Stacked Carnivore Review Team

Agent Z5q writes "According to this article at Wired News, the names of the Carnivore review team have leaked. (Cryptome.org on the ball as always.) The team consists of members who have all either worked on large-scale government projects or currently hold active security clearances, including a top secret rating from the National Security Agency, a top secret rating from the Department of Defense and other ratings from the Treasury Department. Looks like the deck is just a bit stacked."

Re:Hilarious, if not so sad

[_Sprocket_]

This kinda thing has happened before. Just makes me shake my head.

Papa Smurf as an allegory for the FBI?

[Froid]

If you ever have trouble explaining the approach the FBI is taking to someone, present him with this visual analogy. The FBI is Papa Smurf, and the FBI, and the little blue smurf is the American public. At first blush, it seems Papa Smurf is merely reading to the little smurf, but if you look more carefully at Papa Smurf's expression and the position of the little smurf on his lap, then you may get a clearer notion of what's really going on.

The Law People

[2quam4]

Let's see...
Henry Perritt
Here is his bio and home page. Excerpt from a paper of his: The Internet is a revolutionary phenomenon. It is not just a technology, but a way of organizing and connecting human activity, which emphasizes decentralization, specialization, and global cooperation. It is not merely a means for facilitating existing market and political institutions, but a way of redefining them altogether. The Internet is a new kind of market. It can be an electronic town hall in which rules are made, or an electronic courthouse in which disputes are decided.
...
The Internet threatens civic institutions such as the press, old interest groups, and professions (including the bar).
...
The Internet threatens established interest groups because it makes their techniques of recruitment, organization, and maintenance of membership solidarity less relevant.
...
The Internet also threatens market institutions such as stock exchanges.
...
In a larger sense, the Internet threatens traditional political intermediation because it threatens governmental control.
...
Not only must America's existing commitment to rule of law and interstate dispute resolution continue and be strengthened; America must also be more articulate in stressing the need for strong collective security arrangements.

Harold Krent
His bio and list of publications. I plan to review Executive Control Over Criminal Law Enforcement: Some Lessons From History, 38 AM. U. L. REV. 275 (1989).

What disturbs me is that neither Perritt or Krent are experts in criminal and/or constitutional law. It seems to me that that type of experience is what is truly needed while evaluating Carnivore. Carnivore is essentially a device, like any other device employed by law enforcement, for tapping information. I am constantly pissed off when the rules are bent, like in the case at hand, to treat an Internet-related device any differently. Moreover, the dean and the associate dean are to evaluate carnivore? They are one of the same.
Any opinions?
Please excuse me, this information makes me want to vomit.

Re:The Law People

[leereyno]

From Dr Perritt's paper:

"In April of 1996 the United States Institute for Peace conducted a conference on "Virtual Diplomacy," exploring the interaction between new information technologies and international conflict management. During the conference many speakers observed that information technology threatens traditional political institutions. One panel explored the possibility that information technology threatens sovereignty itself.

Ordinary citizens as well as diplomats have instantaneous access to information about world events as they occur--through CNN sooner than through the CIA. Ordinary citizens interested in environmental protection or human rights can reach out and touch counterparts in other countries through the Internet, bypassing international treaty negotiators appointed by their own governments.

Overlapping revolutions in information technology and the convergence of communications, broadcast and data technologies into a single digital network of networks typified by the Internet, have undermined old political institutions and simultaneously made new international institutions likely because they make it feasible to reach across geographic political boundaries. [FN1]"

I for one don't understand why this is a problem.

The idea that the governments of the world are supposed to have some kind of priviliged existence above that of their citizens is incorrect.

Institutions exist because they are needed. They have no inherent right to exist beyond that. If an institution has something to fear from the empowerment of the people, then that institution is not working in the best interests of the people and should be reformed or abolished.

The internet does not threaten the sovereignty of any government whose power is truly derived from the consent of the governed. Government which works for the people and which is ultimately directed by the people can only benefit from technology which allows better communication and access to information.

Unfortunately much of the policy created by the US government is detrimental to the rights of its citizens and is therefore dependent upon their ignorance. The ability of spin doctors and politicians to paint a pretty picture on top of an ugly deed or policy depends on our being unaware of the true facts of the matter. The more we know, the less they can lie to us and get away with it.

I can only imagine that the situation is worse in other parts of the world where lies, corruption and oppression are the very foundation upon which the government sits. A government such as this has a great deal to fear from the internet. Take China for example. The leaders of its communist party should be very, very afraid right now. Its only a matter of time before the foundation of their power crubles. It may take decades but the beginning of the end for them is here now.

In short the internet worries the powers that be because it is what will replace them with the powers that will be.

"I tip my hat to the new constitution,
take a bow for the new revolution,
smile and grin at the changes all around.
Pick up my guitar and play,
just like yesterday.
And I get on my knees and pray,
we don't get fooled again."

Lee Reynolds

Re:Alternative Choice

[Tairan]

I can tell you the review right now.

"After months of reviewing the 'Carnivore' system, we have decided there is nothing bad about it at all. In fact, this machine is completely secure, and is impossible to hack. It uses an advanced security method, New Technology File System, developed by Microsoft to keep its files protected and secret. This device is so great, every ISP in the world should have one. We, completely unbiased and open-minded, believe there should be a carnivore unit sitting behind every connection to the Internet - from the smallest DSL line to the biggest OC-128.

Again, we state, that there is no reason this should not be put out."

Maybe I should clarify

[pridkett]

Once again, I attend IIT, so maybe I'm biased here. I also know Dean Perritt and Harold Krent. In fact I've worked closely with Hank Perrit on a variety of projects. We didn't always get along, but I feel confident he will do a good job.

As a bit of a background, Perritt was one of the founders of a program called "Project Bosnia" which is designed to help restore the information infrastructure to Bosnia. Since then it has expanded to KRISYS Net (Kosovo Refugee Information System Network). I had the fortune to work with Perritt on both of these projects. Perritt is very aware of many of the issues that can come up from the filtering of information and government snooping of information as a result of these projects.

I've heard some comments about not being a criminal law expert or constitutional law expert. KentLaw is probably the best school to do this because it has such a focus on technology law. All you need to do is to look at the homepage and see the school has it's stuff together when it comes to the internet and the new world order.

As for IIT's relationship to this whole thing. KentLaw and IITRI operate fairly independently of the school and the main engineering school didn't have much (or anything at all) to do with the proposal. I'm not sure why the names were kept confidential, I just asked who was in charge of it and got a response in a few hours.

Need to Know? Breathtaking competence here.

If you've ever worked at a place that has security clearances, one of the things you learn is that part of being secure is not giving information about the clearance to anyone who doesn't need to know.

Even the existence of a clearance is need to know, not just the level. Even if we leave out the text that has been revealed behind the blackouts, the existence of active and inactive clearances was still plain.

Wow. I was impressed before, but now I am even more deeply impressed by the level of obfuscation. Secrecy doesn't just beget tyranny; it begets stupidity.

The folks who are doing the analysis may have clearance, but it doesn't mean that the FBI will get the analysis they want. Cleared is not always synonymous with lackey, brown-nose, or hypocrite. Let's not only prepare for the worst case review, but also an honest review. Just because you have a clearance doesn't mean that you will always agree with the folks who passed you the clearance. In fact, I've seen engineers with xxxx clearance turn red in the face and scream at the very brass who pay their contract and asked for the clearance. The brass didn't like it, but they signed the report.

straw man

[jubandhu]

Doesn't anyone else think that this whole carniwhore thing is a straw man? If I remember the timing, the gov't was getting too much heat on the whole echelon thing so they conveniently drop carnivore into the public's jaw so they public can have something to chew on. Let the public vent their anger on something stupid. In the meantime, whatever real system they have running will keep on ... secretly, out of the public's attention.

Re:straw man

[Apotsy]

Good point. Drawing attention away from Echelon might very well be the true purpose of Carnivore. If so, it seems to be working. Looking back over this story, I see that your post is the only one that actually mentions Echelon. It's like everyone just collectively forgot about it.

The more I think about it, the more I think you're right. Carnivore might have been created to serve several puposes, but one of them is likely to act as a decoy for Echelon.

P.S. "Red herring" is probably a more apt description than "straw man".

High Level Security Does Note Equal Stacked Deck

[MoNickels]

Dear imbeciles,

High-level security clearance is not an orthodoxy exam, a litmus test, a whose-side-are-you-on interrogation. These people who have NSA clearance may never have worked for the NSA, met anyone from the NSA or visited NSA facilties. Government clearances can be broad contingency certifications, just-in-case devices that cover eventualities. It's not like once you get security clearance they automatically invite you to office parties and give you keys to the building.

Was it the 100,000th Slashdot registration that was the turning point between informed community of geeks and paranoid band of idiots? Or was it the 250,000th?

Sincerely,

Mo Nickels

Gee!

[Chasuk]

The team consists of members who have all either worked on large-scale government projects or currently hold active security clearances, including a top secret rating from the National Security Agency, a top secret rating from the Department of Defense and other ratings from the Treasury Department. Looks like the deck is just a bit stacked."

I suggest that this team consist of ordinary citizens. You know, people who are REALLY knowledgeable about security issues... plumbers, an electrician or two, that guy who sells orthopaedic shoes in the mall, a barber (yours or mine, it doesn't matter), a chiropractor, and even an aromatherapist. Oh, and let's not forget the Roswell "expert" who works at the deli, and the homeless woman who was once abducted by gray proctologists (and in a black helicopter - she does get a little confused at times!).

CERTAINLY they are more likely to have informed opinions! I mean, it is TOTALLY illogical to assume that someone who works in the security field would have any valid input. And these experts aren't real people... they are all clones, all drones of THE MAN, and we shuoldn't trust them!

Note: for those unable to tell the difference, this is neither troll or flamebait, but sarcasm.

Re:Hmmm.

[Bilestoad]

Wouldn't be much of a change. I've never seen a politician that wasn't a karma whore.

Re:Did we expect anything better?

[PiterPan]

I wonder if feds INTENTIONALY picked universities knowing they would reject....

Feds: Yo, guys, check _this_ out.
MIT: We're not _that_ stupid ! We are not a rubber stamp factory, you know.... We teach people.
Feds: Mmmmkay, thank you for your _cooperation_ :)



--

Re:Now wait a minute

[re-geeked]

You and the FBI are both making a very important omission: the FBI investigates US RESIDENTS! They are not in charge of protecting us from foreign enemies!

As US residents, we once had rights like due process, the right to know all evidence gathered against you, and prohibition of illegal search and seizure. It is not just reasonable, but should be required, that we know exactly how law enforcement is gathering evidence.

It is not about how to best obtain security, it is about putting our liberty back into the equation.

Whats /REALLY/ in carnivore, and other stuff...

[skiy]

right, everything so far discussed, e.g. Radius password sniffing, just picking up the sending and recieving of one particular email address, I accept these features are in the carnivore system.

Other features we can expect:
(1) instead of looking for email addresses in all the traffic, search for the PGP signature of the suspect.
(2) Dealing with that shit weak 56bit DES encryption that some people are still using, with an integrated hardware encryption cracking card, and when the NSA have that quantum computer they have been after, the strength of the encryption wont matter.

On topic for a moment:
this is hardly surprising, did anyone think, even for a moment that the review team would actually consist of "ordinary" people / acedemics.
That is too much of a risk for the NSA, if the true workings of carnivore get out, they see that as compromising it's effectiveness against criminals.

What I really don't understand is this:
Surely all the terrorists, hard-core child pornographers (well, Gary Glitter may tell you otherwise) and Kidnappers are using strong (and I mean strong) encryption to avert detection of their evil deeds, all who aren't are stupid criminals and deserve to be caught all that more.

But then again if we assume for a moment that it is really only the Evil People (TM) above who are using archival strength (>= 2048 bit) encryption, surely the encryption alone will be drawing the attention of the relevant law enforcement agencies.

But people, I am truly torn, I know it isn't possible to have a completely free world if we want to be free of e.g. Terrorism, but yet we all seem to want our privacy regardless.

just my £0.02.
skiy.

Re:High Level Security Does Note Equal Stacked Dec

[MoNickels]

Er, no it isn't. The world isn't simply divided into pro-NSA camps and anti-NSA camps, or pro-Carnivore, anti-Carnivore. I would bet that a sampling of people with identical high-level security clearances--not those cleared specifically for Carnivore, which seems to be today's Willful Misunderstanding (TM)--would turn out a fair number of people on both sides supporting or decrying the project, regardless of the number of thick-heads who think any large body of people they're not a part of share a monolithic point of view.

Did we expect anything better?

[spsheridan]

Honestly folks... the people who work at MIT, Carnagie Mellon... the ones who rejected this project, are highly intelligent respectable folks. If they showed up on my doorstep I'd let them use my phone. And they all stood up and did the right thing.. they said NO. This is not a review you want but a rubber stamp. Did the DoJ take this as an invitation to alter the requirements? No, they just went right on down the list until they found the only people who COULDN'T say no... the people who work for them. And so the rubber stamp will stamp a seal of approval and the only thing left to do is bring Carnavore to the supreme court for violating the 4tm amendment. Call back in 5 years.

Hmmm.

[Signal+11]

Let's see, after all the negative publicity surrounding Carnivore, not the least of which is its name, which evokes imagery of a huge machine eating its citizens (Big brother, maybe?), is it at all suprising they have "stacked the deck", as it were?

Remind the press that almost categorically down the line every major university has declined to review carnivore, citing the FBI's NDA, amongst other things.

The thought that ought to be on the mind of every citizen ought to be "What are they hiding?" This is a government that was, at one time, by and for the people. We were supposed to have a government accessible to the common man, and where things were out in the open. Most congressional votes (And I think it should be *all*) are public - you know who your rep voted for. Who's voting for Carnivore?

--

Re:Hmmm.

[Signal+11]

I think if there was a moderation system attached to government proposals, Carnivore would receive a "-1, redundant."

--

emmm what has been their record for public

[vluther]

didn't a similar leak happen with some spies and a report by the nytimes ? Why isn't anyone learning ? or why isn't Adobe making their product better ?
At the very least taking that embarrasing hole out ?

Secondly.. who picked these guys ? The spooks themselves ? If they're already in bed with the FBI or other Super Secret Agency.. why would they be objective ?

Now wait a minute

[El]

If you were the FBI, and really doing this in the interests of national security, AND really afraid that somebody that understood how it works could circumvent it, then wouldn't security clearances for all reviewers be pretty much a prerequisite? I guess this comes down to the security through obscurity vs. massive peer review argument all over again.

Hilarious, if not so sad

[Private+Essayist]

From the article:

"On Tuesday, the Justice Department placed the 51-page PDF file online, with project information such as names, phone numbers, and government security clearances erased with thick black bars.

But it turns out that the information wasn't removed after all. Anyone with Adobe-supplied software -- or a text editor and a little bit of time -- can view the unaltered document.

It's uncertain whether the irony of public disclosure of personal information, by the very people who are in the midst of claiming they can be trusted to protect it, was lost on Justice Department officials, because they declined to comment on Wednesday. "

No further comment needed. A sarcastic remark is left as an exercise for the reader...
________________

Clever Censorship

[SEWilco]

"...Professor Perritt has written widely on information technology including the influential book, Law and the Information Superhighway,..."

Oh, how clever. They poorly blacked out the name of an author but left the name of his book.

Although I imagine "pdftotext" would also have done interesting things to the blackout...

Did Cryptome.org violate DMCA?

[VValdo]

After all, they circumvented technology designed to restrict access to information in the file.
W
-------------------