractor for the government, I can tell you they rarely buy anything without including a support contract. I don't know if they could do that with something like this, but if they could, it would be easier and cheaper because they would not have to keep as many people on staff to troubleshoot and/or further develop Carnivore. Most government agencies can't afford to pay people like that anyway, although I don't claim to know anything about the FBI.
You can argue either way, but I will say this- they are not going to ditch Carnivore for an open source version. (Who knows, maybe Carnivore is based on the open source version.)
Spooon!
-N
As usuall, the mainstream press like CNN wouldn't think of linking directly to the source code. The source is at http://www.networkice.com/altivore/al tivore.c . Discussion of this is at http://www.networkice.com/altivore.
Bomb, secret plans, terrorist, coccain, Dubbie, president, Natalie Portman!
I am Jack's complete lack of surprise. -Fight Club
Why, is this the nearest you've come to human communication recently? Is your life fulfilled now that you've goaded someone into talking to you.
Here's a suggestion, go down to the mall and try it there in real life. See how far you get.
Count me in. The sick fuckers deserve it....
My main concern is the underlying premise of the FBI's actions, whether it uses Carnivore or Altivore. They are willing to abuse the privacy of the people for the safety of the people, in the name of prevention.
Of course the FBI is saying that they'll use the system for monitoring of current investigations, but they have also stated that they would use it for crime prevention. I repeat, prevention. They are willing to sacrifice our privacy in the name of "preventing" future crimes which have yet to happen.
Does anyone see the problem here? The FBI is presenting us a black, cloudy future filled with terrorists and super-criminals using emails for evil purposes, and we, as responsible citizens, should forgo our privacy to help prevent this sordid future scenario the FBI is presenting us.
It's much like an insurance salesman selling disability insurance. He's going to scare the hell out of you about a future possible disability in order to get your money. Even though, statistically, disabililty insurance taken as a whole over the entire population, is rarely needed.
I, for one, am willing to forgo the FBI's Carnivore insurance policy. I'm not willing to pay the premiums.
EMUSE.NET
"We're sorry, but the website you're trying to reach has been disconnected."
Why does the FBI hate open source? Two words: National Security. Imagine if we had the Navy barking out the armaments and capabilities of our nuclear subs and aircraft? The terrorist countries would only be too eager to up the ante. There are certain places where open source just doesn't belong. Carnivore may be a good place for it (since the FBI considers us the enemy), but let's hope that Raytheon, Boeing, and Lockheed Martin don't start doing it.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Absolutely, without question. Up to the point where you commit a crime. Once you've commited a crime, and the authorities have evidence of a crime, you should be prosecuted.
Currently, planning a crime and discusing the details with others is a crime. Specifically, it's conspiracy to commit a crime, and you can be prosecuted for conspiracy.
"If the FBI got wind that a crime ring was planning to kidnap, rape, and exploit YOUR wife/son/daughter/sister/brother/etc. by planning the dispicable act entirely through e-mail, would you not want to have some means to protect your loved ones?"
I would wonder how the FBI 'got wind' that something was happening. I would hope that they had done so legally. I would expect them to prosecute everyone involved for conspiracy to commit whatever crime, which is why it would be important to me that they had used legal means to find out about the conspiracy in the first place.
It's worth noticing here that the FBI doesn't have any obligation to protect us, and the police don't either. Instead, they have an obligation to catch criminals after a crime has been commited.
As for having the means to protect myself and my loved ones, I would like to be able to go get a gun or whatever I might feel I need, without waiting for X days, at a moments notice. I certainly wouldn't expect the FBI to protect me, because that isn't their job.
Placing a wiretap or a Carnivore device might help the FBI gain information, but it certainly wouldn't help protect me or my loved ones.
What would be more likely to happen is that the FBI would choose to place my loved ones in danger by failing to pursue a conviction for conspiracy in the hopes that they might wait and catch you in the act of commiting a more serious crime.
In the meantime, if I also happened to find out that you were planning something, I would quite likely be unable to go get a gun without waiting for government approval. I might also be required by the FBI to remain in the danger zone, taking no actinos that might let you know that the FBI had some clue what you were up to. It is quite likely I would be unable to pack everything up and leave.
"The FBI would still need to obtain the appropriate warrants to place the tap device on the criminal's ISP (BTW - these orders are time sensitive - the [whatever]ivore device can only be on the system for a specific period of time), and collect the information required to perform their mission."
More to the point, they would be required to do so if they wanted to be certain that any information they obtained would be admissable in a court of law.
If they decided that it was more important to have the information quickly than to be able to use that information in a court of law, they might ignore the requirement.
For example, they might ignore this requirement if they thought they could get away with the crime, and thought that they could build a 'strong enough' case without that specific information.
Or perhaps you'd like me to believe that the FBI never commits a crime.
"OTOH, if the criminals were solely using the telephone to plot, would you have a different view or expectation as to their capture?"
No. All of my answers would be exactly the same. Perfect consistancy. The technology doesn't matter.
"I'm not saying that the FBI (or any governmental agency, for that matter) should have unrestricted access to our personal lives - that is CLEARLY a breach of the law. "
Clear to us, now. What of the things the government is currently doing which people fifty years ago believed were CLEARLY a breach of the law. If the government starts doing this now, I predict that this clear line will move.
"I still think that a review of Carnivore is a good idea, but if looking at it's algorithms yielded information as to how to thwart it's capabilities, should that kind of information be out in the public?"
Absolutely. Otherwise the system is flawed and only certain people, such as former FBI agents and friends, have that information and the public doesn't. This gets back to security through obscurity. Frankly, I'd rather have a system with known flaws than a system with flaws known only to people who had worked with the FBI. In the first case the system might get fixed. In the second case, someone might abuse the system when they wanted some information that they couldn't justify getting a court order for.
"Would you be happy if, in the aforementioned scenario where your loved one is in danger, the criminals knew how to thwart the system, rendering the FBI's protection of your family useless?"
Again, the FBI doesn't protect us. My family wouldn't be any worse off than if the system didn't exist at all.
That question depends on the assumption that the only way for you to know about a problem is if it is publicly disclosed. This assumption is false. It is also possible that you might know how to thwart the system in some way which isn't publicly known. In such a case, a public review might have revealed the flaw and allowed time to fix it, where a hidden system let it linger.
"Just some thoughts... I'm not fully a proponent of government, but I think that there are some things best left out of the public eye."
If you can provide an example, I'd be glad to hear it. The only one I can think of is information about military tactics (note that I don't include military strategy). Can you think of another?
Go ahead. Surprise me. Give me an exact number. Give me a ball park number. Tell me where you got the number. Support your claim.
I think you'd be surprised how many criminals DON't use the net to plan their crimes...
I know I'm feeding the trolls, but here goes. In very simple words: People are concerned that the FBI might make the carnivore system do things it is not supposed to do. With an open source system, everybody will be able to look and see exactly what the the system is doing (in real time, because the admins that install the system will be able to look at it), and make usre that it is only doing what it is supposed to, no more, no less. This does not make the system less secure, it makes it doing what it's supposed to in a verifiable way. Theoretically this makes everyone happy. The FBI gets to look at e-mail of suspects as long as it has the proper warrants, everyone else gets to know that the FBI is ONLY looking at the e-mail of the people it has aquired warrants for. No one (other than a few trolls or zealots) has suggested that the FBI has no right to view e-mail in course of a criminal investigation with the proper warrants, people are simply pointing out the twin facts that:
a) The FBI COULD use this black box system to do more than it is supposed to (This is ithe nature of black boxes), and
b) The FBI has demostrated that it is not always a trustworthy entity when it comes to personal privacy.
See, no bad hackers want to make the world safe for pedophiles or terroists, people just want the checks and balances in place to ensure that no one is violating the fourth amendment gaurentee against unreasonable seaches.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
The difference between email and telephone communication is that emails can be scanned quite easily for key words or phrases. You can't "grep" the human voice easily or reliably. I believe that the mission of government is to ensure the rights of it's citizens. National defense and the police exist in order to maintain an enviroment where we can bitch, argue and otherwise pursue our business without fear. Remember, criminals are the exception, not the rule. If the government restricts the rights of the people, it is no longer a government ruled "by the people, for the people". So before you decide to support practices which help "protect you" or "fight crime", skim over the history of the 20th century. You will find that many politicians, including members of the German Nazi Party and Communist party of the USSR offered similar hollow promises.
Conformity is the jailer of freedom and enemy of growth. -JFK
> groups which are dedicated to freedom at the cost of security
Just how much freedom are you willing to give up? And just how much security are we buying with it? Was the country really more secure when Hoover was trying to stop the Civil Rights movement?
> After all if a law was passed requiring people with red hair to register on a national database, of course it would be people with red hair who would complain.
Are you saying that you wouldn't protest if they rounded up the red heads?
First they came for the Jews
And I did not speak out -
Because I was not a Jew.
Then they came for the communists
And I did not speak out -
Because I was not a communist.
Then they came for the trade unionists
And I did not speak out -
Because I was not a trade unionist.
Then they came for me -
And there was no-one left
To speak out for me.
Pastor Niemöller, 1938
-- Don't Tase me, bro!
Shaun
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
There is a primary difference which you overlooked. The available methods of automatically scanning ascii text are vastly better than the available methods of automatically scanning human speech.
One part of the concern is that this means it is physically possible for the FBI to scan ALL internet communications, while it hasn't been possible for them to scan ALL human speech.
The concern is that they may try to implement a system which allows them to do exactly that. We haven't worried that they may try to implement a system which scans ALL human speech, because it's been believed that it isn't possible. We are worried that they may try to implement a system which scans ALL internet communication, because it is clearly possible.
"Anyone who thinks that the FBI will scan every packet going through routers in the US is living in a paranoid fantasy world."
Anyone who believes that the FBI would never violate a single law is living in a nieve fantasy world.
It doesn't matter if they actually reach the point of scanning all the traffic. One point is that if the ever scan any traffic they shouldn't have, that's a problem. That's a problem that also faces wiretapping, but with Carnivore, the concern is that it's gotten vastly easier for them to violate the law, and vastly harder for anyone to find out about it or prove it.
"Either you trust the FBI or you don't, but stop being hypocritical in what you complain about."
I don't trust them, but I don't think I'm hypocritical either. I think it should be possible for us to catch them when they do wrong. For me, Carnivore is a problem because it makes it more likely that they will be able to get away with something, and I believe that in turn makes it more likely that they will try.
I'm not implying anything.
I want to know Carnivore's capabilities so I have some assurance that my constitutional rights aren't being trampled.
Frankly, I don't trust the federal government, and I believe that our society needs to be vigilant as to what those in power are up to.
Sunlight is the best disinfectant.
BTW, you'll never hear me say that open-source is more secure, but that's another thread...
Browser? I barely know her!
Do you have no limits to how low you'll stoop to provoke a response then?
Most normal people are capable of having a conversion without having to pretend to be a pedophile. Try it sometimes, saying relevant interesting things.
Of course I know that I'm being trolled, but even so, the points of view that are being shown make me so sick that I can't leave them unquestioned. I'm assuming that you're school age. Why do you do it? Do people think you're cool for it? Have you got no real friends and are so desperate for communication with other people that you have to do this? Jesus, Katz should write his next essay on you.
A. The governent has the ability to catch all the paedophiles, terrorists and so on by means of black boxes which read all their email. Since the boxes are black, you have to take it on Government say-so that they operate legally and only under warrant. The government therefore has the capability to silently upgrade the box to spy at any time on the private communication of all its law-abiding citizens, and send the men in balaclavas round to fetch anyone that seems subversive. Meanwhile all terrorists and paedophiles with two brain cells to rub together are not using the internet to discuss their evil plans.
B. The black box is not in place, or an open solution is used instead, and a few people use the internet to plan crimes.
I would suggest that under the US constitution option B is the only viable one. Ditto the European Human Rights laws. And personally I would certainly prefer option B.
To put it a different way: If a relative of yours was blown up after two men in trench coats planted a bomb, and this could have been prevented had all policemen had orders to shoot on sight all people wearing trench coats, would this have been the right thing to do? Sometimes we have to choose the lesser of two evils.
Straight up and no messing, MP.
The best bit about the RIP act is the set of clauses where, when you refuse to hand over the keys you can be prosecuted. Worse, the burden of proof is on YOU to prove you never had the keys in the first place. (Allegedly logic tells us that you can never prove a negative, so this is impossible.)
Wanna stitch someone up. Easy life!
Elgon
And? trying to be funny again?
I read the story (they say that this software was released and is available) and then I went to NetworkICE's web site. There is no mention of Altivore there (even in the press releases section)and it's not available for download yet.
Sometimes there is outcry over phone tapping. It wasn't more than about 2 years ago that the FBI was trying to get Congress to legislate that the telephone companies had to install special equipment at the central office to allow 1% of all the nation's phonelines to be tapped at the same time. 1% is a huge amount of phone lines to be tapping at once being that in recent years the total number of court orders for wiretaps has been ~10^2 while the population of this country is ~10^8. So when the FBI went trying to expand their power by 4 orders of magnitude (1% of ~10^8 is about ~10^6) there was general outcry and the proposal was revised to something more appropriate.
A few years earlier there was similar trouble when the Clintor administration started talking about the Clipper Chip. This nifty little gadget was going to be put in phones and faxen and whatnot and allow us all to have all sorts of lovely encrypted communications. Only drawback was that the makers of devices using the Clipper Chip would have been required to turn your private key over to Uncle Sam for safe keeping. People were generally upset by this and Phil Zimmerman did something about it. He created PGP which made even better security than the Clipper Chip was to have offered avaliable to everyone, for free, and without the govn't getting involved. They sued him and lost, called it a munition and put export restrictions on it and lost at that game too.
Now we've got this carnivore thing. I think that it's just more of the same old, same old. the FBI is asking for more than it really thinks that it can get. The American people and the Justice Department are making a big stink about it and in the end the FBI will get what they wanted in the first place, a way to monitor the e-mail of suspected criminals with a court order.
________________
They're - They are
Their - Belonging to them
I don't want free as in beer. I just want free beer.
Note to the Los Alamos lab: open-sourcing missile systems would be a bad idea.
only follow this link if you want to get really ticked off
What I don't understand about all of the fuss over Carnivore I've read on sites like /. is that essentially it isn't any different from already existing methods of surveillance like phone tapping. If you don't trust the FBI to use Carnivore properly...
It's not that I don't trust the FBI... Well, actually, I don't. But that's because I don't trust the US government in the form of the elected officials or governmental agencies, as they have proven, time and time again that they cannot be trusted, either to keep their promises, or to not cover up 'incidents' that would make them look bad.
Of course, that doesn't make them that different from any 'normal' person on the planet.
And, having said that, there isn't a country on the planet I would rather live in...
NecroPuppy
---
A true patriot is one who tries to improve his country.
I like you, Stuart. You're not like everyone else, here, at Slashdot.
Rather than having to hire specialists to pore over the OS Carnivore alternative and fix any holes or weaknesses that they find, they can, at no cost, simply use the version that they paid for.
That argument doesn't hold water, because the furor over Carnivore stems not from the fact that it might have flaws or weaknesses, but that nobody quite knows what Carnivore's capabilities are. Are you absolutely sure it's just tapping email? Or maybe there's built-in packet sniffing, as well. Perhaps it maintains its own duplicate cache of every web page you access.
Or, since Carnivore is a black box, perhaps it scans *every* email or web page request and does some fancy pattern matching on it. Under the auspices of looking at Joe Blow's email, the FBI has a tool in which to look for whatever they want: people downloading kiddie porn, people building bombs, people passing military secrets... which they have NO RIGHT to look for beyond look at Joe Blow's email.
Nobody's bitching about Carnivore because it might have a flaw. The big stink is the fact the FBI won't give any more information on Carnivore than sound bites, and people are justifiably worried that Carnivore might do more than just tap one persons emails.
I also don't understand how an alternative that is different in only one respect (open sourced) and supposedly has the exact same functionality is superior to the closed source version. To me, a well-designed program is a well-designed program, whether it was designed in total secrecy or GPLed.
It's not about the design. If this were simply about security flaws you'd be correct.
This is about the capability of software you know nothing about. An open version allows an ISP to make 100% sure that all it does is tap email. With the FBI's black box, you have to take your chances.
Open source, in this instance, provides a much greater level of security and comfort than proprietary software.
--
With the new law that requires the GPS phones to track where you are the've got the "watch our every move" covered. If they can just keep track of your "TO;" & "FROM:" fields on incoming/outgoing email they know who you are talking to. If you use your debit card for everything like alot of people do they know where you eat, shop, fill your car with gas and what you purchase. If they track your Email content, how much more do they know?
Two theroies I've heard about carnivore bother me. 1) It can be used to shut down ISP's or filter content so that the FBI could do something like turn off napster. Or 2) that it could capture large blocks of Email from people and use them to profile people. Think about a progam that could take all the Email you send in a month and process the text. How many times does the person use violent language. What are common topics. How good can they spell (= how educated are they.)
Put that all together and the governement would only have to connect the dots to know everything about you. And as for the FBI not wanting to give away the source so people can't go around it, that's a joke too. Anyone can do that. Send someone an HTML based Email with an image in it. Use something like ScramDisk to embed the desired info inside one of the pictures. It goes through the Email scanner, the program see's a page about buying flowers or something and the real message is inside it. It's not that hard to do and anyone who is REALLY up to no good is going to be paranoid anyways and isn't going to send a plain text email "Hey joe, lets go blow up the XYZ building tonight. Then well stop and get pizza afterwords, OK?"
The fact that the FBI is so closed with the system just screams that there is more than meets the eye. With the FBI coming out and saying that if there is going to be a big brother in the US then they are going to be it, I'm just a little worried.
Just because you're paranoid doesn't mean they aren't out to get you.
I don't know whether the post was made for kicks and giggles, or for some other reason, but in the end, there =are= a disturbingly large number of "Christians" who preach hate, prejudice, paranoia and emotional/physical violence.
If "sides" exist, and I had to choose which "side" guided the writer of the post, I'd say the guy with the pitchfork is a more likely suspect.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
You sir, hit it right on the head. Children crave our love and attention. They do NOT realize that you are abusing them, their minds aren't capable of that type of thought at such early ages. They may understand that it's wrong, but ultimately they are tought to trust adults. Mommy and Daddy are always right...but pedophilia is abuse plain and simple. I've never heard of a child that isn't sexually aware ASKING for sex. You aren't awakening them, you are letting them experience a nightmare.
--Doxavg
--Board Member and Security Officer - Ethical Hackers Against Pedophilia
--http://www.ehap.org
Robert Graham made a presentation on Carnivore and his open sourced version at this years ToorCon Computer Security Expo. You can watch it in streaming real video by going to toorcon.com.
skalore@nfsg.org
Founder of ToorCon (www.toorcon.com)
skalore@nfsg.org
Founder of ToorCon (www.toorcon.com)
CTO of Nightfall Security Group (www.nfsg.org)
Or rather, the dumb criminals get caught and make TV shows etc. The smart ones - if they're really smart, people won't even know that there had been a crime committed. (Like white-collar crime.)
But if I were planning some sort of crime, I wouldn't use a cypher; not even steganography. I'd use a code. All the details would be discussed in person, then I'd call (or send email) saying "I think I'm going to McDonald's today" meaning we hit the jewellery store, and "I think I'll go to Burger King" means it's the bank we'll roll. No wiretaps or Carnivore will catch that.
Unlimited growth == Cancer.
...the FBI caught 1024 criminals... First thing I thought of: "Cool, they've caught 1k of criminals." I really need to get out more.
Information just wants to be left alone. I asked it.
Planning to be moderated ± 1: Bad Pun.
I won't completely disagree with you but please don't go for a perfect democracy where everyone can vote on every issue.
The problem with this is that the only people who would bother to vote after the first few weeks are the people who actually care about changing things. This breaks down to a subset of people who have a particular personality, so such a system would ultimately give control to these people.
Most people couldn't care less about most issues, but many people take a stand on things they know little or nothing about. Usually this stand comes from being manipulated by annoying people with loud voices who know how to mix key patriotic manipulative words into sentances to hit irrationally on large blocks of population.
People have voted away "true" freedom in nearly every democratic country in the world, in favour of having a government to "protect" them from things they don't have time to understand. How long do you think it would take for people to do it again?
It's easy to vote to allocate money to helping the homeless. It's not easy to organise how this is done. It's easy to vote to replace the people who were responsible for organizing something. It's not easy to appoint someone who has a hope in hell of doing any better.
The central problem with democracy is the side of it that is nothing more than two wolves and a sheep voting on what's for dinner.
===
Do you really think this is funny? If I meet you I will kill you.
Or if this Carnivore box only scans e-mail, then all that has to be done is use a different protocol. There are many other protocols that exchange information (like I don't know, all of them!). So really Carnivore would have to look through all of the traffic which includes web pages, etc. and if I understand this correctly the FBI says it will not do this.
So long as the innards of Carnivore are not open to the public, the FBI could easily track anything they want to. Given this, the following scenario becomes not only possible but likely:
- FBI becomes interested in person X, for political or other non-criminal reasons.
- FBI agent takes out a pseudo-account in the name of Y on person X's ISP, begins exchanging "suspicious" traffic.
- FBI "notices" Y's traffic, asks for a mail-header warrant to see if there is cause for a criminal investigation.
- FBI installs Carnivore on person X's ISP, allegedly to watch Y. However, the Carnivore system is also set to capture all traffic pertaining to X.
Now prove to me that that can't happen. Given our police agencies' record of using illegal wiretaps, try making a case that it isn't inevitable. You have two chances of making your case, slim and none.--
Build a man a fire, and he's warm for a day.
Time is Nature's way of keeping everything from happening at once... the bitch.
apt-get install altivore
C:\>ls
bad command or file name
C:\>uptime
--
Build a man a fire, and he's warm for a day.
Time is Nature's way of keeping everything from happening at once... the bitch.
While the FBI refuses to comment on specific products, spokeswoman Chris Watney confirmed that the information is all the bureau is interested in. How they get it, as long as it's legal and complete, doesn't matter, she said.
So it appears to me that the FBI has no problem with ISP's using this software. At least that's the way I interpret it. If this is so, then there's no problem here that I can see. Yes, carnivore may have done more than this software does, but the FBI is backed into a hole, and since they claim that they only need specific information, which this software provides, then we win this battle.
For you conspiracy buffs out there, this may change in the future when they come out with "Carnivore ME" that has enhanced features that they claim are proprietary and can't legally be reverse engineered in the U.S. thanks to stupid laws passed like the DMCA and such.
Mas vale cholo, que mal acompañado.
IIRC, what you said above differs from state to state. I think the state of Georgia the age limit is 16 (if you are 17 and boinking a 16 year old, off to the slammer you go).
-Joe
True, but this "outrage" is all from groups which are dedicated to freedom at the cost of security anyway. After all if a law was passed requiring people with red hair to register on a national database, of course it would be people with red hair who would complain. So that's a bit of a strawman argument IMHO.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
A better analogy which captures more of what the FBI is doing would be: "Suppose some terrorist group was using the US postal service to plot its plans." Unencrypted e-mail is like a post card, encrypted e-mail is like a letter inside of an envelope.
While e-mail is faster than snail mail, it lacks the immediate feedback of a phone conversation; in addition it leaves an audit trail that any terrorist organization would be fools to leave.
I would think that something like ICQ would be a better choice for clandestine plotting than e-mail.
Another way of handling communication would be through https and some secure forms to a .com site; your 'order' could be "Bomb the UN building at 3:OO PM".
In any case the whole "We've got to read your mail" paranoia on the part of the FBI is mostly unnecessary; traffic analysis alone will give them the vast majority of the information they need to have on any terrorist organization.
Besides, sending an e-mail message like "You da bomb" gets you looked at by Echelon anyway.
The FBI just wants Carnivore because it is full of petty snoopy people who like to read other peoples mail. Since 99.9999% of all email is of the innocent variety, they have to read an awful lot of innocuous stuff to find the sort of criminal communications that they claim are "flooding the Internet".
Anyone who is seriously worried that their daughter is going to be kidnapped and raped by political terrorists also needs to be worried about being electrocuted by a lightning strike in a dust storm; since the two events are roughly equal in probability.
The broadcast media and newspapers have a hidden agenda; both of these groups are terrified of the potential competition that the Internet can be for them - so they want the Internet as crippled as they can make it. That is the real motivating reason for all of the stories of "slavering pedophile boogie men who are going to turn your rosy cheeked 8 year old into a porn - ho".
If you want to see how ridiculous all of these stories are remember that the Internet is just a medium of communication like the air or the US Mail is. Substitute "Air" or "Postal Service" for Internet and the absurdity of the stories is apparent:
"A Pedophile was arrested today. Authorities said that he 'talked' to a little girl on her way to school. The FBI renewed its demand before congress to get parabolic microphones and laser snooping devices on every street corner so that they could listen in to all conversations to prevent that sort of crime from happening."
"You can never tell who is plotting crimes by using the air to talk to each other, so we need to have the ability to snoop on all conversations. Besides, if you aren't doing anything wrong how could you object? Warrants, we don't need no steenking warrants; this is an emergency, all civil rights need to be suspended for the duration."
To all those who are saying variants of the above: Ben Franklin said something along the lines of "Those who would sacrifice neccessary liberty to secure temporary safety deserve neither"
Best Slashdot Co
Curious that no one has listed the links for the Page, Company, or Source Code. Let alone the Forum or associated presentation. Maybe this will help: http://www.networkice.com/altivore/
-a.e.mossberg
Seeing as there's only room for 144,000 people in heaven, I'm assuming that it's already full. What are they going to do, chuck out Mother Therasa for you?
Well, it passes the time doesn't it?
Why do people constantly believe in such things as heaven and hell? There's no such thing as a non-sinner; think about it. And if you lied about who you were here then you just sinned, blocking any entrance to this imaginary heaven. Face it, when you die, you are DEAD. Nobody has ever come back and said that they saw a heaven or they saw a hell...and wouldn't one mans heaven be another mans hell? Wouldn't living eternity in heaven be hell in and of itself? Humans get bored too easily if we have life easy, we love to make it difficult for ourselves.
If the Australian Government passed a bill approving a carnivore-like system to be used in Australia, you wouldn't hear too many complaints from the public. ASIO (equiv to CIA) has the power to intercept and read your e-mail if they suspect you of engaging in criminal activities. No guidelines are given to what constitutes 'suspicion', it's completely arbitrary and at the discretion of the agent involved.
--
Daniel Zeaiter
daniel@academytiles.com.au
http://www.academytiles.com.au
ICQ: 16889511
Here's my thoughts on the whole Carnivore situation...
The FBI has retained the right to perform legal wiretaps on telephones (old-school communications device) for years. They have specific guidelines that they must follow in order to set them, including a signed order from a judge.
Today, we obviously rely more on e-mail (new-school communications device). Does this give us a license to use this new device for whatever crimimal acts we want? If I want to plot a kidnapping/assination/kiddie porn ring (NOTE: I don't...), should I have the unrestricted freedom to make all of my plans online? If the FBI got wind that a crime ring was planning to kidnap, rape, and exploit YOUR wife/son/daughter/sister/brother/etc. by planning the dispicable act entirely through e-mail, would you not want to have some means to protect your loved ones? The FBI would still need to obtain the appropriate warrants to place the tap device on the criminal's ISP (BTW - these orders are time sensitive - the [whatever]ivore device can only be on the system for a specific period of time), and collect the information required to perform their mission.
OTOH, if the criminals were solely using the telephone to plot, would you have a different view or expectation as to their capture?
I'm not saying that the FBI (or any governmental agency, for that matter) should have unrestricted access to our personal lives - that is CLEARLY a breach of the law. However, the intelligence oversight in this country is EXTREMELY restrictive, and is designed to protect U.S. citizens. In fact, the U.S. cannot collect information on its citizens abroad, and cannot collect information on non-citizens while they are within the borders of the US. So if Usama Bin Laden crosses the border at Niagara Falls, NY (lax border, for the most part), the FBI/CIA/whomever CANNOT place a wiretap on his hotel phone without a legal warrant to do so.
I still think that a review of Carnivore is a good idea, but if looking at it's algorithms yielded information as to how to thwart it's capabilities, should that kind of information be out in the public? Would you be happy if, in the aforementioned scenario where your loved one is in danger, the criminals knew how to thwart the system, rendering the FBI's protection of your family useless?
Just some thoughts... I'm not fully a proponent of government, but I think that there are some things best left out of the public eye.
Plenty of people are already in the position to do so. If you have servers being colocated at an ISP, then they don't care WHAT software you run on them. There's plenty of sniffing programs out there, so all this is is another to add to the countless other tools which may very well already be in place at your favorite hosting provider. This makes it only marginally easier for someone to sniff out your emails, given that they are getting hosted somewhere between you and your email provider.
Slay a dragon... over lunch!
What I don't understand about all of the fuss over Carnivore I've read on sites like /. is that essentially it isn't any different from already existing methods of surveillance like phone tapping. If you don't trust the FBI to use Carnivore properly, then you shouldn't trust them to use other methods legally either. But there's no outcry over phone tapping because a) it's already here, and b) it's not affecting the Internet.
Really, the only reason that Carnivore wasn't built into the net when it was first created was that nobody in law enforcement ever thought it would come to what it has? The original ARPAnet was mainly used by academics in America - who would have ever thought that it would eventually be used by terrorist organisations in the Middle East to coordinate with cells in New York?
The astounding growth of the net both in America and abroad caught agencies off guard, and they're not moving to recitify the problem in whatever way they can. This is not an invasion of privacy, it's a sensible precaution to be used when it is required. Anyone who thinks that the FBI will scan every packet going through routers in the US is living in a paranoid fantasy world.
Carnivore isn't a "new danger to liberty", it's a new medium for an old technique. Either you trust the FBI or you don't, but stop being hypocritical in what you complain about.
The reason people were so pissed about the FBI's Carnivore is because we have no way of knowing what it really does.
At least with an open-source version, we know what the system's capabilities are.
So basically what you're saying is that you want an open-source version because it's easier to hack? That certainly seems to be what you're implying - you want to know it's capabilities which makes it easier to plan a defence for...
So much for the vaunted "open source is more secure" mantra...
I think the most humorous (read: maddening to some in the FBI) thing about this is the statement that Altivore was written in a period spanning three days, which indeed seems about right. If some congress person really wants to stick it to the FBI, start investigating how much time, money, and effort was spent developing Carnivore.
:)
These issues raise the questions of why did the FBI have to expend N amount of resources to develop their tech. The two answers that they can provide is: 1) Carnivore does more than they've said, or 2) it should've been outsourced to another company--it would've saved the tax payers a lot of money.
Obviously, with either answer, someone would have to be held accountable, and the FBI would, in the end, be paying for their questionable position on this subject by losing the sups, and directors who would take the blame. All in all, sounds good to me.
It has nothing to do with the GPL in this case. What this is about is being able to SEE what this software REALLY does. The FBI has declined to allow the source to be inspected to ensure it only does what they say it does. They have rejected FOIA requests, and a federal judge has sided with them on the issue. Which really does beg the question: If all this thing is really doing is filtering all email looking for items related to a subject the FBI has the LEGAL AUTHORITY to be wiretapping (i.e. court ordered) then WHY is it too sensitive to show the public?
Personally, I side with the ACLU on this one: This thing must be stopped, and stopped NOW before it is used to circumvent the 4th ammendmant.
What part of "shall not be infringed" is so hard to understand?
You mean... *shudder* BSD?
Of course there's not. I can't work out if Mr A.C. is an intelligent troll or if he actually believes what he's saying.
Unfortunatly, I'm tempted to think the latter.
The cry of the secret policeman everywhere. I wish you were right. But...
I don't believe it I am afraid. Sorry, call me a conspiracy theorist, whatever but our governments clearly feel that they cannot trust their citizens, ergo we cannot trust them.
Elgon
Spooon!
-N
When you have the means to extend your power, you are morally required to do it!
It seems our governments are once again trying everything they can to protect us. Too bad they don't have the means to read our thoughts or to watch our every moves, it would be so much easier to track criminals, terrorists and pedophiles!
(me being sarcastic)An 18 year old boy doing it with a 17 year old girl is technically a paedophile. So I am/was one, are you?
I think we should rephrase the meaning of the word paedophile to something like: Doing it with children before they enter their puberty.
Ofcourse not to be confused with rape.
"Oooh, what does this button do?" - DeeDee
A trusted group should be allowed to use this on the FBI's networks. They should search for traffic that indicates an abuse of Carnivore, as well as hints that Omnivore (Carnivore's bigger brother) is being used. I heard that they have a program that screens for pot references in emails. Its called herbivore.
Don't believe anything I say. I crash test crack pipes for a living.
Refinement: The government had a watchdog in the form of wiretap law. The laws governing its use are well-defined, however, whereas the new technology of Carnivore as of yet has no legal restrictions... to the best of my knowledge.
MCH/VO S* W- N+++++ PEC+++ D(s++/r) A a+>+++ C* G++(++++) Q+ 666 Y