Stacked Carnivore Review Team

Agent Z5q writes "According to this article at Wired News, the names of the Carnivore review team have leaked. (Cryptome.org on the ball as always.) The team consists of members who have all either worked on large-scale government projects or currently hold active security clearances, including a top secret rating from the National Security Agency, a top secret rating from the Department of Defense and other ratings from the Treasury Department. Looks like the deck is just a bit stacked."

D'ja read the Fine Print?

[d.valued]

This is text, copied verbatim from the first page of the proposal:

The data in this proposal shall not be disclosed outside the Government and shall not be duplicated, used, or disclosed in whole or in part for any purpose other than to evaluate the proposal; provided, that if a contract is awarded to this offeror as a result or in connection with the submission of these data, the Government shall have the right to duplicate, use, or disclose the data to the extent provided in the contract.

Guess we be in trouble for showing the stupidity of the Gov'ment (and IIT.. If I knew this three days ago, I would have called them up and visited their campus.. and probably get busted by the USSS :)) in action....

Re:Did we expect anything better?

[Claudius]

Did the DoJ take this as an invitation to alter the requirements? No, they just went right on down the list until they found the only people who COULDN'T say no... the people who work for them.

I believe you are misinformed on both the prevalance of security clearances among university faculty and what holding a security clearance entails. With a little bit of effort you could find just as many, if not more, MIT, UCSD, etc. faculty and staff who hold active security clearances, many of which are high level clearances such as Defense Dept. Top Secret clearances and DOE Q clearances. Faculty in the sciences and engineering frequently consult on government projects and they are they often asked to serve on external review committees.

A security clearance simply means that under certain circumstances (a "need to know") these individuals may access classified information. It does not obligate them to participate in any specific programs per se, but rather requires of them only that they not disclose sensitive information to uncleared people or participate in activities (such as recreational drug use) that are perceived as making them vulnerable to blackmail. In the case of Carnivore technology this may be a good thing since much of the technology is undoubtedly classified anyway--if the reviewers have no clearances then evaluation of the program would wait until the evaluators got the required clearances. This would be the case regardless of which institution is called upon to review the technology, and it is an issue that is separate from wondering about the integrity and objectiveness of the committee.

It hardly requires a security clearance to "rubber stamp" a program. It only requires a rubber stamp.

Re:Now wait a minute

[Stephen+Samuel]

uhm, As far as I know (IANAL -- I aint even a US resident!) you only have the right to know what evidence was gathered in a case where you have been CHARGED. If they don't have enough evidence to charge you, they can generally keep all info they have under wraps until Freedom of Information laws kick in at 20 years.

WRT US Residents VS foreign enemies: A US resident can also be a foreign enemy. Foreign spies working in the states would also be US residents. The CIA couldn't touch a US Citizen, living in the states and subverted/blackmailed by a foreign agency. A list of such people would probably be administered by the FBI and rated top-secret (and shared with the CIA "for use outside the country, only").

Re:emmm what has been their record for public

[jdaemon]

Bah, this isn't an "embarrasing hole" [sic], but rather, a little known feature of Adobe Acrobat, widely known as a "fsckwit alert feature".

I'm not sure why the above post was moderated up... it's both obvious and redundant to question the objective nature of the handpicked reviewers.

This instance beautifully illustrates exactly why the government cannot be trusted to monitor our communications, police itself, or store and protect the information of private individuals.

Damnit, it sounds so fscking trite, but our rights must be fought for! Do something about it besides muttering inside a cubicle and posting on Slashdot - support the EFF, support the ACLU. And don't just support them with your voice - cough up just a little bit of that new hardware fund, or spend some time as a volunteer.

It's in the nature of a governmental organism to constantly expand bureaucracy and enlarge the scope and scale of the powers it possesses. The cold hard truth is that the people reading this bear the responsibility to ensure their own freedom.

If you don't help do it, it won't get done.

JDaemon

Stacked?

[R.+Cain]

"The team consists of members who have all either worked on large-scale government projects or currently hold active security clearances, including a top secret rating from the National Security Agency, a top secret rating from the Department of Defense and other ratings from the Treasury Department. Looks like the deck is just a bit stacked." Who else is supossed to police the Email Beast? You'd think they'd let anyone actively monitor the workings of Carnivore w/o having some sort of government background and current high level security clearance? Use some common sense.

Re:Stacked?

[SirGeek]

How about computer security specialists ? how about a legal team that specializes in constitutional laws?

Re:whats the problem?

[Dwonis]

Precisely. As long as Carnivore is just a separate sniffing box on the ISP's ethernet (eg, not "in between" the ISP and its provider), I don't care.

Nobody who's intelligent uses telnet for anything important anyway.
--------
"I already have all the latest software."

Re:Carnivore

[GigsVT]

Once the code is on the net, it will be too late to ever keep it secret.
-

Re:Now wait a minute

[SirGeek]

Security at the expense of our liberty isn't acceptable means though.

If they have REASONABLE SUSPICIONS of someone's guilt, then they should have to:

• Obtain a search warrent to obtain the evidence
• Obtain a warrent for installing a wiretap

What part of this is unfair ? yes, some criminals would avoid detection.. But all innocent people would have due processes.

And besides, Who does the FBI REALLY work for ? It doesn't appear to be the american citizens anymore....

Re:Hilarious, if not so sad

[_Sprocket_]

This kinda thing has happened before. Just makes me shake my head.

Re:What the Clearance really means

Works both ways. Let me illustrate:

Hi, we have completed our investigation and you passed. Here are the secret documents and here's a picture of you with your goat. Be a good boy and your wife won't get an extra Christmas card this year.

So what? This is such non-news.

[funny3]

Talk about a bunch of non-news. You show me any highly technical, or large state university, that has never done any research with/for the government. Still looking? I thought so. There isn't one. Also show me one large corporation, that deals with anything technical (so McDonalds doesn't count) that has not done work for the government. Once again, there isn't one. What a bunch of retarded BS.

Papa Smurf as an allegory for the FBI?

[Froid]

If you ever have trouble explaining the approach the FBI is taking to someone, present him with this visual analogy. The FBI is Papa Smurf, and the FBI, and the little blue smurf is the American public. At first blush, it seems Papa Smurf is merely reading to the little smurf, but if you look more carefully at Papa Smurf's expression and the position of the little smurf on his lap, then you may get a clearer notion of what's really going on.

Re:Papa Smurf as an allegory for the FBI?

[Szoup]

No Scooby Doo for you!

Sheesh...
------------------------------------- ------

Re:Papa Smurf as an allegory for the FBI?

Okay, I know it sounds crazy. I didn't believe it myself at first. Then I started thinking about it, and it starts getting scary.
First of all, you must take away all pre-programed thoughts you might already have about communists. Forget all that big bad Russian stuff that the 80's taught us, that doesn't exist anymore. Think of communism as just a way of life, a social order, an economic standpoint. Take all the visions of sickles and hammers out of your head for awhile, and then you will be able to see it.

First of all, the Smurfs shared everything. The food in the Smurf village was stored away in those mushrooms the minute it was harvested and then equally distributed to all the Smurfs throughout the year. No one "farmer smurf" sold his crop to one smurf or another. It was understood that the crop was for the entire Smurf population, not for the sale or profit of one smurf alone.

Then there were the jobs each smurf held. There was Handy Smurf, and Painter Smurf, and Brainy Smurf, ect.. Each smurf had his own job and was not allowed to try other fields. There actually was an episode where each smurf tried to do another one's job, and failed. The moral of the story was apparently "Stick to what you do Best" or in another view, what the society has chosen for you. Handy Smurf was always building. Painter Smurf was always painting. Everyone accepted what they were and didn't ask questions.

Then there comes the somewhat obvious stretches. Papa Smurf wore a red cap. All the Smurfs were the same color and sang the same song everywhere they went - stressing unity. Didn't you catch yourself singing that song as a kid? Everyong did.

The most outstanding arguement that the smurfs were communists comes from their arch-vilain Gargamel. If you remember, the only thing that Gargamel wanted the smurfs for was for his own profit. In the first four or five seasons, Gargamel's master plan was to catch the Smurfs, boil them, and turn them into gold. For some reason, in the later years when the show was dieing, they started saying that he wanted to eat the poor blue creatures, but for the most part he wanted to turn them into gold. He didn't care about the Smurfs themselves or thier culture or wellbeing. All he cared about was getting gold. He was only interested in how to get rich and nothing, nothing would get in his way.

Gargamel was a capitalist.

The evil antagonist on the Smurfs was the ultimate capitalist, terrorizing the peaceful good little communist Smurf community. It all starts to fit together doesn't it?

It makes you wonder why anybody didn't speak up about this before, especialy during the 80's cold war.

Re:Now wait a minute

Seriously, this was my first thought... If "respecatable" private citizens (read university folk) aren't willing to look through the thing because of an NDA, your next option is people that you already trust not to blab your secrets (read people with high security clearance)
It's far from sinister... giving it to a random assortment of engineers and political philosophers would have been less bright than failing to actually conceal their names

Re:emmm what has been their record for public

[Jerf]

I've worked a bit with Adobe's software, and for what it's worth, it's not a flaw in Adobe's software, rather it just has too many features (and I don't mean bugs).

The real problem is people treating computers like glorified typewriters. They yank up their software, figure out how to "black out" the names by placing opaque black boxes over the name, and figure that's as secure as it is in the real world. Except that PDF is just a varient of PostScript, a fully fledged display language, so all they were really doing was causing the over-writing of a black box on perfectly intact data, which would be and was easily extracted by people with the right know-how (or the ability to try copying and pasting :-) ).

Adobe's software works as advertised, and there are definately uses for this sort of thing (like overlaying form elements, which can be useful), but they've been no more successful at removing the need to understand computers then anybody else, so you can still get yourself in trouble!

ps: Do you think that in 50 years, people will think our obsession with making computers "easy" to use (as distinct from user friendly, which is quite a different thing!) was a hopeless task?

The Law People

[2quam4]

Let's see...
Henry Perritt
Here is his bio and home page. Excerpt from a paper of his: The Internet is a revolutionary phenomenon. It is not just a technology, but a way of organizing and connecting human activity, which emphasizes decentralization, specialization, and global cooperation. It is not merely a means for facilitating existing market and political institutions, but a way of redefining them altogether. The Internet is a new kind of market. It can be an electronic town hall in which rules are made, or an electronic courthouse in which disputes are decided.
...
The Internet threatens civic institutions such as the press, old interest groups, and professions (including the bar).
...
The Internet threatens established interest groups because it makes their techniques of recruitment, organization, and maintenance of membership solidarity less relevant.
...
The Internet also threatens market institutions such as stock exchanges.
...
In a larger sense, the Internet threatens traditional political intermediation because it threatens governmental control.
...
Not only must America's existing commitment to rule of law and interstate dispute resolution continue and be strengthened; America must also be more articulate in stressing the need for strong collective security arrangements.

Harold Krent
His bio and list of publications. I plan to review Executive Control Over Criminal Law Enforcement: Some Lessons From History, 38 AM. U. L. REV. 275 (1989).

What disturbs me is that neither Perritt or Krent are experts in criminal and/or constitutional law. It seems to me that that type of experience is what is truly needed while evaluating Carnivore. Carnivore is essentially a device, like any other device employed by law enforcement, for tapping information. I am constantly pissed off when the rules are bent, like in the case at hand, to treat an Internet-related device any differently. Moreover, the dean and the associate dean are to evaluate carnivore? They are one of the same.
Any opinions?
Please excuse me, this information makes me want to vomit.

Re:The Law People

[leereyno]

From Dr Perritt's paper:

"In April of 1996 the United States Institute for Peace conducted a conference on "Virtual Diplomacy," exploring the interaction between new information technologies and international conflict management. During the conference many speakers observed that information technology threatens traditional political institutions. One panel explored the possibility that information technology threatens sovereignty itself.

Ordinary citizens as well as diplomats have instantaneous access to information about world events as they occur--through CNN sooner than through the CIA. Ordinary citizens interested in environmental protection or human rights can reach out and touch counterparts in other countries through the Internet, bypassing international treaty negotiators appointed by their own governments.

Overlapping revolutions in information technology and the convergence of communications, broadcast and data technologies into a single digital network of networks typified by the Internet, have undermined old political institutions and simultaneously made new international institutions likely because they make it feasible to reach across geographic political boundaries. [FN1]"

I for one don't understand why this is a problem.

The idea that the governments of the world are supposed to have some kind of priviliged existence above that of their citizens is incorrect.

Institutions exist because they are needed. They have no inherent right to exist beyond that. If an institution has something to fear from the empowerment of the people, then that institution is not working in the best interests of the people and should be reformed or abolished.

The internet does not threaten the sovereignty of any government whose power is truly derived from the consent of the governed. Government which works for the people and which is ultimately directed by the people can only benefit from technology which allows better communication and access to information.

Unfortunately much of the policy created by the US government is detrimental to the rights of its citizens and is therefore dependent upon their ignorance. The ability of spin doctors and politicians to paint a pretty picture on top of an ugly deed or policy depends on our being unaware of the true facts of the matter. The more we know, the less they can lie to us and get away with it.

I can only imagine that the situation is worse in other parts of the world where lies, corruption and oppression are the very foundation upon which the government sits. A government such as this has a great deal to fear from the internet. Take China for example. The leaders of its communist party should be very, very afraid right now. Its only a matter of time before the foundation of their power crubles. It may take decades but the beginning of the end for them is here now.

In short the internet worries the powers that be because it is what will replace them with the powers that will be.

"I tip my hat to the new constitution,
take a bow for the new revolution,
smile and grin at the changes all around.
Pick up my guitar and play,
just like yesterday.
And I get on my knees and pray,
we don't get fooled again."

Lee Reynolds

Re:Alternative Choice

[Tairan]

I can tell you the review right now.

"After months of reviewing the 'Carnivore' system, we have decided there is nothing bad about it at all. In fact, this machine is completely secure, and is impossible to hack. It uses an advanced security method, New Technology File System, developed by Microsoft to keep its files protected and secret. This device is so great, every ISP in the world should have one. We, completely unbiased and open-minded, believe there should be a carnivore unit sitting behind every connection to the Internet - from the smallest DSL line to the biggest OC-128.

Again, we state, that there is no reason this should not be put out."

Re:Hilarious, if not so sad

[MisterP]

I can't believe this has happened twice. I thought it was a joke at first.

Stacked team

[Chris+Pimlott]

Alright! Anyone got pictures?

Re:You've proven the point!

[ave19]

I've worked at NSA, I've had the polygraph, I've spilled my guts and deepest secrets to Agent Smith. But I never felt I was surrendering my liberties in the process. I am still free. I can go home and smoke pot if I want. I fully understand I will be surrendering that clearnance when I do it. There is no brainwashing, no electo-shock therapy. At one point in my life, I was given the chance to decide, freely, whether I wanted to give up pot smoking for a chance to help out The Man. I did it. And I don't regret it. Am I a freak? No. I believe in freedom. I believe code is speech. I have a DVD-CSS tshirt. I also believe freedom isn't free, and I was willing to fight for it. How do you keep The Man from spying on the people? Work for him. Make sure it doesn't happen. That's who is reviewing this code.

Security Through Obscurity

[md17]

Gotta love the government! I wish I could find out which of their servers they setup with this same type of "security".

Re:High Level Security Does Note Equal Stacked Dec

[Stickster]

Thank you, Mo, finally a voice of reason. (And to answer your question, it was probably around 250,000.) Notable example: Dr. Fred Cohen, who works at the Sandia National Laboratories, is very likely in possession of classification levels whose very names are classified, and is also one of the most outspoken critics of Carnivore and the FBI in general.

Once again, Slashdot showing the fact that just because you have a forum doesn't make you an expert in, well... anything. (I don't claim to be one either for that matter, just an informed amateur.)

Re:Now wait a minute

[lrichardson]

"e-mail gets the same protection as US Mail. The US Postal Service IS the government. If you are a conspiracy theorist, at least do it all the way... :P

While I generally follow the rule of never attributing to evil intentions what can adequately be explained by stupidity, there are many units within the US gov't which can be basically classified as 'evil', worse since they tend to view themselves as having the highest moral authority.

Back north of the border, we've had fun over the years as various black boxes (Made in the U.S.A.) have been found at phone exchanges. (Before we had our own incompetent bunch of spies). As to mail, they've gotten a bit more sophisticated, but there was a period when you simply didn't send anything photo-sensitive if you were on the 'monitored' list. And, I gotta admit, as a computer type, a lot of ingenuity went into the program to assemble scanned strips of shredded paper.

Heck, it was only a decade back you could phone the NSA and ask about the crypto museum, only to be told that such a thing didn't exist. It had been open for a few months before they thought to tell the front desk that they could actually give out the info. Paranoia and rabid patriotism seems to be the prerequesites.

The comment regarding a class of CS101 students is a bit weird. Various security schemes are floated by universities (Go Waterloo!) on a regular basis. One of the basics of security is to assume that people will find out the method, but not the specific keys. (Think RSA). If Carnivore is to be a good security system, the structure should be able to withstand the scrutiny of a CS101 class. If that level of knowledge about the program would compromise it, then I suspect it's already inherently unsuitable to the task.

After they rubber-stamp it

[rlwhite]

Worse-case scenario, there are still a few protections left. Let's hope we don't have to rely on them. The FBI is still supposed to be dependent on warrants from the courts for Carnivore (I think I remember that correctly).

In any case involving Carnivore, it will be imperative that the timestamps are double-, triple-, quadruple-checked against each other- timestamps on the computers of the sender and recipient, the warrant issued, and the record from Carnivore. The most blatant abuse will be that the FBI catches an email under an unauthorized filter, then grabs a warrant and changes the timestamp. If anywhere on the backbone (perhaps ISP?) also records a timestamp (however unlikely this is), it would be a key to the defense, considering the suspicion that will be placed on the timestamps from the defendants' computers.

Carnivore should be required to record the exact filters that it was operating under at the time of a catch, any code allowing filters not specific to a single email address or IP should be removed (as in no filters to search keywords like "FBI", "drugs", "bomb", etc.), and the people at MIT who rejected the Carnivore review should have to dream up and implement ways to prevent modifications to the Carnivore code and detect any modification attempts. These modifications from MIT should not be disclosed to the FBI (security through obscurity works both ways, FBI). Obviously, a Carnivore machine where a code alteration is attempted would become inadmissible in court, and this record of code alteration must appear on the record of intercepted traffic. Unfortunately, I think MIT would have their work cut out for them.

Can't trust those guys for a minute

[YIAAL]

You'd think they were, like, SPIES or something. Really, the fact that we can't trust 'em is going to be a real liability on this issue. As on many others.

Re:Can't trust those guys for a minute

[MaxieZeus]

Maybe Im missing something, but isnt the goverment openly saying they want to read our mail, and we should be happy about it. I hope no one takes offense to this, but when I was a child growing up in america, the USSR was considered "evil". I was told horror stories about how bad their goverment was, and stories about how amazing ours was. I distinctly remember being told that in Russia, the goverment read your mail, people werent allowed to talk freely, and you could only where what they would allow you to (I understand that this may have been propaganda). Well here in 2000 the US goverment is trying hard to make that a reality here.

My point here is that, I dont care if jesus, buddha, ghandi, and Martin Lurther King are reviewing, The goverment is trying to read our mail. In America, The goverment is openly trying to read our mail!

Re:Who do you think hands out clearances???

[SvnLyrBrto]

>I don't have any idea where you got this idea,

From the Special Agent who called me, AND IDENTIFIED HIMSELF AS AN FBI SPECIAL AGENT, w/ regards to my friend who was getting his clearance in the Navy.

>but the FBI has nothing to do with acquisition
>of clearances for US armed service
>members.

Well, don't tell *ME*; tell the fscking bureau!!! Because unless that was a Navy guy lieing to me, it was a fscking fed.

>never saw a hoover, either while getting
>cleared or since

'Kay, *YOU* may have never been hassled by the fsckers, and may been fortunate enough to only deal with military security types, but who did they send to harass any non-military friends you may have listed as references? When the assholes called me, I ASKED why it was the FBI hassleing me and not the Navy. The guy told me that they did all of those investigations as a matter of course.

Now, my ordeal with the bureau WAS back in 1994, so mabye things have changed since. Another reply to my original post claims that the feds have since contracted out the background checks to private investigators. I can't confirm or deny that myself.

But I certianly remember WHO it was that called me SEVEN TIMES before getting the hint that I wasn't about to talk about my friends to the fucking feds. And I remember WHAT Special Fucking Agent Davidson spewed out before I told him to go fuck himself.

I'm bloody well NOT spilling ANY info on *MY* friends to the institutional descendents of J. Edgar Hoover... or hell... nor to any other "law enforcement" type either.

john

Resistance is NOT futile!!!

Haiku:
I am not a drone.
Remove the collective if

Wow...

[pb]

Real cloak-and-dagger style recon there, guys; cool!

Of course security professionals and people who have worked on these sorts of projects would be the best able to understand the issues involved. In this case, though, they're also the most likely ones to have conflicts of interest. I say, since this is a democracy and all, that we start voting them off the island and get a new group in there, pronto...
---
pb Reply or e-mail; don't vaguely moderate.

Re:Wow...

[Maddog_Delphi97]

Doesn't work like that. Once you've voted the appropiate congressmen and president, they take over. They choose the judge that decides what's "fair". They choose to put people like Jeno Reno in power. And it takes more than a day to reverse all of this. Could be that part of the problem is that politician like "think of the children" as a campaign to give the government more power. Basically, you're screwed. Even if everything you're doing is legal.

Re:Wow...

[pb]

Well, we could hold a constitutional convention, and *then* vote them off the island. But it shouldn't take longer than a day to reverse it, it'll just take longer than a day to get it all together.

Hey, everything I'm doing is legal. It's just all steganographically encoded in slashdot from about 8 accounts. That's needed, because the data loss is pretty high, but that's the price you pay for security these days.

I'm not afraid to mention that here because I'm not saying which 8 accounts, but they just post random gibberish-looking posts which have a tendency to get modded up for no reason. Oh, and some articles, too, but not that many people like the articles. Gotta get "post-Columbine" out of my wordlist before more people complain.
---
pb Reply or e-mail; don't vaguely moderate.

Karma whores

[Kaa]

I've never seen a politician that wasn't a karma whore.

Being a karma whore requires sucking up to the Slashdot community. Anti-Microsoft incantations are obligatory, as well as ritualized spitting at RIAA and MPAA. Besides you have to either express yourself well or be entertaining.

Nah. Politicians have a looooong way to go before they can even aspire to the status of a Slashdot karma whore.

Kaa

Maybe I should clarify

[pridkett]

Once again, I attend IIT, so maybe I'm biased here. I also know Dean Perritt and Harold Krent. In fact I've worked closely with Hank Perrit on a variety of projects. We didn't always get along, but I feel confident he will do a good job.

As a bit of a background, Perritt was one of the founders of a program called "Project Bosnia" which is designed to help restore the information infrastructure to Bosnia. Since then it has expanded to KRISYS Net (Kosovo Refugee Information System Network). I had the fortune to work with Perritt on both of these projects. Perritt is very aware of many of the issues that can come up from the filtering of information and government snooping of information as a result of these projects.

I've heard some comments about not being a criminal law expert or constitutional law expert. KentLaw is probably the best school to do this because it has such a focus on technology law. All you need to do is to look at the homepage and see the school has it's stuff together when it comes to the internet and the new world order.

As for IIT's relationship to this whole thing. KentLaw and IITRI operate fairly independently of the school and the main engineering school didn't have much (or anything at all) to do with the proposal. I'm not sure why the names were kept confidential, I just asked who was in charge of it and got a response in a few hours.

Re:Allow Jesus to enlighten...

Jesusdot

Which Ad Network Isn't Evil? Nobody knows but Jesus.

Posted by Cliff upon Wednesday September 27, @01:36AM
from the as-long-as-it's-not-doubleclick dept.
WaldoJ writes: "One of mine sites, nancies.org, hath beenst doth doesting very well, traffic-wise. Hundreds of
thousands of donkey views each month. But our banner provider,

ContentZone, is fundamentally evil. Satan've beenst sued by Satan's clients, and Satan don't payest us plenty. Flycast hath beenst bought
by Engage, and Satan're apparently not so hot either. DoubleClick? Don't beget me started. It wouldst be exalted if we couldst run the site
without ads, but the hosting alone wouldst smite us. We tried the donations route, but that's goddamn this righteous. Mine question is this?
Nobody knows but Jesus. Which lies the least? Nobody knows but Jesus. Which pays the bestest? Nobody knows but Jesus. It sure wouldst
be helpful to beget some input." If thee hath to hath ads for thine site, it wouldst be nice to beget the most out of the hits thine site doest beget
without the hassles. Any recommendations?

( Read More... | 12 of 15 prayers )

Alternative Choice

[Adam9]

Looks like they had to find a way out. First, they tried asking the universities as a scapegoat for when the complaints or court rulings would roll in. Since that failed, there's only one other alternative, stack the deck. I can't wait to see what their review is.

Re:Alternative Choice

[boing+boing]

I don't believe this is stacking the deck. The people they asked to do this originally probably also have security clearances and ties with the DoD or other government agencies.

If you don't think that university types have grants from the US Government (probably a lot of DOD work), you are crazy.

Need to Know? Breathtaking competence here.

If you've ever worked at a place that has security clearances, one of the things you learn is that part of being secure is not giving information about the clearance to anyone who doesn't need to know.

Even the existence of a clearance is need to know, not just the level. Even if we leave out the text that has been revealed behind the blackouts, the existence of active and inactive clearances was still plain.

Wow. I was impressed before, but now I am even more deeply impressed by the level of obfuscation. Secrecy doesn't just beget tyranny; it begets stupidity.

The folks who are doing the analysis may have clearance, but it doesn't mean that the FBI will get the analysis they want. Cleared is not always synonymous with lackey, brown-nose, or hypocrite. Let's not only prepare for the worst case review, but also an honest review. Just because you have a clearance doesn't mean that you will always agree with the folks who passed you the clearance. In fact, I've seen engineers with xxxx clearance turn red in the face and scream at the very brass who pay their contract and asked for the clearance. The brass didn't like it, but they signed the report.

Re:Did we expect anything better?

[Tairan]

Let them use your phone? Hell, I'd give them my phone! Who knows what they would give back to me. I might receive a nuclear powered cell phone, bouncing high powered waves off the Iridium satelites, free of charge. All in exchange for my 25 year old bell ring phone that has a bad receiver.

DMCA lawsuit!

[graniteMonkey]

Oh 5hit, Cryptome just circumvented a no doubt proprietary encryption algorithm! Drag 'em out and shoot 'em!

Re:Does this surprise anyone?

[Tairan]

"This has been under close scrutiny by the public eye so much lately, anything they do seems sinister. "

That's because everything they are doing is sinister. Bastards.

Let's think about this for a minute....

[wiggles]

Okay. We know 2 things:

1) Carnivore (probably) contains top secret NSA software technologies. Encryption, filtering, you name it.

2) The government NEVER lets ordinary people without security clearances view anything classified. And for good reason. They want to make sure their secret information stays secret.

Do you honestly think that the government would do otherwise? I highly doubt they'd let anyone, intelligent or no, work on this thing without a security clearance. It's top secret technology! And I know a lot of /.-ers think that all information is sacred and should be in the public domain, but magicians should never reveal their secrets, poker players should never tip their hands, and governments should never tell the rest of the world what they know. I support the government in this case. They came up with a viable compromise. Is the technology being reviewed? Yes. I may be optomistic on this one, but I don't think that this committee will be biased in its evaluation. I think they'll probably condemn it, finding that it violates illegal search and seizure, or the implied right to privacy. But not for a second do I think that the government is doing something wrong here in having those with proper security credentials work on this project. To do otherwise would be lunacy.

Re:Um, duh?

[Kaa]

What kills me is that people are really pissed about this. It's the *job* of the security agencies to do this. It isn't right, but it is what they do.

Yes. But it is also the job of all concerned to give the security agencies a whack on the ass when they overreach themselves and start to believe they own the world.

Kaa

Re:The Problem with using people with S/C

[kevinmaly]

Yes, there is and it is the requirement of all people that receive a government security clearance to sign a non-disclosure agreement. Anyone that signs this agreement, which you must sign to obtain a security clearance, is not allowed to write, talk about or publish anything that is classified which is not cleared by the DoD to be published. This was introduced in 1985 during Reagan Administration.

Bringing long distance to your doorstep. (TM)

[^_^x]

Talking on Iridium phone:
"...hey! For some reason the reception is REALLY good today!"
[looks up]
"YACK!!"
[jumps out of way of flaming satellite as it crashes into the ground]
"Hm... I've been disconnected."

Security of Federal Projects!

[dewright_ca]

What do you expect, you call it a stacked deck when they want people who have security clearances to verify there system. As a government contractor who has built secure systems I wouldn't want just anyone poking through my boxes to see what makes them tick. That is only a prudent measure. By having clearances they have an absolute measure of who that person is. It's not some big black helicopters in the sky conspiracy! Deal with it!

straw man

[jubandhu]

Doesn't anyone else think that this whole carniwhore thing is a straw man? If I remember the timing, the gov't was getting too much heat on the whole echelon thing so they conveniently drop carnivore into the public's jaw so they public can have something to chew on. Let the public vent their anger on something stupid. In the meantime, whatever real system they have running will keep on ... secretly, out of the public's attention.

Re:straw man

[Apotsy]

Good point. Drawing attention away from Echelon might very well be the true purpose of Carnivore. If so, it seems to be working. Looking back over this story, I see that your post is the only one that actually mentions Echelon. It's like everyone just collectively forgot about it.

The more I think about it, the more I think you're right. Carnivore might have been created to serve several puposes, but one of them is likely to act as a decoy for Echelon.

P.S. "Red herring" is probably a more apt description than "straw man".

Re:Gee!

[deckard666]

Judge: Court is in session. The accused is charge with placing classified materials on unclassified computers. How do you respond?

FBI: We've conducted a full review of ourselves and we found no evidence of intent.

Judge: Court is adjourned.

Wen Ho Lee: Wait, shouldn't we have an independent investigation?

FBI: We have chosen an independent investigator, impeccable record when he worked for us a few years ago, and he found no evidence of malfeasance.

Judge: Case closed

Wen Ho Lee: Can I choose my own prosecutor too?

Comment removed

[account_deleted]

Comment removed based on user account deletion

If you don't like it, leave!

[decaym]

I'm bloody well NOT spilling ANY info on *MY* friends to the institutional descendents of J. Edgar Hoover... or hell... nor to any other "law enforcement" type either.

If you despise this country, and it's security aparatus, so much, why are you still here? You are free to leave at any time. Unlike some countries, we don't force you to stay if you don't want to.

If you apply for a security clearance you are giving your permission for the background check. If you don't want people looking into your life, then you had better not sign on the bottom line.

It amazes me how people like to rag on our secuirty institutions such as the FBI, NSA, CIA, and NRO. Odds are, most of the people bitching have never had any direct dealings with these organizations. If these organizations didn't exist, we likely wouldn't have the freedom we do. Just as likely, Fidel Castro would be the provisional governor of the south-eastern quadrant of of North America.

Would you have rather of let the Seattle Space Needle be blown up last New Year? Would you have preferred to have seen all the bridges and tunnels in Manhattan blown up a few years ago? Wake up, these organizations are make up of Americans for the purpose of protecting Americans.

Granted, these organizations have not always been perfect in their motives and actions. However, this shortcoming has usually been a refletion of current administration policy. Who put that administration in place? We did! These organizations are a reflection of us and out own insecurities. These organizations are ultimately responsible to the same people who keep a handgun by the bed, a security system on the house, and an alarm on their car.

Re:If you don't like it, leave!

[SvnLyrBrto]

Ah, a "love it or leave it" flame...

>If you despise this country

Who said ANYTHING about desppising the United States? Not me. The Unites States != the federal bureau of investigation, despite what the uber-conservative control freaks amongst you might think.

I'm actually very fond of America as a whole, but that does NOT make me a mindless lackey who's going to toady to the fsckin FBI.

Have you ever READ anything about the history of the FBI beyond what they put out themselves??? I HAVE! It's a sordid affair replete with blackmail, corruption, murder, and persecution of anyone who doesn't fit the FBI's definition of proper orthodoxy... that includes: civil rights leaders, labor activists, unpopular (to the FBI) religions, hollywood types that lean a little too far to the left for the FBI's taste, hell... ANYONE who leans a little too far left for their tastes, homosexuals (ironic, given Hoover's own eh... extracurricular activities), unpopular (with the FBI or the president) journalists, peace activists, the list goes on and on.

I wouldn't trust this bunch of government-sanctioned hired thugs so far as I could spit a rat.

Hell, even if I were to totally ignore the lessons of history, an such an Orwellian intrusion on my privacy as carnivore would be enough, by itself, to convince me not to trust the MF_ers.

john

Resistance is NOT futile!!!

Haiku:
I am not a drone.
Remove the collective if

"We have the technology!"

[GlenRaphael]

I don't know about the rest of the groups you mentioned, but the armed services have their own security folks (think OSI, at least for the air force) who do this.

The OSI really does that now? Awesome! As I recall, that's one highly competent organization!

Although Rudy always did have trouble keeping that adrenelazine locked up.

Is Oscar still in charge? Steve and Jamie always seemed pretty busy solving major national security problems -- I'd really hate to see them reduced to doing clearance checks on Air Force employees.

Re:High Level Security Does Note Equal Stacked Dec

[pointym5]

Did you read the WiReD article? If you did you'd know that at least some of the people listed are not just random people with clearance.

known text attack for adobe "visual encryption"

[disenfranchised]

Don't have the pitstop plugin? Can't be bothered to cut and paste every black box on your screen?

1. Right Click
2. Find
3. Enter Value "Top Secret"
4. Strike Enter Key

I'm not going to jump to the conclusion that someone who has a security clearance is a government lapdog. But it is something to consider. If many reputable academic programs refused to review the program due to the NDA, it's telling that the agency found parties who can be trusted not to spill the beans. Thus an honest and independent review may still be conducted, and the FBI can just sit on the results.

Given that carnivore is a packet sniffer, we can all make some assumptions about what it can do. The real question is what the GUI allows Special Agent Bob of the East Goatlick field office to search for. If he is restricted to filtering for user-specific routing information, then slashdotters should only have to worry about the constitutionaly of using this tool. If he can filter all your ISP's traffic for hacking and "national security related" keywords, then we should all be worried about the constitutionality of using this tool.

In the end it's not the functionality of the software in question, it's the potential for quickly and easily violating the Fourth Ammendment.

High Level Security Does Note Equal Stacked Deck

[MoNickels]

Dear imbeciles,

High-level security clearance is not an orthodoxy exam, a litmus test, a whose-side-are-you-on interrogation. These people who have NSA clearance may never have worked for the NSA, met anyone from the NSA or visited NSA facilties. Government clearances can be broad contingency certifications, just-in-case devices that cover eventualities. It's not like once you get security clearance they automatically invite you to office parties and give you keys to the building.

Was it the 100,000th Slashdot registration that was the turning point between informed community of geeks and paranoid band of idiots? Or was it the 250,000th?

Sincerely,

Mo Nickels

Re:Who do you think hands out clearances???

[Claudius]

FWIW, background investigations for the Department of Energy L and Q clearances (Q is the DOE equiv. of a DoD Top Secret) are handled by the Office of Personnel Management (OPM) after an initial background investigation is performed by Pinkerton.

Re:High Level Security Does Note Equal Stacked Dec

[Cap'n+Q]

I'm glad I'm not the only one who noticed this bias in the article. C'mon, people, are any of you really naive enough to believe that the government wasn't going to require security clearances for any one they let look at their surveillance software?

Re:Now wait a minute

[Cap'n+Q]

I seriously doubt they'll be able to avoid the impression that they've, as it was put, "stacked the deck".

They would have been accused of stacking the deck if they put anybody on the team who wasn't a convicted hacker. The media and most of the Slashdot community have already judged the government guilty; I'll be surprised if I see any objective reporting on this at all.

Persecuted by doing a review?

[graniteMonkey]

The FBI is forced to open up its system for a thorough investigation. The university folk invited to review it decline to review it. The FBI decides to review the system pretty much by itself.

Is it a stacked deck because they had to go to someone else with some sort of credentials to do it? And no, the RedHat Certified Security Dude or M.S.?.?.?. abbreviation you put after your sig doesn't count.

True, they could be looking for the rubber stamp, as another post said, but really, I don't know enough about the matter to say who they should've had look at it instead. Do you? (the "many eyes of the open source community" doesn't count)

Gee!

[Chasuk]

The team consists of members who have all either worked on large-scale government projects or currently hold active security clearances, including a top secret rating from the National Security Agency, a top secret rating from the Department of Defense and other ratings from the Treasury Department. Looks like the deck is just a bit stacked."

I suggest that this team consist of ordinary citizens. You know, people who are REALLY knowledgeable about security issues... plumbers, an electrician or two, that guy who sells orthopaedic shoes in the mall, a barber (yours or mine, it doesn't matter), a chiropractor, and even an aromatherapist. Oh, and let's not forget the Roswell "expert" who works at the deli, and the homeless woman who was once abducted by gray proctologists (and in a black helicopter - she does get a little confused at times!).

CERTAINLY they are more likely to have informed opinions! I mean, it is TOTALLY illogical to assume that someone who works in the security field would have any valid input. And these experts aren't real people... they are all clones, all drones of THE MAN, and we shuoldn't trust them!

Note: for those unable to tell the difference, this is neither troll or flamebait, but sarcasm.

Re:Gee!

[psychosis]

Well said...
Don't forget Homer Simpson, too... Mmmmmm... carnivore.... meat..... (looks at slobbered-on keyboard) D'oh!

Re:Gee!

[Darth]

Uh...i think you're confused.

i imagine the vast majority of people who are experts in security as it relates to computers are actively watched as opposed to having govt. security clearance.

the security clearance these people have dont mean that they are security experts, it means they can keep a govt. secret.

the problem people have with it is that when it comes to having a group whose job it is to make sure the govt. isnt abusing it's power, you dont want that group to owe their paychecks or jobs to the govt. you also dont want them to be agents of the group they are supposed to be criticising.

Darth -- Nil Mortifi, Sine Lucre

Re:Now wait a minute

[psychosis]

Go ahead and mod this one how you want... These are my feelings and I'm entitled to them.
YES. Security clearances are not out of the question for this kind of thing. If you have information that is potentially dangerous to national security, the information is classified. Since the source code is designed to be used for the protection of national security, it is therefore classified. (Or at least what's called "Law Enforcement Sensitive.")
Lots of people have security clearances. (Note: clearances not ratings) If you are going to look at classified information, you need one. Period. This is how we prevent other nations from getting our stuff. (I'm not making a case for how WELL we may or may not do this, though. That area needs a lot of improvement.)
What did you honestly expect? A class of CS101 students from some community college get to review the source code of Carnivore for their class?
P.S. Please don't start the "e-mail gets the same protection as US Mail. The US Postal Service IS the government. If you are a conspiracy theorist, at least do it all the way... :P

Re:Hmmm.

[Bilestoad]

Wouldn't be much of a change. I've never seen a politician that wasn't a karma whore.

Re:Did we expect anything better?

[PiterPan]

I wonder if feds INTENTIONALY picked universities knowing they would reject....

Feds: Yo, guys, check _this_ out.
MIT: We're not _that_ stupid ! We are not a rubber stamp factory, you know.... We teach people.
Feds: Mmmmkay, thank you for your _cooperation_ :)



--

Send in the Clowns

[dr_strangelove]

C'mon folks. It's not like the FBI was ever going to allow a REAL investigation of this bullshit. So they called in a team of beholden ringers. So what? I can ignore them just as well...

"The wise man believes only in lies, trusts only himself, and learns to expect the unexpected."
-- Tales of the Unexpected

Re:Whats /REALLY/ in carnivore, and other stuff...

[wmoss]

Superman has "X-ray vision" letting him see through anything that isn't lead lined. Knowing this, all of Superman's foes stupidly stick their most secret items into a lead container to thwart Superman's super-vision. But if most containers in Metropolis aren't lead lined, then the lead boxes conspicuously stand out to Superman because he can't see inside them. Raw text in messages may help hide dangerous thoughts because of the sheer volume of email on the Internet, but if liberty is in question it would be better if everyone started putting their routine correspondence in lead boxes.

Re:Get a hobby!

[plague3106]

Please explain why i must be punished b/c others can't control themselves? What if i don't want society in my life? I don't care to kno wmy neighbors. Just b/c i live around people doesn't mean i have to be like them, or that they have the right to tell me what i can or cannot do. Just so long as i'm not causing them harm.

Re:Um, duh?

[Cap'n+Q]

Of course, having all the IT people in the world get together, to force morality on the corportate world wouldn't work, but I'd be amused to see it tried. So, when do we plan to shut down every network and server in the US in protest?

As if the IT community has a monopoly on morality, or even a consensus of what's moral and ethical.

Re:Get a hobby!

[plague3106]

Ok, well why don't you switch from sending real letters to putting EVERYTHING on a postcard. Lets include your bills, medical facts, etc. People do send stuff like that over the net, and don't want it to be seen. Imagine if you got arrested one day b/c you emaild your grandmother that you had to spank jonny b/c he just would not listen. now you're in jail for child abuse. If you think the gov't doesn't care about you b/c you're not important, think again. Go ask some former soviet block citizens just how much the gov't didn't care about thier private phone calls. Many people were a bit more then upset to find out thier neighbor had been recording everything for the gov't.

Re:Now wait a minute

[re-geeked]

You and the FBI are both making a very important omission: the FBI investigates US RESIDENTS! They are not in charge of protecting us from foreign enemies!

As US residents, we once had rights like due process, the right to know all evidence gathered against you, and prohibition of illegal search and seizure. It is not just reasonable, but should be required, that we know exactly how law enforcement is gathering evidence.

It is not about how to best obtain security, it is about putting our liberty back into the equation.

FBI Deception..

[onion2k]

Having just read most of the Carnivore homepage it struck me that this entire program sounds like a big load of crap. They switch between descriptions of the 'carnivore software' and 'the carnivore box', they're terrific at descibing who they're going to catch, but vague about who is actually going to be able to access the information.

The site is full of contradictions, Barnum Statements, and rumours.

Is it possible, or even likely, that this whole Carnivore thing is a simple misdirection? We look at the right hand while the left hand does something much sneakier. Why is this an FBI project rather than say NSA or Interpol? Something weird is happening..

Apologies for sounding like a conspiracy type..

Re:Get a hobby!

[jcampbell]

Yeah, namely the thousands of e-mail addresses and personal information profiles they could be selling to insurance companies. That or essentially nullify the existence of my ISP's privacy policy, which I value dearly. I don't want ANYBODY looking into my personal correspondence with others. If that means we won't be arresting hardcore computer felons, so be it. The freedom of others should not be jeopardized in order to prevent or infiltrate a few minor crimes.

More reason to NOT trust the cops

[browser_war_pow]

And the gov wonders why more people are beginning to arm themselves. We are stuck between a rock (the criminal element) and a very hard place (the cops that want this kind of power). Frankly I have barely any more trust for the cops than I do for the crooks these days.

Re:More reason to NOT trust the cops

[Arimus]

Trouble is these days I find it hard to tell which is which...

Re:More reason to NOT trust the cops

[leereyno]

I know exactly what you mean. I'm sure you remember the big scandal in L.A. recently with police officers being caught falsifying evidence to convict people of crimes. Last I heard eighty something convictions were overturned. Now those people may or may not have been innocent. In fact I'd bet that at least half of them were guilty as hell. But that doesn't mean the cops, or anyone else, gets to deny them a fair trial.

I'm not a criminal, at least as far as I know. Who knows what kooky law I might unwittingly be breaking just by breathing. But lets assume that I'm truly not breaking any laws at all in any way. I'd still be damned nervous if I had to deal with the police on anything. The reason is that I don't think they care about guilt or innocence. In fact I seriously suspect they consider the public at large as one huge group of criminals.

The police are organized as a military outfit. As such they are taught the idea of "Us" and "Them." They are taught that there is an enemy to be fought and destroyed. What happens when a cop trained like this locks his sights onto an innocent person? It would be far better to train and organize the police to serve and protect the public according to their motto instead of establishing them as a standing army among our citizens.

It is a very good thing that we are arming ourselves. I'm armed and I'd encourage everyone else to be armed as well. The increase in gun ownership over the past few years is what has led to the consistent fall in the rate of violent crime over the same period. Contrary to "liberal" propaganda, guns don't cause violence, they prevent it. A gun in the hand of an honest person who posesses it for defense and protection is one of the best deterrents against violent crime I know. That same person unarmed is just someone waiting to be victimized. Banning guns only takes them out of the hands of people such as this. It does nothing to take them out of the hands of those who are not honest and who would use guns to commit crimes.

What I think is particularly amusing is the idea that the police are going to protect us from violent crime. If the police just happen to be there before the crime can occur, and they notice it as it begins, then yes they can be a good protection in that case. But usually the police are not there and it takes them a significant ammount of time to come once called, which is usually after the crime has already been committed. Because of this the police mostly act as armed historians, taking statements and making reports of what happened before they ever got there. How are they supposed to protect anyone in that capacity? They can't. In fact the idea of the police does far more to deter crime than the actual police do. Then of course you must consider what would happen if the only people who were armed were the criminal element and the police. The rest of us would quickly get caught in the middle as the distinction between the two blurred. If police departments are corrupt right now, imagine how bad they would be with even more power over the population?

Anyway, I'm not saying anything that others before me have not expressed more eloquently. Freedom depends upon the ability of the free to protect that freedom. Without guns our ability to do that is severely weakened.

Lee Reynolds

Indeed, I have a Top Secret clearance...

[devphil]

...and I'm as disgusted by Carnivore as any of you.

Clearances are about whether or not you can be trusted to keep a secret. Not necessarily about what your opinions are regarding wiretaps.

And just so you know -- no, the fact that I have a clearance is not itself a secret. Honestly, it's not the X-Files deal that /. readers seem to think, but that's another rant.

Re:Indeed, I have a Top Secret clearance...

[devphil]

And legality is all that's being discussed. Calm down; I'm no security risk.

My point in writing is not to show off nor to make the OSI nervous. It's to point out the fallacy that most of /. has; that somehow as soon as you get a clearance, you're somehow one of Them, opposed to all matters of privacy.

I'll return to the Hanger now; it's my week to feed the space aliens.

The Problem with using people with S/C

[kevinmaly]

The law clearly states that those with security clearances can only disclose what the government says they can disclose. This is not a independent evaulation, but a rubber stamp of Carnivore use.

Re:High Level Security Does Note Equal Stacked Dec

[SquidBoy]

High-level security clearance is not an orthodoxy exam, a litmus test, a whose-side-are-you-on interrogation.

Er, yes it is, that's the whole point. They are looking for people they can trust. People who agree with their purposes and world-view. To trust anyone else would, in their interest, be stupid. Your interests might be different, though.

The NSA may have progressed slightly from socialist=enemy of the state, but probably not much. I still wouldn't fancy your chances if you support Greenpeace, campaign against the arms trade, for freedom of speech etc. They know exactly who is in campaigning organisations, and it's not hard to cross-reference.

I don't think they'd bother searching /. though, except to find idle slackers to avoid or blackmail.

Not persuasive

[gunner800]

While I do not trust any review short of opening the source, this is not persuasive evidence of trickery.

So they've worked for/with the government before. That doesn't mean they will screw us over. What are their political inclinations? What do they think about privacy rights, "bending" the Bill of Rights, and Socialism (which we seem to be moving towards)?

It's not as if these people attend weekly rituals in which they chant "The FBI is good, Freedom is bad" whilst staring into flashing hypnotic lights.

We have names, and we know the school, so somebody go find students who have heard some of this group teach. Don't just jump to conclusions based on flimsy evidence.


My mom is not a Karma whore!

A Law School Dean w/Active Security Clearence

[doc_brown]

Did any of you catch the part about the Dean of the Law school and his active security clearence?

To quote:

[p. 30]

ACTIVE SECURITY CLEARANCES:

Interim Secret, DOD, May 2000

INACTIVE SECURITY CLEARANCES:

Top Secret/Special Intelligence, DOD, 1987 - 1992


As a former employee of Chicago-Kent (I left on good terms), this has been rumored around the school for a while.

Seriously, what good can come considering even the lawyers have DOD ties?

Re:A Law School Dean w/Active Security Clearence

[treat]

That just means he has a security clearance. Lots of people have security clearances. I worked for a fortune 500 company that does a lot of government work - about 1/3 of the company has a secret clearance. They were trying to get a couple of us sysadmins to get security clearances so that we could go into classified areas without being escorted.

A security clearance is not a big deal. And it doesn't mean you worked directly for the government.

Re:Unedited

Oh man, that's funny. A link copied from the article got moderated up to +5.

Time to go write a little script. The only hard part will be figuring out which link to use from the story...

Re:Now wait a minute

[DreamMaster]

If people know the exact mechanism the interception software uses, then they can figure out precisely how to get around it

This is already happening... companies are coming out with e-mail obfuscation software designed to protect against spy software like Carnavore, based on existing descriptions of how Carnavore works. They do stuff like stripping the headers, encrypting the text, etc.

So, it is certainly a valid concern on the part of the FBI that fully disclosing Carnavore would only aid in cicumvention software. But I agree that they've been, at the very least, a bit too selective in their choice of a review team. I seriously doubt they'll be able to avoid the impression that they've, as it was put, "stacked the deck".

Carnivore

[GigsVT]

Ok, suppose Carnivore makes it out, and gets installed at ISPs... How long before someone breaks into an ISP, steals the box, and posts the executable/code/reverse compiled result to the internet?

The ISPs would resent it so much, that it would probably happen quickly, with insider involvement.
-

Re:Carnivore

[eudas]

so the fbi tracks the loser down and shoots them.
or the fbi fucks the isp over for not protecting their box.

anyway, if someone DOES do that, what the hell... since there'll be other carnivores elsewhere, you can track 'em, right? :) find where they're posting from and track their sorry asses down. this thing isn't a one shot deal, it's a blanket.

eudas

Re:What the Clearance really means

[CharlieDee]

Wrong. I served in the Army and carried a Secret clearance due to the nature of the job. I knew many people with Top Secret clearances, and it was just a quick check. The real deal clearances are TS-SBI (Special Background Investigation) clearances and higher, those are the ones where agents talk to your family, friends, neighbors, teachers and anyone they can find who knows you. Having a Top Secret clearance just means that you are not openly a drug dealer, a Neo-Nazi, a wife beater, or a criminal. At TS level, they don't care about your views.

The incompetent are out to catch the stupid.

[q000921]

Even if the names had been blocked out correctly, they are publishing resumes with incredible detail. What is the point of blocking out the names?

How many "Division Managers, IIT Research Institute, Technology Assessment Division" can there be? How many "Professors of Law, Villanova University, 1981-1997"? Any skilled journalist or researcher could find the actual names of these people in a day, and if it matters would publish them.

The obvious conclusion is that the people involved in Carnivore are both technically incompetent (didn't they learn from the last PDF leak?) and apparently don't give a damn about even the simplest concepts about privacy.

But why get upset? It's the incompetent trying to catch the stupid. After all, Carnivore simply doesn't make sense in the presence of cryptography, remailers, web based message systems, and other widely available technologies. Anybody with even a miniscule amount of sense would know better than to send any information the FBI might be interested in through open E-mail.

Moderate this up!

[Deven]

Someone, please moderate up the parent post!

get your facts straight mo

[Jyminator]

Mo, You are dead wrong on security clearances. You need two things to access information. One is a clearance. You can be cleared for confidential, secret, or top secret. There is also special compartmented clearance but that's a subset of top secret. Then you need to have a need to know. I had a top secret clearance when I was in the Navy. That didnt mean I could walk into the NSA and start snooping. It also meant NSA guys couldnt come looking at all of my tomahawk mission data stuff either. Nobody just hands out clearances just in case they need them. Clearances require extensive background checks that cost a LOT of money. Government agencies have enough trouble clearing their own people, much less extraneous ones. You can bet if they had access to NSA material they were working for the NSA in one way shape or form.

Wrong!

[Jyminator]

You don't need to take a polygraph test. The only affiliation you have to list is the communist party. Yes, you do have to list where you lived. Ever applied for a mortage? Same type questions. At no point was I ever asked my views on anything. I had to list 3 character references, though. So I guess by your reckoning we shouldnt trust anyone with a home mortagage or small busines loan than either?

Ignore this.

[dbarclay10]

Ignore this.
'Round the firewall,
Out the modem,
Through the router,
Down the wire,

Whats /REALLY/ in carnivore, and other stuff...

[skiy]

right, everything so far discussed, e.g. Radius password sniffing, just picking up the sending and recieving of one particular email address, I accept these features are in the carnivore system.

Other features we can expect:
(1) instead of looking for email addresses in all the traffic, search for the PGP signature of the suspect.
(2) Dealing with that shit weak 56bit DES encryption that some people are still using, with an integrated hardware encryption cracking card, and when the NSA have that quantum computer they have been after, the strength of the encryption wont matter.

On topic for a moment:
this is hardly surprising, did anyone think, even for a moment that the review team would actually consist of "ordinary" people / acedemics.
That is too much of a risk for the NSA, if the true workings of carnivore get out, they see that as compromising it's effectiveness against criminals.

What I really don't understand is this:
Surely all the terrorists, hard-core child pornographers (well, Gary Glitter may tell you otherwise) and Kidnappers are using strong (and I mean strong) encryption to avert detection of their evil deeds, all who aren't are stupid criminals and deserve to be caught all that more.

But then again if we assume for a moment that it is really only the Evil People (TM) above who are using archival strength (>= 2048 bit) encryption, surely the encryption alone will be drawing the attention of the relevant law enforcement agencies.

But people, I am truly torn, I know it isn't possible to have a completely free world if we want to be free of e.g. Terrorism, but yet we all seem to want our privacy regardless.

just my £0.02.
skiy.

Re:Whats /REALLY/ in carnivore, and other stuff...

[alexpage]

But then again if we assume for a moment that it is really only the Evil People (TM) above who are using archival strength (>= 2048 bit) encryption, surely the encryption alone will be drawing the attention of the relevant law enforcement agencies.

This demonstrates, again, the need for high-bitrate encryption for *any* message, however trivial. An old boss would use 1024-bit plus encryption for office e-mail, so that when he sent something *important*, it would be indistinguishable.

However, until programs like Outlook Express come with serious crypto included by default, and being *used* by default, it's unlikely to happen.

Alex

Ignore this too.

[dbarclay10]

Ignore this too.
'Round the firewall,
Out the modem,
Through the router,
Down the wire,

Re:High Level Security Does Note Equal Stacked Dec

[wallabe]

"This is true, but then again in order to achieve high levels of security clearance you have to be square and lack the ability to think freely. Well you can 'think' freely, you just can't communicate freely. I think there is something fundamentally wrong with someone who lets someone else control his/her actions."

I take it you've been through the security clearance process and can actually speak knowledgley about this?

No? Didn't really think so.

You know when I went through the process they never once mentioned how I should think.... No they asked about drug use, affiliations with foriegn nationals, and police record. Don't remember if personal use of crypto ever came up as a topic of discussion.

Oh wait I see what you mean they don't really need to ask, they've got that brain reading machine that does it for them... Yeah, see we all know how unreliable a polly is so what they must really be doing is making you sit in a shielded room so that they can tune a brainwave reader to your specific frequency.... Yeah that must be it.

People that work at NSA/CIA/FBI are no differnt then the idiots (myself included) that post on /. and heck a lot of them might be the same people.

How do the people with security clearances allow others to control their actions?

Can they go to a baseball game?
Can they cheat on their spouse if they really want to?

I knew this one chick that worked at NSA (Air Force girl) that had her labia pierced.....

How do they force you to act in any manner that you wouldn't anyway?

Re:High Level Security Does Note Equal Stacked Dec

[MoNickels]

Er, no it isn't. The world isn't simply divided into pro-NSA camps and anti-NSA camps, or pro-Carnivore, anti-Carnivore. I would bet that a sampling of people with identical high-level security clearances--not those cleared specifically for Carnivore, which seems to be today's Willful Misunderstanding (TM)--would turn out a fair number of people on both sides supporting or decrying the project, regardless of the number of thick-heads who think any large body of people they're not a part of share a monolithic point of view.

Re:Hilarious, if not so sad

[Mawbid]

That's two times the US government has leaked information through this particular Acrobat feature. Don't these people ever learn? Don't they read Slashdot?! &ltg>
--

Re: Orthodoxy

[bobv-pillars-net]

In 1991 when I had to apply for my own clearance (to work in the red-badge section of Norfolk Naval Shipyard), I was surprised to learn that a recent Supreme Court decision made it illegal for the reviewer to ask about my political opinions or party membership. In fact, the decision made it expressly illegal to forbid a security clearance on the basis of membership in the Communist party.

So much for orthodoxy.

OTOH, would the case have gone the same way if the party in question was the Libertarian party?

Re:Now wait a minute

[SpyceQube]

Your point is excellent and well taken, but the FBI does have a mandate to protect us against foreign enemys within it's jurisdiction. The FBI's jurisdiction however, is limited to the United States. The FBI, historicly, has been the agency that performs counter-intellegence. The CIA is the exact opposite, performing intelegence activities but prohibited from acting within the US.

Rather ironic

[Keelor]

This really shows you that security through obscurity doesn't work. At least, not for PDFs.

~=Keelor

I'm the review board..

[Klerck]

and I give it an A+! go Carnivore!

What's the big deal here?

[caffeinated_bunsen]

I just don't get what everybody's so pissed about. These people are intelligent and honest enough to attain high-level security clearance with our government, and we don't think that they will give a fair and impartial review? The government has already made their job easier by restricting the review to what must be the most important aspects of Carnivore. With all this talk of conspiracy, I start to suspect that some proles don't think the Party has their best interest at heart. Every member of the review team chosen has previously proven themselves trustworthy to either the Ministry of Truth, the Ministry of Plenty, some even to the Ministry of Peace, and yet you do not trust them also? They are all Party members, good and true. To allow the review to be conducted by possible members of Goldstein's Brotherhood would be doubleplusungood. Besides, we really don't need to know exactly what Carnivore does or how it works. What matters is that our Big Brother has found a potential way to watch for thought-criminals and enemy spies, and has to make sure that it will work goodwise. Don't ungoodthink about it.

War is Peace
Freedom is Slavery
Ignorance is Strength

what about the EFF?

[Blue+Lang]

has anyone from the EFF come forward and offered to review carnivore? what about slashdot? anyone?

i'll review that mutha. actually, the people i would most like to see review it would be the openBSD team.

--
blue

Re:Um, duh?

[eudas]

november 22.

eudas

yes, and the tooth fairy, too

[q000921]

Well, calling it "top secret" makes it all sound terribly important. But the reality is that their "top secret filtering technology" is probably no better than what a smart graduate student in information retrieval could produce in a couple of weeks. And their encryption is unlikely to be any better than what is publically known.

The NSA fell for the "security through obscurity" trap. I think the only thing that classifying all that stuff does is that it makes them feel very important, an exclusive club.

What they are doing isn't bad because of some nebulous belief "information is sacred", it's bad because it's stupid.

Re:Now wait a minute

Yep.

If I were the government, I'd want a team of people where I could not only...

• Fire them (directly or indirectly, doesn't matter)
• Make sure they never worked in their chosen field again. (Like any other defense contractor would hire them after such an event?)
• Have a fully detailed, invasive background check on hand, so that you can destroy their reputation in a heartbeat with spinmeisters.

But the best one of all...

• You can sent them to prison for 25 years (give or take) for disclosing anything the U.S. Government decides is classified. And you don't even have to tell the public it's classified, you just have to tell the reviewer it's classified.

Brilliant, if underhanded, move, I must say.

Who do you think hands out clearances???

[SvnLyrBrto]

>it doesn't mean that the FBI will get the
>analysis they want. Cleared is not always
>synonymous with lackey, brown-nose, or hypocrite.

Uh... just WHO do you think gives out security clearances in the first place? Yep... Each and EVERY person who has any kind of security clearnce has been approved of by the agency founded by J. Edgar Hoover and which makes its residence in the building that bears his name! You DON'T *get* a clearance AT ALL unless you've passed the FBI's definition of orthodoxy.

It doesn't matter who you work for or why you need a clearance. Wanna work for the CIA? FBI has to approve. Wanna be more than a toilet scrubber in the Navy? FBI has to approve. Wanna build neat airplanes for Lockheed Martin? FBI has to approve.

They do the background check/approval for ALL security clearances.

Even to be a lowly electronics tech in the Navy... the FBI has to annoint you as being sufficently orthodox. I've personal expierence on this one, as a friend of mine listed me once as a reference when getting his clearance in the Navy. Well guess which fscking three letter agency starts calling ME??? Well, they finally gave up calling after about the seventh "Fuck You ".

>I've seen engineers with xxxx clearance turn red
>in the face and scream at the very brass who pay
>their contract and asked for the clearance.

It's not "the brass" that verifys that someone is sufficently subservient. You don't HAVE to be a lapdog to "the brass". It's J. Edgar's brainchildren that you have ingraciate yourself to.

PS.
If Echelon really *IS* real, and this message ever gets back to Mister Special Fscking Agent Davidson, a hearty FUCK YOU to you once more.

john

Resistance is NOT futile!!!

Haiku:
I am not a drone.
Remove the collective if

Re:Who do you think hands out clearances???

[CharlieG]

You were Navy? I know I got my clearance at the behest of the Navy (I was a civilian), and it was NOT the FBI that did it, but a "Private" contractor by the name of "The Defense Investigation Services Company", or DISCO. Yes, they followed the FBIs/Navy's rules. Of course, this was for a fairly low level clearance - I'm sure if you go TS or above, it's FBI

Re:Who do you think hands out clearances???

[wagnerer]

Actually with recent buget cuts the background checks were farmed out to private investigation corporations. That may have changed with recent security lapses at Los Alamos but it was PI's doing the work as of last year.

Congressional votes

[Sunir]

> Most congressional votes (And I think it should
> be *all*) are public - you know who your rep
> voted for

That isn't true. Most votes are verbal and aren't recorded.

Re:emmm what has been their record for public

[Felinoid]

People need to realise they need AT LEAST as much understanding of computers to use them..
as they have of driving in order to drive..

Cars and Computers are both very complex machines. The diffrence is a car lacks a user friendly interface and the computer dosn't drive off the internet into a website through a home page and into a data pool when you don't know what your doing. It all LOOKS perficly ok.

But rest assured just becouse people don't die when you do something stupid dosn't mean you can't do something stupid..
And computers aren't much harder to understand than a car..

Also failure to understand eather leads you to get ripped off... By car dealers, software companys or repair shops (of both)... the last being quite rare....

Re:Get a hobby!

[kingalobar]

hmmmm Mass punishment as a way of teaching us all...Lets just kill off hundreds of people ..innocent or not.. Just to give the really bad ones a good lesson.Nice try but no way.

What can we do?

[V0lk]

You'd think there would be more talk of this in the mainstream press. Or perhaps a way to alert our congressmen to this situation. There's a LOT of crap like this that happens and it's kept pretty hush-hush because of the outrage it would cause the general population. This IS an election year too. I don't want to wake up in 10 years and discover 10 FBI agents in my house confiscating my PC because I downloaded an MP3 or looked at the wrong nudie pics.

Did we expect anything better?

[spsheridan]

Honestly folks... the people who work at MIT, Carnagie Mellon... the ones who rejected this project, are highly intelligent respectable folks. If they showed up on my doorstep I'd let them use my phone. And they all stood up and did the right thing.. they said NO. This is not a review you want but a rubber stamp. Did the DoJ take this as an invitation to alter the requirements? No, they just went right on down the list until they found the only people who COULDN'T say no... the people who work for them. And so the rubber stamp will stamp a seal of approval and the only thing left to do is bring Carnavore to the supreme court for violating the 4tm amendment. Call back in 5 years.

Hmmm.

[Signal+11]

Let's see, after all the negative publicity surrounding Carnivore, not the least of which is its name, which evokes imagery of a huge machine eating its citizens (Big brother, maybe?), is it at all suprising they have "stacked the deck", as it were?

Remind the press that almost categorically down the line every major university has declined to review carnivore, citing the FBI's NDA, amongst other things.

The thought that ought to be on the mind of every citizen ought to be "What are they hiding?" This is a government that was, at one time, by and for the people. We were supposed to have a government accessible to the common man, and where things were out in the open. Most congressional votes (And I think it should be *all*) are public - you know who your rep voted for. Who's voting for Carnivore?

--

Re:Hmmm.

[Signal+11]

I think if there was a moderation system attached to government proposals, Carnivore would receive a "-1, redundant."

--

Re:Get a hobby!

[kingalobar]

I couldnt agree more just like when the Teacher would stop the whole class from going to recess when two dorks screwed off in class!

Re:High Level Security Does Note Equal Stacked Dec

[Chris+Mattern]

> High-level security clearance is not an
> orthodoxy exam, a litmus test, a whose-side-are-
> you-on interrogation.

True.

> Government clearances can be broad contingency
> certifications, just-in-case devices that cover
> eventualities.

Erm, no. Nobody holds a security clearance "just
in case". The agency applying for it has to
provide a specific justification as to *why* the
clearance holder needs that clearance to do his
job. When the clearance is no longer required,
it is revoked.

Chris Mattern

Re:Get a hobby!

[jcampbell]

Simply because you do not use e-mail for purposes other than personal correspondence doesn't mean others don't use it for more important reasons. I use e-mail to do business, talking to clients about money, web-site information. Passwords and account information is sent to me over my e-mail account. My e-mail box isn't my life, but it is often the center of my career because I work at home and I transfer electronic documents such as images over it quite frequently.

Derated me

[fm6]

I guess I'm glad my security rating is not much better than Saddam Hussein's. If I were one of the FedTrusted, some civil service webmonkey would publish my name, making me a target for every idiot who knows how to make a pipe bom.

__________

Surprise surprise .. *yawn*

[BeanThere]

Seriously, did anyone actually not expect this? Did anyone actually believe that Carnivore might really get an independent, unbiased review?

It can't be an 'independent' review unless they truly open the system up to the public for review. Until they do that, it cannot be trusted at all.

emmm what has been their record for public

[vluther]

didn't a similar leak happen with some spies and a report by the nytimes ? Why isn't anyone learning ? or why isn't Adobe making their product better ?
At the very least taking that embarrasing hole out ?

Secondly.. who picked these guys ? The spooks themselves ? If they're already in bed with the FBI or other Super Secret Agency.. why would they be objective ?

Unedited

[clinko]

The Unedited Version Can Be Found Here

RE:Clearance != Lackey

[CharlieG]

Your not kidding that every person with a clearance is a lackey.

I'll tell you right now that I _USED_ to have a "Secret" clearance. It's no big deal, in fact, I worked for a very low level contractor, and more than 50% of the programmers and techs had clearance, JUST IN CASE. Most of use never needed it, but there was always a chance we would have to be sent to a military base, and it's a lot easier to walk around with a guard.

I'll tell you that we would tell the bosses what we thought. I'd be a lot more worried about some of the other qualifications that are a LOT harder to get (tenure etc)

Re:Um, duh?

[Dr_Bones]

As if the IT community has a monopoly on morality, or even a consensus of what's moral and ethical

To listen to some of the talk here, you'd think we do. I'm of the opinion that as a group we (read: the /. audience) are a fairly sheltered people. Certainly, it would be really funny if we *did* shut down half the world, but it would probably never happen for ethical reasons. I know that I can't even reach a consensus about many things with friends and co-workers; it could happen, but no time soon.

Oh, and, please don't think I was saying we ought to attempt this. Yet.

Re:Need to Know? Breathtaking competence here.

[British]

And this is how the TV show "Get Smart" was born.

Well..

[mindstrm]

Given that it's federal stuff... they specified that whoever was on the review team HAD to have security clearance.

And where have most people, nay, all who have clearnace worked? Well.. to have government security clearance, you have to have worked for them..

What the Clearance really means

[TarPitt]

To get a clearance at the Top Secret level means the government basically owns you. A clearance is not just a matter of a criminal background check -- it involves serious on-the-ground investigation of your views, associates, and movements. Foreign travel and organizational affiliations are all fair game. You willingly submit to polygraph test (forbidden of civilian employers) to verify all this. I would not trust someone who undergoes this to protect my rights to privacy, free speech, free travel, and freedom of association one bit.

Re:What the Clearance really means

And just what crack were you smoking while in the Army? I have been one of the people that the were interviewed when my friend was getting his security clearance to work at LMCO. And that was definitely not for Top Secret clearance. The questions I was asked were questions about his character and activities but in general nothing of any consequence... also some questions about if he drank alcohol to excess, ever did any drugs.

Unless you have been a reference for someone getting clearance you have no idea what things they are finding out about people. Also unless you have ever been rejected for clearance you also have no idea what things they will reject you for.

As for your security clearance, let's just agree that the importance of Security clearance documents can widely vary. Since it is essentially the lowest rung on the importance ladder, they end up with morons like you just squeezing in.

Re:Now wait a minute

[mindstrm]

obscurity -vs- review isn't even an ARGUMENT with stuff like this.

If people know the exact mechanism the interception software uses, then they can figure out precisely how to get around it.

it DOES follow that if you are going to intercept something, you have to not let the other party know when and how you are going to do it.

Can you say

[jjr]

Conflict of interest. It is hard to ojective when have big contracts with the government.

Re:Can you say

[linzeal]

I just want to be able to emoticon a fart because that is all I can honestly say about this.

are we really surprised?

[ledbetter]

1) This is the FBI we're talking about, they're going to get someone to a) review it and b) say it's great!

2) Whatever the review says, is anyone going to be happy knowing that their e-mail is going through Carnivore?

3) Even if they published the full source code on the net for everyone to see, would anyone really trust that it's the same source that's compiled into the production box?

People, c'mon. There is really only one conclusion from the entire Carnivore ordeal: The FBI will soon have the potential to look at everybody's e-mail, so protect yourself accordingly. All this getting it reviewed crap is just a front. These guys are the government version of Microsoft; they want their dirty little fingers in Everything!

chances are YOU don't have to worry

[ledbetter]

believe me, 99% of the paranoid freaks out there all worried about Carnivore are way too boring for the FBI to be interested in!

whats the problem?

[jmd!]

I really dont see a problem with carnivore anyway. I mean, this is what encryption is for. If its not the US. gov't, its a script kiddie. Or the guy in the dorm down the hall. Or as bored sysadmin at your ISP. Your supposed to assume all internet traffic is sniffed. Why do you think VPNs exsist? This is the biggest non-issue i've ever seen. AOL uses web proxies, you dont think they have detailed statistics for all of their 20 million customers?

http://www.gnupg.org if you want private communication.

Been there, done that. Time for something new.

[Elias+Israel]

Democrats can't be trusted.

Republicans can't be trusted.

It's time to find some folks who understand privacy

Now wait a minute

[El]

If you were the FBI, and really doing this in the interests of national security, AND really afraid that somebody that understood how it works could circumvent it, then wouldn't security clearances for all reviewers be pretty much a prerequisite? I guess this comes down to the security through obscurity vs. massive peer review argument all over again.

Does this surprise anyone?

[Ribo99]

Of course the FBI is going to want people who worked on government contracts before. They have experience working with these people, they'd naturally be the people they'd ask first.
The thing that does suck is that they didn't disclose their names in the first place. This has been under close scrutiny by the public eye so much lately, anything they do seems sinister.
Don't get me wrong, I am completely against any sort of ubitiqous governmental snooping. Time to learn how to use GPG.... :)


---

stacked?

[fjordboy]

the decks are stacked? And here I thought they weren't playing with a full deck....

Maybe they just pulled the aces out and hid them in their sleeve.

Hilarious, if not so sad

[Private+Essayist]

From the article:

"On Tuesday, the Justice Department placed the 51-page PDF file online, with project information such as names, phone numbers, and government security clearances erased with thick black bars.

But it turns out that the information wasn't removed after all. Anyone with Adobe-supplied software -- or a text editor and a little bit of time -- can view the unaltered document.

It's uncertain whether the irony of public disclosure of personal information, by the very people who are in the midst of claiming they can be trusted to protect it, was lost on Justice Department officials, because they declined to comment on Wednesday. "

No further comment needed. A sarcastic remark is left as an exercise for the reader...
________________

Re:High Level Security Does Note Equal Stacked Dec

[PsiPsiStar]

I knew this one chick that worked at NSA (Air Force girl) that had her labia pierced.....

... and that information is accessed on a need-to-know basis.

Re:Get a hobby!

[BudhaPriest]

Have you ever heard of the bill of right?In case you haven't there is a part about illeagal SEARCH and SIEZURE.It says you need a warrent to SEARCH FOR and obtain evidence of a crime.Is just being online and using email probable cause to be searched.Should the virtual world be any diffrent from the real one? I am not arfaid the government is "out to get me."I just don't like my civil right being violated.

The old "masked out" PDF trick...

[VValdo]

Well, my faith in the technical competency of the FBI just went down a few notches, seeing as how they fell for the same trick that the New York Times did a few months back.

If they even can't get a PDF secure, how can we trust them with Carnivore?
W
-------------------

Clever Censorship

[SEWilco]

"...Professor Perritt has written widely on information technology including the influential book, Law and the Information Superhighway,..."

Oh, how clever. They poorly blacked out the name of an author but left the name of his book.

Although I imagine "pdftotext" would also have done interesting things to the blackout...

Re:You've proven the point!

[CharlieDee]

Ave19, thanks for your comments. I agree with you that carrying a clearance does not change your views. I smoked pot and had a pretty heavy drinking problem when I was a teenager, but I gave all that up before joining the Army. Did any of that stop me from carrying a Secret clearance? Nope.

We who allow the Government to examine our lives this way are doing so because we believe that the good of the nation is worth giving up a good bit of our privacy. Does this make us robots or slaves of the Government? No. Our views are still our own. If anything, we are the Government's harshest critics because we know it from the inside out.

I believe in the integrity of those Government people who will review the Carnivore code, but I think the issue is still one that the nation as a whole should decide on. The question is not whether the code works but whether having such a system in place limits our Constitutionally guaranteed freedoms.

Re:Get a hobby!

[zenpizza]

Come on now.. this is far from paranoia.. look at history (checkout http://historyhouse.com) for a sobering look at what America is capable of. I'm not saying America is evil, but I do advocate a realistic look at our country as something with a history of prejudice, bigotry, xenophobia and genocide. Reading email is the latest fight. We have to stand up for our privacy so this country stays cool.

Yep.

[Derek+Pomery]

Ran ps2ascii on the pdf, showed up beee-uti-fully.

Hm. Perhaps these "cloak n dagger" type places are losing track of the technology? Could it be that their employees no longer understand the tools they are using?

red herring! FBI != CIA != NSA != DEA (turf wars)

[abde]

one poster below casually mentioned that all these agencies are effectively the same thing. That's patently false. That's like claiming the Army, Navy, Air Force, and Marines are all one big happy family, which is a fallacy you'd have noticed immediately from following the recent hearings on funding for readiness and deployment. Why do you think the Marines have their own air wing?

actually there is fierce competetion between these enforcement agencies, not just for funding, but also for jurisdiction and information. They will fight each other fiercely and it usually takes significant arm-twisting to get cooperation.

FBI Directory Freeh actually has a lot of power on Capitol Hill - read this article for one analysis of how he functions almost as a lone wolf separate from Reno.

It makes great sense to only have people with classified clearances work on Carnivore - after all, they would be most compatible with the mindset of trying to keep information PRIVATE. Think about it - people with clearances (I used to have a Secret clearance myself) are trained to protect information.

And just because these guys from the NSA, DoD, Treasury, etc. are working on it doesn't mean that the integrity of their work is automatically compromised, or that they will rubber stamp anything. In fact these are IIT faculty who work with (but are not directly employed by) these organizations, just like professors at Caltech receive clearances from NASA to work at JPL. And even if these guys were hard-core NSA/DoD freaks and not IIT faculty, their interests would be in hindering Carnivore, not helping it, because if the FBI is allowed to use Carnivore and teh NSA isn;t that shifts the balance of power - something the NSA would be foolish to accept willingly.

Carnivore = Echelon? good grief!

Carnivore or not, use encription.

[bogado]

The carnivore is just a road sign thet sais that whatever you send/receive from the internet is unsecure. This is for me just another billboard that says that everyone must use encription.

I don't know if the NSA or the FBI have the computer power to unencript messages (I am very shure that they wouldn't say if they had it), but it would be impossible to unencript all of them. It would even more impossible to perform searchs in all of the encripted trafic.

Bottom line, use encription, pgp, smime, https, what-ever. Protect your privicy. Remember that they are watching not only americans citzens, but potentialy they would watch a great percentage of the world citzens that comunicates passing throught routers in the US. And this is unaceptable. Imagine how would you feel if your email to your frient in france would be monitore by the UK govern?


--
"take the red pill and you stay in wonderland and I'll show you how deep the rabbit hole goes"

Some Security...

[VivianC]

I guess there wasn't going to be much of a secret about who was doing this work since CNN was naming names eight hours before it hit Slashdot.

http://www.cnn.com/2000/TECH/computing/09/27/dean/ index.html

Still makes you wonder what the Justice Department considers 'private'.


Viv
-----------
I Use Napster. I use DeCSS. I buy over $1000 a year in CD/DVDs.

You've proven the point!

[TarPitt]

So there really isn't any issue with being required to list, under oath, every organization you've been a member of since the age 16? With being required to list, under oath again, every incident of illegal drug use -- regardless of how long past or its relevance to one's present life? With being required to list all instances of foreign travel ever made? These do not have a chilling effect on one's freedom? Why of course not - since the government never bothers to look at this information, and of course only undesirables (like "wife beaters") are denied clearances anayway. This is exactly my point - that people undergoing this process forget they have given up their liberties in the process (and sometimes take pride in having done so -- I know one person who brags about the polygraph he has to undergo for his TS clearance). I don't want people who find nothing wrong with all this making decisions on the appropriateness of government surveillance for the rest of us.

After seeing Spin..

[dreamcircle60]

..this Carnivore stuff become pretty scary. Our freedoms are being eroded bit by bit because nobody is standing up for liberty.

I can't believe how many of the SAME cast of characters in 1992 returned to the scene this year. It's one of those movies that really drops your jaw to the floor:

www.PhDepot.com/spin

Did Cryptome.org violate DMCA?

[VValdo]

After all, they circumvented technology designed to restrict access to information in the file.
W
-------------------

Six Million Dollar Man, Bionic Woman

[GlenRaphael]

The "OSI" was the name of the secret organization that Steve Austin (Lee Majors) and Jamie Summers (Lindsay Wagner) worked for. Oscar Goldman was the chief.

Seriously....

[Gryphin]

Did anyone expect anything BUT this to happen? It's a classic "we-need-someone-offical-looking" hall pass stuff. Just like when you were in school, and sweet talked the sub to let you do something cause you know the regular teacher that was there yesterday and will be back tommorow wouldn't let you get away with it. Truthfully, part of me is surprised that the goverment didn't try to find a way to sneak it in to all the systems it wants to. Maybe they did, and couldn't find a solution that didn't make them look like a remake of 1984. I know if i had something like this, my first choice of placement would not be "look at me, i want you to put this on your computer voluntarily".

That damned CueCat!

[mholve]

They must've been scanning their Radio Shack catalogs late at night when they thought no one was looking!

Um, duh?

[Dr_Bones]

Exactly what was expected? An actual panel of impartial people? Are we that naive?

What kills me is that people are really pissed about this. It's the *job* of the security agencies to do this. It isn't right, but it is what they do.

Oh, and, how many of you out there are working for corportations that monitor email/voice traffic? Better yet, how many of *us* are making this possible by doing our jobs? We whine about it here, but gladly take the checks that are doled out.

Of course, having all the IT people in the world get together, to force morality on the corportate world wouldn't work, but I'd be amused to see it tried. So, when do we plan to shut down every network and server in the US in protest?