Slashdot Mirror
IIT's Carnivore Review "A Sham"?
plastickiwi writes: "According to the Chronicle of Higher Education, U.S. House of Representatives majority leader Dick Armey is on the warpath about the Illinois Institute of Technology's nascent review-in-progress of the U.S. government's Carnivore technology. Find the article on their site.
'It's a bad idea to have people with clear political ties reviewing a system under political scrutiny,' said a spokesman for Armey. In a prepared statement Armey referred to the review as 'a whitewash.' Ouch."
It seems that the problem is about two specific people on the review board.
One stopped working for the Justice Deptartment over 13 years ago, and has since been involved in litigation against the Justice Dept.
The other simply _has_ worked for the Clinton Administration in advising information policy, but has also worked for the Republicans.
I think if you look at the comments being made by the illustrious Congressman's staff, they are simply PR ploys. I honestly don't see the conflict of interest here.
Anyone else have information that shows a conflict of interest? Specific information? Just becasue someone has worked for the government does nto mean they are biased. You could lose a HUGE pool of really talented candidates for any kind of independent study that way.
Everyone has political affiliations, if you stretch it far enough.
"Mr. Diamond called it "laughable" that the Justice Department, while struggling to assure the public that Carnivore does not intrude on individuals' privacy, could not protect the privacy of review-team members."
Unfortunately, those of you browsing behind content filters will be unable to read Dick Armey's statements.
Corby
I may know the terms. That doesn't mean I use encrypted e-mail. Others who do not know need to read it. Now the Right Way is to make encryption transparent and make Carnivore-like systems preety much a non-issue. But that's not today. Maybe not tomorrow. And the problem is right now.
Why worry?
It's the little encroachments that need attention, that's why worry. They grow.
Where do you draw the line?
"It's just e-mail."
How about "it's just a phone call"?
Voice can be digitized and scrambled as well. Do have a phone that does this? I don't. Maybe someday this will be a standard feature of phones. Meanwhile we're careful about who gets to put what on the lines. It's not perfect, but there is some protection of privacy (freedom).
We do not live in a world tolerant of even each other's skin colors or beliefs or even acts that are legal. These are not all readily made private, but the point is the intolerance exists. Thus there is a need to protect freedom by having privacy which at least works for some things. Freedom without privacy would, at the very least, require universal tolerance. I don't foresee that happening anytime soon.
I'd like to know, for sure, what Carnivore really does. And how the results will be handled.
What information is really collected?
Can it do more than collect information?
Is it really selectively collected?
If it is selective, how do we know it will stay that way?
Who gets to see it?
Does it get archived?
Who has access to any archive?
What happens if something is "leaked"?
When (not if) Carnivore fails, is it likely to at least fail in a way that won't compromise privacy?
"Trust me." is not good answer to any of those.
I worry because it is far easier to lose freedom than to win it back.
I don't subscribe to RMS's GNUtopian vision.
(ok, the title is probably going to get me marked as a "troll", but I think it's really relevant...)
I'm worried about the level of "purity" we seem to be demanding of anyone these days, in all sorts of situations. The reason I titled this post "Requiring Virgins" is that it almost seems as though we insist on a level of untouchability that no one can reasonably meet. That is, we're back to the "if your daughter's not a virgin on her wedding night, well, she's a slut and obviously not marriagable." It used to be (back in the old, old, days) that if you discovered your wife had actually slept with another man before you married her, it was grounds for instant divorce (and pretty much complete social ostrication); never mind that men slept with anything with 2 tits and a hole (pardon my French).
Two recent examples here on /. : Judge Reinquist's son and the Dean in this story. There may be lots of reasons why IIT is not a good choice for the review, but complaining that someone who isn't doing the review, nor is directly involved in the review in any way once had ties to the DOJ 13 years ago is ludicrous. Likewise, the whole thing about Reinquist and his son (who's so peripherally tied to the MS cases it's silly) is muckraking.
This usually comes up in political cases, where random associates or old-and-forgotten acts are used to tar-and-feather someone unreasonably. But I'm seeing this in lots of other aspects, too. We seems to be expecting that anyone involved in anything we care about has a level of untouchability that only cartoon characters can have. People, if you don't have a "Conflict of Interest", you're not qualified to do it. By this I mean that you can't possibly work in a field without having some ties to something that theoretically might be a "Conflict of Interest". We seem to have lost all reason in judging these things.
I'm tired of living in a society where people seemt to think that the only way to "trust" someone is to have everyone live in a glass house under a microscope all the time. And it's not just corporations and gov't invading our privacy. It's you and me, too, everytime we cry to see something we have no business looking at (fundamentally, why the outcry every time political candidate refuses (or hell, is even late) releasing their tax returns? That's fucking private, and isn't germane to the issue!)
Full disclosure is one thing. However, full disclosure with an anal probe, and being disqualified because you have a pimple on your ass is another. I'm tired of this crap.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Indeed - why worry?
Just because you are emailing a friend something that you believe is perfectly innocent, yet because of the totalitarian, conservative, fundamentalist laws we have, which number in the thousands (if not higher), most of which you cannot even begin to know, due to the convoluted nature of the language they are drafted in (notwithstanding the sheer number) - what you sent is actually somehow against the law (perhaps it was a letter explaining how to reverse engineer the new Captain Crunch decoder ring, and you fell afoul of the DMCA), and thus you should be brought up on criminal charges.
Why worry indeed...
I support the EFF - do you?
Reason is the Path to God - Anon
What's to stop the FBI from offering
Black Box A
for review, but using
Black Box B ("Carnovore 2.0") once they get so-called approval?
The shitty thing is that in a few years-- if not stopped now-- it'll all be taken for granted that Carnivore, the DMCA, etc. are ok.
-------------------
-------------------
This is my SIG. There are many like it, but this one is mine.
We're From the Government and We're here to Help (Beware Greeks Bearing Gifts) - Of course if the goal is limited to simply the execution of an e-mail-tap (?) then this is all you'd really need. No magic 'Carnivoure' boxes that can (but we promise it won't, trust us we're the governement) also see other traffic for which it has no warrant? The are no coincidences with regards to the Federal security apperatice. To assume incompetence & stupidity may be reassuring but to accept that assumption would be foolish at best.
The Camels Nose. - The goal is obviously to place a device into major ISP's networks. As someone else said, carnivore 1.0 get's approved but we end up with carvinoure 2.0 or better. 1.0 is the kinder gentler version while 2.0 would be the leather clad, chainsaw weilding, ass kicking version (from hell). Geez, there is really nothing magic about our freedoms. They are being eroded by venal, power hungery men - not "the government." Corrupt individuals. Hoover's extensive files on enemies is fairly well known. He used the agency as a personal tool of power. As long as we elect charismatic men of low character we'll continue to get what we deserve.
Control the Chokepoints - Even if all those involved with Carivoure and similiar systems would never abuse it, what is being created are the tools of a despot and we permit their existence at our own peril. Any group who willingly place collars about their necks should not be surprised to find a chain attached to it.
Todays Reading list:
The Puzzle Palace (inside the National Security Agency...)
-James Bamford
ISBN 0-14-006748-5
Ever try Rev? It's a caffeinated cooler. Tastes pretty good, too.
I'm not saying anything pro-gore, the post isn't to promote anyone.
Bush and Gore both owe their privileged status to oil money. Little Bush's saving moment came when Big George got him fat oil contracts, somehow getting him past big boys like Exxon and Mobil. No string pulling there.
The whole Gore family is owned by Standard Oil. They have been since before Al was even born.
I'm not pushing an agenda, I'm not trying to sway anyone's vote, I'm just worried and wondering. I have a question that I'd really like answered. If you see that as being against your view on drugs, the very fiber of the American family, etc. then you're being WAY too defensive and mising my point.
I'd like to know about the CIA ties. Our privacy is eroding moment to moment. Before we possibly put the White House in control of a CIA wonk, I'd like to know.
Ramesh Ponnuru on the thought of a Gore victory: "Imagine a Birkenstock on your face, forever".
haaaaaaaaaahahahahahaha... Who is Ramesh Ponnuru? That's going at the end of my emails for a while.
Personally, I think that it's great to see the Republicans getting interested in this. For quite a while they've been much more inclined to take a pro-police power stance as part of a tough on crime platform, while Democrats have generally taken more of a civil liberties attitude. If the Republicans are starting to see internet monitoring as a problem, the chances are very good that it's going to get canned, since both major parties are going to be against it.
There's no point in questioning authority if you aren't going to listen to the answers.
Thank you, Anonymous Coward.
Of course, the quick'n easy fix if you don't trust carnivore would be to encrypt all your stuff before you send it. Which you really should be doing anyway. If you don't even want them to see who you're talking to, encrypt it to the recipient, add a remailer block, encrypt that to your favorite remailer, repeat as many times as you feel necessary and then send. I've taken to using VM from EMACS because it makes this sort of thing trivial. Hopefully Evolution will have similiar features for those people who don't like using their text editor to send mail.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
...in this election season...
'It's a a bad idea to have people with clear political ties reviewing a system under political scrutiny,'
Let's see.... G.W. Bush has a total of 5 years of political experience... He's been nominated mainly because of his ties to his dad... His dad was the head of the CIA for many years.... Somehow enough strings were pulled to get someone with 5 years of political experience nominated for president... Who could pull those strings?
Why isn't ANYONE talking about G.W.'s CIA ties?
'It's a bad idea to have people with clear political ties reviewing a system under political scrutiny,'
No, it isn't. It's a bad idea to have people with the *wrong* political ties reviewing it. Let the people with the privacy and hacker political ties at it, if you want a real answer.
Heck, Congress, if you want a real review, then *make* the FBI give one over for a real, public review. Let the opencarnivore team have at it. Give me one to rip open. We'll tell you what it does.
The problem is that a true comprehensive review is impossible without access to the inner workings of the box. Nobody who will fully disclose to the public the risks of Carnivore is ever going to be given access to those inner workings. (The government clearly either has something to hide, or they are relying on security through obscurity.) Anyone who can be trusted, isn't going to agree to the terms. If MIT or Berkeley were to agree to the terms necessary to get access to the inner workings, then those institutions wouldn't have the reputations that they currently have.
So, at best, the only analysis that will ever come from a trustworthy party will be one that can only study the box from the outside (or one that can crack it to reveal its secrets).
I don't think MIT and Berkeley are going to be too interested in studying a black box from the outside, and they are especially not going to want to put their reputations on the line and say that it's safe, just because they don't find anything. (Why? Because they won't know for sure.) Hackers may be the ones who are willing to do the only job that can be done.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The Justice Department defended its choice Friday, observing that Mr. Perritt and Mr. Krent had also worked in Republican administrations.
Anyone falling for this? Here's a hint. The political affiliation of your boss does not determine your status as biased or unbiased. This guy may have loved both the Democratic and Republican bosses he had and think extra Governmental control is necessary. Or he may have memories of "Man, having this info would have made my job so much easier back when I worked for the Justice Dept." Both of these possiblities are biased and both are bi-partisan.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
That's just too funny and too scary at the same time. If I ever witness a crime, they can count me out of the Federal Witness Protection Program; I'm moving to Tahiti!
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
"But Ms. Watney blamed the oversight on "administrative staff" at the research institute, saying they had provided the file to the Justice Department with the names already redacted, and that the department had merely posted the information online."
Diamond: Whatever shall we do, oh wise one?
Armey: What we do everytime we don't want blood on our own hands.
Diamond: You can't mean... no... it's too horrible!
Armey: We have little choice in this matter. Summon the Independent Counsel!
Gooonnnnnngggggg!
Starr: You rang?
Armey: We require your services, most illustrious independent minded and ever so fair one!
Starr: No problem, I'll find Clinton guilty for only $26,000,000 this time.
--
Chief Frog Inspector
A feeling of having made the same mistake before: Deja Foobar
I think the whole point of what Armey's saying is addressing all your things he didn't explicitly mention, except one. And that is that the premise of Carnivore is a violation of civil liberties just by existing. On that point, he's hearing one story from the Clinton Administration, and another from the rest of the world. The whole point of an independent review is to sort out exactly what carnivore does and how it does it.
I mean, talk about nit picky. When /. went up in arms about it, Congress demanded a review of Carnivore. Then, we got mad when we found out that everyone who would review it was working for the president whose people built it-- and Congress is mad about that, too. Trying to jump in the Majority Leader's head and find a reason why this isn't good news is really reaching. We complain that noone is doing the right thing on these issues, then when someone does, we fish around for reasons to still be mad at them. Sheesh!
We should be overjoyed that people are fighting for what we believe in, instead of just saying that they are hip to the internet and then trying to shove the clipper chip down our throats. (or national ID's or stopping fair use, or holding up encryption export, et al.)
Didn't we read that the entire review team seems to have top-secret level clearance? That some are ex-DoD people? That not a single one of them is a legitimate researcher or scientist without government ties?
You know what we need to do? Get a team of students. Not even graduates, undergrads. A pair of EE majors, and a half-dozen CS majors. Give them the device. Come back a month later, they'll be able to tell you what it does, how it does it, and how you can use it to screw iwth other people's stuff.
Let me get this straight, Armey is biased against people who worked for politicians/government, accusing them being untrustworthy. Sounds like a strong endorsement to me. Oh, wait, it's election year, silly me.
--
Chief Frog Inspector
A feeling of having made the same mistake before: Deja Foobar
Let's consider some of the things he did say:
- Members of the team have political ties.
- Names weren't removed correctly.
That's all well and good, but let's look at the laundry list of problems he didn't mention:- The premise of Carnivore is a violation of civil liberties just by its existance.
- Most of the people involved aren't engineers, they're politicos (just academic politicos).
- Allowing the authors to choose the reviewers AT ALL won't ever work if you want unbiased reviews.
- Keeping the process secret simply encourages people to come up with conspiracy theories which will never EVER be dispelled.
- That just doing things like winnowing and chafing will remove any ability for Carnivore to do its job.
Ordinarily, I'm not one to look a gift horse in the mouth. But considering some of the things that Dick Armey's mouth has spouted (the Barney Frank incident comes to mind immediately), I'm not willing to take this as a victory.We want to win this by fighting on the right issues, not turning it into a political football. The moment it becomes a purely partisan battle, the larger issue is ignored and lost to all of us.
Like I said here when the big-name schools first turned them down: they'll surely find some suckups to give them the rubber-stamp job they want.
But it is nice to see the House looking after our constitutional protections for a change (as opposed to their usual habits).
--
Sheesh, evil *and* a jerk. -- Jade
For the millionth time, it's NOT IIT doing the review. IIT is a tech school that is stuck in the awkward situation of being wedged between a huge government research project (IITRI) and one of the world's largest companies. (Motorola). Lets all be correct and talk about IITRI's review of Carnivore. Moderate me to hell...karma is like an ex-girlfriend,: it was good while it was here, but you don't give a damn when it's gone...
"I threw up my hands in disgust and wondered if it had been such a good idea to have eaten my hands in the first place."
They thought that Bush could provide solid, unsullied character to stand up next to Gore and his association with Clinton. Unfortunately for the Republicans, Americans don't really care if their politicians are slime balls.
Well, that's what their line is. I'm not buying it for a second.
I'm not calming down anytime soon, either, we had 8 years of the Reagan puppet, then 4 years of Bush himself running things the CIA way, now we're looking forward to possibly another 4 years of puppetship...
And Carnivore still would have been created under a Republican DOJ, bet on it. The FBI's internal culture is authoritarian, has been since the beginning, through democrat and republican administrations alike.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Armey's just worried someone is going to put Carnivore on an ISP link and block everything that contains the word "Dick".
--
What happens when you outlaw guns
If you have a two bucks, you might want to place a dollar on each one.
Remember, this is a goverment that been tapping phone systems since the 60's. I'm pretty sure it's not just email they want. Most likley it's going to sniff all traffic, crack what it can, send to the lap what it can't do localy, and look for keywords in all text. Along with this, record the traffic from all machine, track useage and users, and profile everybody.
The Goverment want to know everything going on the internet, just like they know everything thing is the water, every plane in the sky, every voice being spoken, every object in orbit around the Earth. This goverment want to know it all.
Ok, maybe they just want to know email. Well sometimes, the only way to be able to track "emails" is to be able to get everything from $b from $c to $d to $h from $x going to $y coming from $v. Once they are able to do that, they crack the simple 128 bit cypto, enter a little password, crack a system, and find out what Billy and his Child Porn Super Store has or what plans is at Mark's Super Bomb Depot, first hand. How ever most likly, they crack into a freedom fighter camp in some third world country, find thier record, bomb thier base to hell and back, send in the army, we lose a few men, but who care it's not our sons. We place a goverment in control they delieve us millions of gallons of oil and we're all happy as hell in the us, thanks to out wonderful goverment taking care of our trist for oil. And we all sing "it's for the childern" and proudly standup saying "we can kick the world's ass!"
Ok, maybe that's a little far off. maybe they only was to kindly "remove' that damaging report about someone high up in goverment raping some girl and her brother dieing the same week in "a car crash". Or that grass root group that discover gross secerts about the goverment. Of course it could be use to remove the unnice web site showing how to hack some corp product.
The "tracking email" part is just a cover. There is no end on what a system like this can do. Simple being there is enough to raise questions, screw that. It's enough to panic.
How many people bitch and cry about a kiddie port scanning thier network? How about packet sniffing? How many hours after hours does a sysadmin secure his network? How many patches are appiled to secure a system? How many NSA keys are in software? Do you guys really trust a goverment with this much power of your lives? I don't. This goverment is after one thing now, control over the people. Moden day inslavement.
I don't know about you, I more worried about the goverment cracking my system then MrBadA$$ Cracker. Heck, MrBadA$$ just have to offer me some shells or mp3's and I'll let him have access to my collection of files.
MarNuke
Uh, dude, just what do you think Carnivore IS? It's basically a glorified packet sniffer. There are tools already out there that do everything it does and more that the kiddies play with on a daily basis. The sticky point is that the kiddies and crackers have to try to sneak access undetected while the government can force ISPs to install it on their systems. The review isn't about the technical side of how it works - it's about what controls and limits (or lack thereof) are built into it. How do we know that they're only looking at Joe Crack-dealer's email and not at Wally Politically-incorrect's email as well?
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Remember Orin Hatch's hearings on Napster and the DMCA? Hatch said that the way they designed the bill, it was designed to be fully fair-use compliant. But that the court rulings and the interpretations the RIAA and MPAA are using are way skewed away from what the bill was intended to do.
That is what happens, sometimes. You write something intended to do one thing, and then it does something else. How many patches make a large software system stable? Same deal.
They were worried about protecting the rights of authors against bootlegging; but the bill is now being applied in ways which it was never intended to work (user licences, DeCSS, etc).
House majority leader -- that means republican. Hemos is posting. CmdrTaco has previously stated his republican hatred. Interesting... I wonder if there are political flames wars in the geek compound....
Me: Why are people with classified clearance on the review group?
DOJ: We thought that information was secret!
Me: You didn't answer my question.
DOJ: What question?
We aren't that stupid. Give me a break.
Burn Hollywood Burn
I remember reading, not to long ago that this guy was supporting the use of censorware, even though his own site was filtered becuase of the word "Dick". Woo I'm glad this guys fighting for MY freedom.
I got the power-up and beat the level.
> has actually mailed (via snail mail, you know damn well email doesn't count) their representative about Omnivore
And besides, if you use e-mail the FBI will read it and add your name to their list of known subversives.
--
Sheesh, evil *and* a jerk. -- Jade
--
Sheesh, evil *and* a jerk. -- Jade
You just made my point. Script Kiddies don't know _how_ the tools they have in their hands work. Neither do most random undergrads. You think they would recognize the controls and limits which are built into the code? I understand why the original poster wanted it to go to new people, people who have the "God's in his heaven and everything is right with the world" kind of views of morality. ie people who wouldn't see much in the shades of grey which Carnivore obviously falls into. Sure they'd scream "This might violate privacy. Programmers are supposed to respect their users!" Just like the undergrad texts teach, but I simply don't believe they would have the technical skills to be able to understand all the possibile uses(abuses) of the software.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
Selling tech to Chinese- maybe, well, sure. Wish I had time to find the link, but recent report indicated the Chinese were on track to develop such tech anyway- so why not let our companies profit first?
;).
Rampant drug use- ya, sure, and the Reaganites weren't all coked up in the 80's. I'll take Clinton pot smokers over Reagan cokeheads ANY day. Plus, what's been proven?
Nat'l Security- that definitely needs improvement, no doubt. Gore will get on it next year. However, I submit that regardless of the president, it would have happened anyway. With the explosion of the 'information age', it would have been a miracle for any administration to totally secure our 'secrets'.
Corruption of liberal media- what are you talking about? The media has always been largely liberal (I believe because they actually see life how it is, and not as conservatives imagine). What corruption? They've done a fine job taking the pols to task...
Scandal after Scandal- will not ever stop. Everyone has a scandal or two; just til now, we didn't have the means to compile a persons entire history in a few days. Clinton made a lot of dumb moves- I don't respect him as a person. But as a president, I have little to complain about (overall
Sexual harrasement- goes to the above. He's an idiot. His wife probably whips him on a whim. Whatever, he's still doing a fine job.
Military readiness- needs to be kept up, but doesn't need drastic improvement, from what I've read. Build a few more ships, couple hundred tanks, few hundred planes- and KEEP investing in tech, as we've been doing- and we're good. There's NO need to return to the mindless spending (to the domestic detriment, though the 'victory' of the cold war) of the Reagan era.
We've done fine, from what I know, in our past conflicts. We need to buy/build some new things, but Bush and his hawks are way out there.
I agree- please don't waste votes on Nader. He's not gonna win, and if Bush does...we got trouble. Gore may not be the most honorable man, but hell of a lot moreso than Bush. At least he owns up to his past drug-use. And anyone who is actually aware, realizes Gore never said he 'invented the internet' and as was posted here previously, has been absolved of his mistaken comment.
Plus, with Gore, we're assured a longer lasting environment than Bush would ever uphold- "cleaned up texas'? Surely you can't imply environmentally!
Interesting, xtermz, that you realize 'take a chance with Bush or suffer 8 more years of clintonism'- cause while I'd like to agree that Gore will do two terms, IMO, the market is gonna crash hard in two years (at most) and Gore's never gonna be forgiven for it.
You republicans had best start finding a TRULY responsible and honorable person for 2005!
Kinda like Moe, but just a little more Kool
You know this is getting offtopic, but something really bothered me today. There were people all over my campus, hundreds of people, holding up signs, all day. What were they protesting? Nothing.
They were advertising their candidate for Homecoming Queen and King.
Why do people choose to live with their head in the sand? Why waste your time on stupid shit like that, when you could be trying to change things for the better. I could just imagine that many people holding up signs calling for a debate on the Drug War, or that many people holding up signs protesting the ludicrous state of Intellectual Property.
-
I've had enough abrasive sigs. Kittens are cute and fuzzy.
has actually mailed (via snail mail, you know damn well email doesn't count) their representative about Omnivore (is that what the open source carnivore is called?) and asked them why the fbi spent so much money developing it when a few people came up with it in three days? i know i haven't...
--
Peace,
Lord Omlette
ICQ# 77863057
[o]_O
C-net posted an article yesterday on how over half of the FOA documentation released to date has been blacked completely out ( except for page numbers ). All they want is a rubber stamp to proceed to deploy this beast.
The unescapable conclusion that we all must jump to is they are trying to hide something. Why not just have the box pass already established DoD security measures, and have the "Carnivore" application open for peer or government contract review? Because they do not want anyone to know that these things are actually part of the escelon snooping network.
This is a ploy to desguise whole scale privacy violoations to the highest bidders, under the guise of ligitimate govenment wiretapping.
even if it is not today, what happens when the rubber stam goes on this beast and they start to change the source code? Tell me the FBI is without corruption and who would be able to question thier athority?
He's Jesus Christ! He's the Devil! He gets the DMCA passed, and then is disappointed. It's cool and all that's he's calling this like it is, but some consistency and forethought would be nice, nicer than pointing out it's bad after the fact.
___________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.