Slashdot Mirror
First Look Inside Carnivore
EPIC requested almost 600 pages of data on the FBI's
Carnivore
through the Freedom Of Information Act. Yesterday, about 200 were "redacted in full" (withheld) and the rest were sent with varying amounts of black marks. EPIC is scanning them and
putting them online
as quick as it can; SecurityFocus has
an interesting overview.
It turns out the supposed email scanning tool also stories copies of webpages you read, and, at least in an earlier version, looked into tracking voice-over-IP.
Just for reference:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The slashdot headlines have been known to be terrable misleading at times, especially recently. I wouldn't take anything in the headline and brief as fact until I actually read the articles pointed to. Second, just because the predicessor did something doesn't mean the current one will too. How exactly did they lie? 3rd, Carnivore isn't entirely evil, thinking that is just as bad as the MPAA thinking that napster is inherantly evil. Carnivore can be used to good, law abiding things, jsut like napster. Many people here on slashdot repeatedly say that napster isn't about piracy, it's about getting music that SHOULD be free. Carnivore is about catching the bad guys.
While the cat and mouse game can go on and on and people who want to go through all the effort of encrypting or otherwise evade any monitoring techniques can perpetuate it, that's not the real issue, IMHO.
One of the real issues is the everyday netizen who doesn't believe that they have any reason to need to be at all afraid of undue monitoring. This is a basic matter of privacy and fundamental freedoms.
What scares me is that the only people who will go through all the hoops to have some modicum of privacy are a) the ones with less than good intentions b) the paranoid c)the out-and-out criminals d) the computer elite who stay on top of the latest technical concerns with such matters and are able to be at least somewhat sure that they're privacy isn't being violated.
Anyone else is thus, all of the sudden exposed to a potential threat of monitoring, suspicion (due or undue) and danger that hasn't been seen in the USA, even during the time of Hoover or McCarthy. Frankly this scares the shit out of me, and I think it should scare everyone else as well. While I do very little in my life that I would have a problem if anyone else knew, it scares me that when enough power and enough suspicion are brought together, even the innocent and well intending can be "proven" guilty.
yes, yes you are :-)
Unfortunately, the analogy to the phone/wire tap breaks down in one crucial way; the carnivore system is analogous to the government having a permanently setup tap on your phone and all they have to do to listen to you is take their earplugs out. In a wiretap case, they cannot, and are not allowed access to the phone system without a warrant. In the carnivore case, they've already been given access and there is only a promise that they won't abuse it.
That's a HUGE difference and if it doesn't scare you that the very organizations that are supposed to enforce the law don't themselves obey it, then I cannot and will not be able to convince you that the threat posed by carnivore to *everyone* is very real. And for that, I am truly sorry.
Balancing constitutional rights with what "law enforcement" wants is not always easy.
Seems quite easy to me. If you want to live in a free country you say "screw you" to law enforcement and enforce the Constitution. If you want to live in a totalitarian state you say "screw you" to the Constitution and help law enforcement.
Personally I'm quite willing to let some drug-dealers walk, know some kids have been abused, and watch the Oklahoma bombing all over again if the alternative is to start giving up our Constitution. Freedom must be paid for in blood. You can't change that.
I certainly wouldn't. And I'm just as willing to die by a terrorists actions as I was to die in the US Navy at the hands of a foreign aggressor. In fact I see no real difference between dying one way or the other, either death is in service to our Constitution.
Absimiliard
I can respond to this, since I just sat in on a class at which the two guest speakers(FBI guys with the suits to prove it), who are very high up in the FBI Carnivore and Encryption programs, spoke about this very topic.
;-)I saw version 1.3.4 I believe, and 2.0 is being worked on. The speaker stated that when they come to install Carnivore, the ISP is given the option of using software they provide and trust in place of Carnivore if such software can meet the demands of the court order. Most ISPs will not want to do this because they will then be reponsible for testifying in court about the evidence collection methods.
1) Criminals are dumb. One speaker relayed conversations he heard through wire taps in which one caller told another caller to keep his voice down the Feds might be listening.
2) The FBI wants all commercial encryption software to use recoverable means. Not by some secret backdoor that only the government posseses, but one that a dis-interested third party can use when the Feds have obtained the necessary court order to do so.
3) Your question will then be, why should criminals use software with built in recoverable means. See #1. Criminals are stupid and will use methods that are easily available to them.
4) The NSA will not get involved in Carnivore. The purpose of the FBI is to collect evidence that can be used in a court of law. If the NSA is involved, then they will be forced to reveal that they had the ability to crack this encryption or that bit strength. Doing so relates back your very own statement that you want to keep your methods a secret. If the NSA is known to have an ability, then the people they spy on will change their methods. That is because the NSA actually has to deal with Intelligence (gent) operations, not stupid criminals.
5) The FBI only performed some 350 wiretaps last year. Combined nationwide with local authorities, state, and Federal, only some 1320 were done. To date, only 25 Carnivore installs have been done. That is going back 2 years nearly. The majority of wiretaps are for Drug cases, and the majority do not amount to any evidence that can be used for a conviction. I could not get clear information on how useful the 25 Carnivore installs have been.
6) Carnivore runs on Windows NT. They have a team of engineers whose sole purpose is to worry about the security. I think they spend the day looking at microsoft.com and hoping they have downloaded all patches.
7) I asked specifically about the use of Open Source programs in relation to # 6. The speaker waffled and did not seem to like the idea of Open Source for fear that known methods will lead to criminals using methods for evasion. Which does not seem to tie in at all with the dumb criminal theory the other speaker insisted upon. Instead, they would like to see a Commercial vendor make a product they could use, and that the methods of collection (how to track a dynamic IP assignment)
8) Criminals aren't all that stupid all the time. The biggest and the baddest will be quite smart and will use smart methods. Since these are some of the ones we want to catch the most badly, they will not use recoverable encryption either on the telephone or over the Net and Carnivore and wiretaps will do no good in the investigation.
9) I forgot what I was talking about.
Alright, that's it, I'm moving to Mars ASAP. Now if only the Mars Society had the $3000000000-$10000000000 it would take to fund four or so missions. At least Mars is 30000000 to 240000000 miles from Totalitaria^H^H^H^H^H^H^H^H^H^Herran, so we could have some vestiges of freedom, although the 5-20 minute delay on internet access would be a bitch, especially if antisniffer boxen were put in.
I would say the Moon, but that's too easily controlled. Mars has many more elements in easily manipulatable and accessible forms that would be necessary for self-sufficiency of a permanent settlement.
Any other future Martians here?
crystal dragon wrote:
I am not so naive as to think that ;). My concern was whether or not the FBI was overstepping its mandated powers in this regard. As I understand it, only certain agencies of the U.S. government have been granted the power to investigate foreign activities (this is not to say that said foreign powers allow this, only that the U.S. government has said, "This is what you do."), just as only certain other agencies have the right to investigate domestic activities. Even if you take a dim view of the ethics of the U.S. government as a whole, you'll have to admit that stepping outside one's established bailiwick is something even they don't like. (cf. attempts by those other than the Secret Service to investigate large scale counterfeiting, and the response of said agency).
The minute the government starts letting agencies define the appropriate kinds of actions in which to engage, is the minute that the government loses even its minimal ability to prevent abuses against its own people. I don't know about you, but the only thing I worry about more than a big bully in the sandbox (the U.S. government) is a gang of little bullies (unchecked agencies fighting amongst themselves when they aren't united at crushing some external threat). However badly they start treating U.S. citizens, you can bet diamonds to doughnuts that their treatment of non-U.S. citizens (*cough*me*cough*) will be that much worse.
-TBHiX-
Didn't Pat Buccannan say he would get rid of the FBI if he's elected?
I don't know about Pat, but I bet Harry Browne of the Libertarian Party is willing to remove any federal agency.
crystal dragon wrote:
If you want to see a real hullabaloo, check out what happened a few years ago when CSIS (basically the Canadian spy agency) had undercover agents planted in certain active hate groups. Not a pretty story, as I recall.
-TBHiX
You are dead on target about the chain of custody issue... in order for evidience to be admissable, LE/prosecutor has to be able to account for it's whereabouts & integrity for ever second from the time it is collected until after the trial (and even then they have to retain it basically forever, at least for some times of crimes)
This is all speculation until we get an unbiased, nonpartisan analysis of the beastie. This kind of crap is why EVERY single frickin' packet that goes out over the wire needs to be encrypted.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Does anyone else besides me see a conflict-of-interest in letting government agencies decide what they want to declassify?
I honestly to not understand the large amount of panic over the home surveillance system. So far as I am aware, you will only be tracked if you are suspect to criminal activities, in much the same way as more traditional wire taps. If you are genuinely worried about what impact home surveillance will have on you, then maybe it is time YOU SHOULD STOP DOING WHATEVER ILLEGAL OR QUASI-ILLEGAL ACTIVITES you are currently engaged. If aren't engaged in said activities then why on Earth are you worring??? "All power to the Soviets"
Big Brother is Watching.
-
I've had enough abrasive sigs. Kittens are cute and fuzzy.
First we must remember just how incompetent the FBI is. With everything they had on Lee at Los Alamos they couldn't do jackshit. The trial of OJ Simpson shows how weak law enforcement is with presenting evidence. Therefore I say that they surely don't need MORE evidence when in most cases having as much as they do they just plea down the defendant or blow the case totally. I have absolutley no faith in a law enforcement juggernaut run by the current administration. The FBI are nothing but the Clintons lackeys? Heres a question. If this rascal gets implanted what will the net citizenry do? What action would they take if any? Why does this all sound like a Gibson novel?
The rest of that line could be "via encrypted modem dedicated connection", or something similar.
That would let them use a transparent tap network card.
Politas
Is it too much of a stretch to get a carnivore box defined to be an electronic soldier? After all, the new documents show that it carries out a very broad intelligence gathering function.
What the hell is so secret we can't even see what it's called? We could tell you, but then we'd have to kill you.
This has been a test. If this had been an actual Sig, you would have been amused.
True, and that was a HUGE abuse of FBI powers, but IIRC that was under J. Edgar's term. He had all sorts of hidden agendas. C'mon this is a guy that tapped Frank Sinatra for little mob nuggets.
If you are somewhat an optimist, you might believe that Director Freeh might not have alot of hidden agendas. The story goes that Edgar kept tabs on everyone to keep himself in power. That really isn't a problem now, since the Director's position is now more dynamic. But hey, this would be IF you are an optimist.
I doubt your agreement with the ISP has anything to do with wether or not your carnivore can be hooked up, becasue it's not your ISP tapping you, its the FBI.
In the specifications for Carnivore 1.2 one of the features listed is: /ca rnivore/evolution.html
"Remote control of system from another location [Rest of line blacked out]" from http://www.epic.org/privacy
Now they could be talking about the user's system, which is really scary, but I read it to be talking about the Carnivore box. Which would seem to suggest a port or two being left open.
-prak
-prak
I honestly to not understand the large amount of panic over the Carnivore system. So far as I am aware, you will only be tracked if you are suspect to criminal activities, in much the same way as more traditional wire taps.
If you are genuinely worried about what impact Carnivore will have on you, then maybe it is time YOU SHOULD STOP DOING WHATEVER ILLEGAL OR QUASI-ILLEGAL ACTIVITES you are currently engaged. If aren't engaged in said activities then why on Earth are you worring???
It's called encryption. I can't wait until enryption (no back doors, please) becomes as ubiquitous as a paper envelopes. Let 'em scan THAT.
Did anyone else try to guess what words were maked out?
:)
The (noun) system is capable of (verb) (adjective) (plural noun), while remaining (adjective) and (adjective), provided that the (adjective) (plural nouns) are (state of being). It is important to note that (phrase).
If only I could see the documents EPIC has, so I could pull a Mad Libbish phrase out of the Real Thing... Can't seem to get anything from the server they're on. Slashdot Effect?
---
Hold the mold, Klunk.
Good judgment comes from experience.
Experience comes from bad judgment.
Given my background, my initial reaction to the box was 'Cool, that'd make it so much easier to catch "Mr. X"' (Mr. X was/is a sick sick sick child molester that I was helping 'da man track down evidence against). But the more I think about it, the less I like this.
There are already plenty of ways to acquire evidence of electronic communications that fall unquestionably inside the bounds of the Constitution. I totally understand what the FBI is thinking here, but sometimes you get so involved in something that you can't see the forest for the trees. It's tough to spend your life catching heinous criminals and _not_ get an 'end justifies the means' attitude when it comes to these things. That's a dangerous path to tread though, which is why I thank God for the checks and balances that exist inour government.
Keep fighting the fight, and have faith - this box _will_ go away if we do our part.
Think outside the... Hey, where'd the friggin' box go?
Carnivore runs on FBI-supplied hardware, not on the ISP's mail server directly.
The Carnivore box works like any packet sniffer, it needs to be on a hub or switch's span port to receive a copy of all traffic destined for the ISP's mail server.
If the FBI had decided to use Linux as the underlying OS, would you still be as joyful?
I do not deploy Linux. Ever.
You see, the probable cause is where they've got us. They know that we're all doing naughty things all the time. But, at least we can take comfort in the fact that they are also doing naughty things so we can search them back. We just have to figure out who they are.
You never really know how close to the edge you can go until you fall off.
Gee, thanks for explaining, stubob. I guess I really didn't understand the "Top Secret" clearance I used to hold.
Silly me.
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
It's doubtful that the network card will be physically capable of responding to any packets, so antisniff, nmap, Satan, etc will not do you any good.
One such product I have worked with is the Shomiti Century Tap, a 10/100Mps Full duplex transparent network tap. Undetectable without either a TDR or physically tracing the wires.
This also means that unless you have physical access to the machine (e.g. you work for an ISP at which the FBI has placed a Carnivore box), there is little possibility of running any exploits against weaknesses in the underlying OS.
From the articles I have read, the Carnivore dumps the collected evidence to tape, the FBI can then send an agent to retrieve the tape from the ISP. This makes sense from a 'chain of custody' standpoint, it's easier to explain to a judge how the FBI is sure the evidence has not been tampered with than if it was uploaded electronically to www.fbi.gov.
I do not deploy Linux. Ever.
Here's a nice paper by Matt Blaze & Steve Bellovin at AT&T/Bell Labs -
m l
http://www.crypto.com/papers/carnivore-risks.ht
Enjoy. Eat your veggies!...
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
Could measuring network latency reveal the presence of Carnivore? I know some work is being done to find firewalls this way.
If your children ever found out how lame you are, they'd murder you in your sleep
They took great care in reminding us of improperly classifying things that should have been unclassified when I got my Secret clearance ages ago. It's apparently done often enough that they stress it as much as not classifying things that should be labeled Confidential, Secret, Top Secret, etc. I find it amazing and highly disappointing to see this all classified- the things that weren't redacted were disturbing enough as it is. This isn't a mere e-mail sniffer like it's been implied. This is an uber wiretap for the Internet.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
It seems, as Americans, we have a fork in the path. The American Government has taken our rights, stomped on them, and expect us not to care !? It was the intention of those who created the American Government to add a scheme in which, in the case of the Government becoming corrupt, that it's citizens may abolish it and rebuild a new government. THE AMERICAN GOVERNMENT HAS SECURED IT'S TOTALITARIAN CONTROL OVER THE AMERICAN PEOPLE BY HAVING THE NSA,FBI, AND CIA STRIKE FEAR INTO IT'S CITIZENS AND CONTROL THEM LIKE SHEEP. Carnivore is just another one of it's tools to take away our freedom! People who say that digital information is not protected in the constitution are full of shit. Information is information, whether stored in atomic, genetic, or electronic form! Shit, for all we (we being non-government people) know, the US Government could have generated those released documents themselves and blanked out some shit to make us think they are hiding something, just to lead us away from what they are really hiding, THE FACT THAT THEY WANT TO CONTROL US, TOTALLY AND COMPLETELY! Pretty fucking soon, we won't be allowed to think for ourselves anymore! I propose we work beyond the government by creating a protocal of information transfer that builds on top of common protocols of today. For all we know the government may have already implemented complex quantum computers that can break public key encryption like expensive china! We must be able to have freedom of thought, freedom of action, and freedom of word, if we are to be free!
"Your pen is bugged..." "How do you know? " "This is an action thriller"
The fact that I live here gives me much information on what they do, at least as reported by the major news networks. If only they would stop losing briefcases full of top secret documents .
Too bad they didn't just use PDFs with extra markup added to overwrite the secret parts, eh?
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Steps like this and this, perhaps?
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Remember that many computers these days come with microphones and cameras, which will become even more ubiquitous in the future. Most people absent-mindedly leave the microphone and camera connected when they're not using them, so if the FBI wanted to, they could use Carnivore (see the documents about remote control of a system) to covertly install software to take pictures and sound recordings and silently transmit the data to them - as compressed sound or still pictures for low bandwidth connections, or streaming video for high bandwidth connections. This becomes more feasible now that persistent high-speed net connections are available and affordable to more people.
Your computer may be transmitting everything you say and do to the three-letter-agencies, and most people won't even notice. Welcome to 1984 ladies and gentlemen.
Meldroc, Waster of Electrons
I wonder if it would be possible to remove the redactions from the documents? Obviously this is probably only semi-legal, but it would be in the public interest to at least attempt it.
Does anyone know of methods for distinguishing between various inks/toners placed on a page?
Taral
WARN_(accel)("msg null; should hang here to be win compatible\n");
-- WINE source code
You know, I always use the "video cameras in your house" argument against this stuff.... but I always use it as a logical exaggeration to get people to think about this stuff. I never thought that I would hit the point so soon where I am not exaggerating anymore.
-
I've had enough abrasive sigs. Kittens are cute and fuzzy.
This certainly looks to be more than an Email waire tap to me. I guess I had better stop reading the Communist Manifesto, the FSF's web site and this photo essay on "Nubile young teens and their dogs."
Is there any talk of putting this on backbones or just ISPs? ie, being an international jetsetting playboy was there any talk of watching the world?
--Giving to trolls for the benefit of us all
In September 1998, the FBI network surveillance lab in Quantico launched a project to move Omnivore from Sun's Solaris operating system to a Windows NT platform.
It runs on NT! I feel much better now that I know it runs on an unstable platform.
Picture a group of frustrated FBI snoops staring at a BSOD instead of your email...
- ------------
-----------------------------------------------
---
Segmentation Fault ( core dumped )
I didn't know that Carnivore might also have abilities to monitor voice-over-IP. Just this ability, alone, is enough to make me run for cover. With more phone companies and internal business systems going to VOIP, how easy would it be to listen in to our phone conversations? Maybe I am just paranoid?
1.1 History - Carnivore is software that runs under Windows NT with Service Pack Three or Better...
So all those ISPs that run Linux is safe. Good.
Balancing constitutional rights with what "law enforcement" wants is not always easy. Since Carnivore largely amounts to a tool for gathering intelligence, it's quite understandable that the Feds don't want to release details. The first rule of intelligence gathering is to keep your methods secret -- otherwise your targets will be able to adapt and avoid interception.
Of course, if the targets use strong encryption, Carnivore is worthless (without the NSA, of course). Which leaves us with the question, who is Carnivore actually aimed at? Criminals who are smart enough to use email, but dumb enough not to encrypt, and evil enough to have committed federal felonies? Somehow I doubt that that group is large enough to justify Carnivore.
---
---
"Go Metallica. Die RIAA." -- Linus Torvalds
They can try to monitor all they like, there are still ways around it. Soneone could set up multiple NAT/Masquerade servers with various encryptions. A sort of 'ring' similar in concept to a 'webring' could be established, where hundreds of server all send encrypted data back and forth, and only one of these servers, or only one of these servers per port connection actually makes the final request. Subscribers to this service would have to deal with some annoyances with protocols that don't like NAT/Masquerading, but I don't see why it wouldn't work. If no one can tell where the data request truly came from, it won't matter if it's being tracked or not. E-mail services could also run through something like this, encrypting email to the point that it'll take months to break that encryption. Some applications like the instant messaging programs won't work with this approach, but if this encrypted network is popular enough, I'm sure someone would find a way to let clients connect. To be honest, I don't think I would care nearly so much if I was potentially being monitored if I was behind such a system, for at that point it would be difficult enough to track that it probably wouldn't be worthwhile unless they already knew who I was, then they wouldn't even need carnivore, there'd be a TEMPEST van parked outside my house or something.
pardon the ranty nature of that, I haven't had my morning coffee...
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
Presumably Carnivore would only be used once the FBI has a warrant, therefore the fourth Amendment does not apply. While there is still a question of "who watches the watchers" Carnivore has appropriate uses just as Napster has appropriate uses. It can be used for perfectly legal and moral purposes for criminal investigations.
IANAL, but the other problem is that the fourth Amendment in its strictest interpretation technically only applies to physical objects (effects, persons, houses, etc.). Electronic data is not physical really, however it is a type of correspondence which means it should still be protected by the 4th amendment.
So far I've gotten all my Karma from telling people they are wrong... :)
I don't know about you folks, but the fact that the FBI felt it necessary to redact parts of the TITLES of test sections doesn't really make me sleep any easier. I mean, c'mon guys. What the hell is so secret we can't even see what it's called?
Janet Reno needs to be slapped. Repeatedly.
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
Just wondering... assume I, as one of the flap-heads up north of the 49th, just happen to have my online e-mail/actions caught by this system. Does reading my private messages constitute espionage? Whether or not they have a mandate to investigate domestic stuff, they certainly don't have any rights granted to them covering external messages, do they? Perhaps if I was plotting terrorist activities, maybe...
Ah well, time to fire up the CSA spooler trigger package on Emacs again.... ;)
-TBHiX-
I might have to take a look at my ISP's agreement to see if there is anything about them being able to monitor my traffic when I am connected to them.
Also I would think that the first ISP to agree to have this attached to their systems might see a bunch of customers leaving. I think I would drop my ISP if I heard that they agreed to host this system.
I think one way to help control this is to take the control of the box away from the FBI and put it in the ISP's control. This would be somewhat similar to wiretaps. Instead of the FBI doing it they present the warrent to allow a tap and let the phone company do it at its switches. Maybe this is how Carnivore should work. It is only installed when a warrent for a tap is presented instead of it always sitting there gathering information on anyone it chooses.
This thing is starting to sound scarier and scarier. Now even though I doubt they would monitor me (working on a Government contract with clearances they already know a lot about me), but the thought of it being able to without anyone but the Government to say it can't does not make me happy. There needs to be checks/balances for its operation.
This must be their way of thumbing their nose at EPIC.
Carnivore is GOOD! It finaly shows people that not useing encryption for personal messages and data is tupid! I often use a computer system from the university network and I know there is a good chance someone (sniffer) is listening in. So I use ssh all the time. PGP (GPG) is not easy enough yet, so I'm sorry to say I don't use it much, then again, I don't send private things via email.
If this does not give a huge boost to crypto usage around the globe, I don't know what will.
This box is basically a packet sniffer owned by the government and dropped onto the backbone of an ISP, situated to intercept all traffic to and from the ISPs mail server(s).
The FBI can only place the box with a warrant, and they claim that once in place, Carnivore will only retain information about mail messages to and from the specific individual targeted by the warrant.
However, in order to do that, it must first intercept the headers and bodies from all messages to all customers of the ISP. The FBI says "Trust us, we have programmed Carnivore to throw away all of the non-target data".
It's not "ILLEGAL OR QUASI-ILLEGAL ACTIVITIES" that you should worry about, it's anything you do or say via e-mail that the current or future administration might object to, or use as dirt if you ever run for office, work to oppose new legislation, or just annoy somebody who has connections to your local FBI office.
I do not deploy Linux. Ever.
Windows 2000 and the "Remote control of system from another location"
Sounds like fun for script kiddies everywhere...
Michigan teen arrested today after wiping the "Carnivore" boxes of several major ISPs.
Kalrand
-the voice of reason
It'll run on Win9.x (probably NT and 2000), Mac (probably OS9 and before). Zimmermann couldn't get his company to push this as a product, so he more or less put it in public domain, and if you think it needs to be run on Linux / other -ix operating systems, port it yourself.
Tech Public Policy stuff
Did anyone else try to guess what words were maked out? I'd be particularly interested to see whats hidden under the Carnivore Testing -> Filter sections. My guess would be something to do with keyword and content filtering.
... this IS the US government we're talking about. Hrmph...
The answer to this is becoming all too clear. EVERY packet that leaves my home network will need to be PGP encrypted.
I guess I shouldn't be too surprised
Nope, Carnivore was designed for warrantless searches, if I can trust what I've read on the subject. The gov't isn't supposed to open your mail without a warrant, but it can look at the postmark and the return-address; it can't listen in on your phone calls without a warrant, but it can make a list of what numbers you call and what numbers call you. Similarly, Carnivore is allegedly designed to be able to do similar things with email - figure out who you're sending email to and who is sending email to you, while keeping the contents of the email hidden until such time as a warrant is issued.
Quiquid latine dictum sit altum viditur
http://www.theregister.co.uk/content/1/13767.html
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
You may feel that an honest man has nothing to fear from Carnivore, but Cardinal Richelieu once said "Give me six lines written by the most honest man, and I will find something to hang him." Along those lines, history shows that the FBI tapped Martin Luther King's hotel phones and found solid evidence that he was having affairs. When they sent this evidence to newspapers on condition of anonymity, not a single newspaper printed it. The FBI's legacy of using evidence outside the bounds of Constitutional rights to convict honest and innocent people is well documented in other cases as well.
"What steps are being taken to insure that the FBI is unable to use Carnivore's information to destroy the career of someone as human and as controversial as Martin Luther King, Jr.?
thank you.
information is immaterial
well, he did. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Now, the SecurityFocus article also adds one other thing: Carnivore is in fact capable of performing certain kinds of searches without a warrant. According to the FBI it can only do this in "pen mode," and that mode restricts the kinds of searches it can perform, but we know already that they cannot be trusted where Carnivore's capabilities are concerned.
People talk about balancing Constitutional rights vs. "law enforcement." The fact is, the Constitution has already set the balance. We have a right to not be searched. But law enforcement can override that by getting a warrant or "probable cause" (which must by definition be established without performing any search), at which point they are allowed to search us. That is the balance, and it suffices for enforcing the law (prevention of crime is another matter, but this is not the job of any law enforcement agency, so the point is moot).
----------
This reminds me of Fedland in Stephenson's "Snow Crash." And it adds a scary plausability to parts of the plot. While, as I posted in a previous article, I'm comfortable with encryption and feel fairly safe using PGP for things and running an encrypted volume for a lot of my hard drive, it is still a little frightening, a little foreshadowing of a time in which the USA becomes a police state. Imagine a time when kids bring guns to school, so schools install cameras to monitor every square inch of the school; where cop's can catch all the speeders, so cameras on stop lights automate the speeding ticket process; a time when Britain's government basically has the right to anything encrypted on the user's computer (don't believe me? look into RIP). Oh wait, that time is now, and it's only getting scarier. What organizations exist to protect our privacy? Do you really thing the existing organizations are working? When was the last time they helped you out? I think as the techno-literate of the world, have an obligation to stand up for human rights in the electronic realm, and to try to hold on to any privacy we have left
You make some decent suggestions, but it wouldn't work, for the primary reason that it would not be long at all before it was made illegal to set up or use such services. The FBI doesn't need to make too much noise about how this clearly obstructs justice (with the usual references to terrorism and child pornographers just to swing the public opinion their way) to get that all banned. Encryption might seem like a nice idea, but when the FBI decides they want that info, asks you for the key, and you refuse to give it to them, you'll be sitting in jail until you change your mind.
For obvious reasons, of course.
Hee.
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
ZKS Freedom already has a network of servers designed to obfuscate routes- it would probably be not terribly hard for them to encrypt everything.
Time for a comment to the developers, I guess!
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
information is immaterial
Now that we know that the resources of Kent Law School are able to be used by the FBI for its purposes, what are you as an individual doing to insure that these purposes are encumbered by the burden of honesty?
information is immaterial