Slashdot Mirror
First Look Inside Carnivore
EPIC requested almost 600 pages of data on the FBI's
Carnivore
through the Freedom Of Information Act. Yesterday, about 200 were "redacted in full" (withheld) and the rest were sent with varying amounts of black marks. EPIC is scanning them and
putting them online
as quick as it can; SecurityFocus has
an interesting overview.
It turns out the supposed email scanning tool also stories copies of webpages you read, and, at least in an earlier version, looked into tracking voice-over-IP.
Just for reference:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Balancing constitutional rights with what "law enforcement" wants is not always easy.
Seems quite easy to me. If you want to live in a free country you say "screw you" to law enforcement and enforce the Constitution. If you want to live in a totalitarian state you say "screw you" to the Constitution and help law enforcement.
Personally I'm quite willing to let some drug-dealers walk, know some kids have been abused, and watch the Oklahoma bombing all over again if the alternative is to start giving up our Constitution. Freedom must be paid for in blood. You can't change that.
I certainly wouldn't. And I'm just as willing to die by a terrorists actions as I was to die in the US Navy at the hands of a foreign aggressor. In fact I see no real difference between dying one way or the other, either death is in service to our Constitution.
Absimiliard
I can respond to this, since I just sat in on a class at which the two guest speakers(FBI guys with the suits to prove it), who are very high up in the FBI Carnivore and Encryption programs, spoke about this very topic.
;-)I saw version 1.3.4 I believe, and 2.0 is being worked on. The speaker stated that when they come to install Carnivore, the ISP is given the option of using software they provide and trust in place of Carnivore if such software can meet the demands of the court order. Most ISPs will not want to do this because they will then be reponsible for testifying in court about the evidence collection methods.
1) Criminals are dumb. One speaker relayed conversations he heard through wire taps in which one caller told another caller to keep his voice down the Feds might be listening.
2) The FBI wants all commercial encryption software to use recoverable means. Not by some secret backdoor that only the government posseses, but one that a dis-interested third party can use when the Feds have obtained the necessary court order to do so.
3) Your question will then be, why should criminals use software with built in recoverable means. See #1. Criminals are stupid and will use methods that are easily available to them.
4) The NSA will not get involved in Carnivore. The purpose of the FBI is to collect evidence that can be used in a court of law. If the NSA is involved, then they will be forced to reveal that they had the ability to crack this encryption or that bit strength. Doing so relates back your very own statement that you want to keep your methods a secret. If the NSA is known to have an ability, then the people they spy on will change their methods. That is because the NSA actually has to deal with Intelligence (gent) operations, not stupid criminals.
5) The FBI only performed some 350 wiretaps last year. Combined nationwide with local authorities, state, and Federal, only some 1320 were done. To date, only 25 Carnivore installs have been done. That is going back 2 years nearly. The majority of wiretaps are for Drug cases, and the majority do not amount to any evidence that can be used for a conviction. I could not get clear information on how useful the 25 Carnivore installs have been.
6) Carnivore runs on Windows NT. They have a team of engineers whose sole purpose is to worry about the security. I think they spend the day looking at microsoft.com and hoping they have downloaded all patches.
7) I asked specifically about the use of Open Source programs in relation to # 6. The speaker waffled and did not seem to like the idea of Open Source for fear that known methods will lead to criminals using methods for evasion. Which does not seem to tie in at all with the dumb criminal theory the other speaker insisted upon. Instead, they would like to see a Commercial vendor make a product they could use, and that the methods of collection (how to track a dynamic IP assignment)
8) Criminals aren't all that stupid all the time. The biggest and the baddest will be quite smart and will use smart methods. Since these are some of the ones we want to catch the most badly, they will not use recoverable encryption either on the telephone or over the Net and Carnivore and wiretaps will do no good in the investigation.
9) I forgot what I was talking about.
crystal dragon wrote:
I am not so naive as to think that ;). My concern was whether or not the FBI was overstepping its mandated powers in this regard. As I understand it, only certain agencies of the U.S. government have been granted the power to investigate foreign activities (this is not to say that said foreign powers allow this, only that the U.S. government has said, "This is what you do."), just as only certain other agencies have the right to investigate domestic activities. Even if you take a dim view of the ethics of the U.S. government as a whole, you'll have to admit that stepping outside one's established bailiwick is something even they don't like. (cf. attempts by those other than the Secret Service to investigate large scale counterfeiting, and the response of said agency).
The minute the government starts letting agencies define the appropriate kinds of actions in which to engage, is the minute that the government loses even its minimal ability to prevent abuses against its own people. I don't know about you, but the only thing I worry about more than a big bully in the sandbox (the U.S. government) is a gang of little bullies (unchecked agencies fighting amongst themselves when they aren't united at crushing some external threat). However badly they start treating U.S. citizens, you can bet diamonds to doughnuts that their treatment of non-U.S. citizens (*cough*me*cough*) will be that much worse.
-TBHiX-
You are dead on target about the chain of custody issue... in order for evidience to be admissable, LE/prosecutor has to be able to account for it's whereabouts & integrity for ever second from the time it is collected until after the trial (and even then they have to retain it basically forever, at least for some times of crimes)
This is all speculation until we get an unbiased, nonpartisan analysis of the beastie. This kind of crap is why EVERY single frickin' packet that goes out over the wire needs to be encrypted.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Does anyone else besides me see a conflict-of-interest in letting government agencies decide what they want to declassify?
I honestly to not understand the large amount of panic over the home surveillance system. So far as I am aware, you will only be tracked if you are suspect to criminal activities, in much the same way as more traditional wire taps. If you are genuinely worried about what impact home surveillance will have on you, then maybe it is time YOU SHOULD STOP DOING WHATEVER ILLEGAL OR QUASI-ILLEGAL ACTIVITES you are currently engaged. If aren't engaged in said activities then why on Earth are you worring??? "All power to the Soviets"
Big Brother is Watching.
-
I've had enough abrasive sigs. Kittens are cute and fuzzy.
In the specifications for Carnivore 1.2 one of the features listed is: /ca rnivore/evolution.html
"Remote control of system from another location [Rest of line blacked out]" from http://www.epic.org/privacy
Now they could be talking about the user's system, which is really scary, but I read it to be talking about the Carnivore box. Which would seem to suggest a port or two being left open.
-prak
-prak
It's doubtful that the network card will be physically capable of responding to any packets, so antisniff, nmap, Satan, etc will not do you any good.
One such product I have worked with is the Shomiti Century Tap, a 10/100Mps Full duplex transparent network tap. Undetectable without either a TDR or physically tracing the wires.
This also means that unless you have physical access to the machine (e.g. you work for an ISP at which the FBI has placed a Carnivore box), there is little possibility of running any exploits against weaknesses in the underlying OS.
From the articles I have read, the Carnivore dumps the collected evidence to tape, the FBI can then send an agent to retrieve the tape from the ISP. This makes sense from a 'chain of custody' standpoint, it's easier to explain to a judge how the FBI is sure the evidence has not been tampered with than if it was uploaded electronically to www.fbi.gov.
I do not deploy Linux. Ever.
Here's a nice paper by Matt Blaze & Steve Bellovin at AT&T/Bell Labs -
m l
http://www.crypto.com/papers/carnivore-risks.ht
Enjoy. Eat your veggies!...
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
They took great care in reminding us of improperly classifying things that should have been unclassified when I got my Secret clearance ages ago. It's apparently done often enough that they stress it as much as not classifying things that should be labeled Confidential, Secret, Top Secret, etc. I find it amazing and highly disappointing to see this all classified- the things that weren't redacted were disturbing enough as it is. This isn't a mere e-mail sniffer like it's been implied. This is an uber wiretap for the Internet.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
You know, I always use the "video cameras in your house" argument against this stuff.... but I always use it as a logical exaggeration to get people to think about this stuff. I never thought that I would hit the point so soon where I am not exaggerating anymore.
-
I've had enough abrasive sigs. Kittens are cute and fuzzy.
In September 1998, the FBI network surveillance lab in Quantico launched a project to move Omnivore from Sun's Solaris operating system to a Windows NT platform.
It runs on NT! I feel much better now that I know it runs on an unstable platform.
Picture a group of frustrated FBI snoops staring at a BSOD instead of your email...
- ------------
-----------------------------------------------
---
Segmentation Fault ( core dumped )
Balancing constitutional rights with what "law enforcement" wants is not always easy. Since Carnivore largely amounts to a tool for gathering intelligence, it's quite understandable that the Feds don't want to release details. The first rule of intelligence gathering is to keep your methods secret -- otherwise your targets will be able to adapt and avoid interception.
Of course, if the targets use strong encryption, Carnivore is worthless (without the NSA, of course). Which leaves us with the question, who is Carnivore actually aimed at? Criminals who are smart enough to use email, but dumb enough not to encrypt, and evil enough to have committed federal felonies? Somehow I doubt that that group is large enough to justify Carnivore.
---
---
"Go Metallica. Die RIAA." -- Linus Torvalds
They can try to monitor all they like, there are still ways around it. Soneone could set up multiple NAT/Masquerade servers with various encryptions. A sort of 'ring' similar in concept to a 'webring' could be established, where hundreds of server all send encrypted data back and forth, and only one of these servers, or only one of these servers per port connection actually makes the final request. Subscribers to this service would have to deal with some annoyances with protocols that don't like NAT/Masquerading, but I don't see why it wouldn't work. If no one can tell where the data request truly came from, it won't matter if it's being tracked or not. E-mail services could also run through something like this, encrypting email to the point that it'll take months to break that encryption. Some applications like the instant messaging programs won't work with this approach, but if this encrypted network is popular enough, I'm sure someone would find a way to let clients connect. To be honest, I don't think I would care nearly so much if I was potentially being monitored if I was behind such a system, for at that point it would be difficult enough to track that it probably wouldn't be worthwhile unless they already knew who I was, then they wouldn't even need carnivore, there'd be a TEMPEST van parked outside my house or something.
pardon the ranty nature of that, I haven't had my morning coffee...
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
Presumably Carnivore would only be used once the FBI has a warrant, therefore the fourth Amendment does not apply. While there is still a question of "who watches the watchers" Carnivore has appropriate uses just as Napster has appropriate uses. It can be used for perfectly legal and moral purposes for criminal investigations.
IANAL, but the other problem is that the fourth Amendment in its strictest interpretation technically only applies to physical objects (effects, persons, houses, etc.). Electronic data is not physical really, however it is a type of correspondence which means it should still be protected by the 4th amendment.
So far I've gotten all my Karma from telling people they are wrong... :)
I don't know about you folks, but the fact that the FBI felt it necessary to redact parts of the TITLES of test sections doesn't really make me sleep any easier. I mean, c'mon guys. What the hell is so secret we can't even see what it's called?
Janet Reno needs to be slapped. Repeatedly.
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
Just wondering... assume I, as one of the flap-heads up north of the 49th, just happen to have my online e-mail/actions caught by this system. Does reading my private messages constitute espionage? Whether or not they have a mandate to investigate domestic stuff, they certainly don't have any rights granted to them covering external messages, do they? Perhaps if I was plotting terrorist activities, maybe...
Ah well, time to fire up the CSA spooler trigger package on Emacs again.... ;)
-TBHiX-
I might have to take a look at my ISP's agreement to see if there is anything about them being able to monitor my traffic when I am connected to them.
Also I would think that the first ISP to agree to have this attached to their systems might see a bunch of customers leaving. I think I would drop my ISP if I heard that they agreed to host this system.
I think one way to help control this is to take the control of the box away from the FBI and put it in the ISP's control. This would be somewhat similar to wiretaps. Instead of the FBI doing it they present the warrent to allow a tap and let the phone company do it at its switches. Maybe this is how Carnivore should work. It is only installed when a warrent for a tap is presented instead of it always sitting there gathering information on anyone it chooses.
This thing is starting to sound scarier and scarier. Now even though I doubt they would monitor me (working on a Government contract with clearances they already know a lot about me), but the thought of it being able to without anyone but the Government to say it can't does not make me happy. There needs to be checks/balances for its operation.
If you are genuinely worried about what impact Carnivore will have on you, then maybe it is time YOU SHOULD STOP DOING WHATEVER ILLEGAL OR QUASI-ILLEGAL ACTIVITES you are currently engaged. If aren't engaged in said activities then why on Earth are you worring???
Because apparently, the FBI has an unusually broad understanding of what constitutes suspicion. Apparently, there is a strong correlation (according to their actions) between saying politically inconvieniant things (like 'I have a dream' or 'give peace a chance' for example) and criminal activity. They also have a history of getting warrants after the fact and cover-ups. This is not the sort of agency that should have additional surveilance capabilities with decreased oversight.
The question can also be turned around: If the FBI isn't doing anything wrong, why don't they just tell us all about carnivore? If they're worried about what impact public knowledge of their capabilities might have on them, maybe it is time THEY SHOULD STOP DOING WHATEVER ILLEGAL OR QUASI-ILLEGAL ACTIVITES they are currently engaged in.
This box is basically a packet sniffer owned by the government and dropped onto the backbone of an ISP, situated to intercept all traffic to and from the ISPs mail server(s).
The FBI can only place the box with a warrant, and they claim that once in place, Carnivore will only retain information about mail messages to and from the specific individual targeted by the warrant.
However, in order to do that, it must first intercept the headers and bodies from all messages to all customers of the ISP. The FBI says "Trust us, we have programmed Carnivore to throw away all of the non-target data".
It's not "ILLEGAL OR QUASI-ILLEGAL ACTIVITIES" that you should worry about, it's anything you do or say via e-mail that the current or future administration might object to, or use as dirt if you ever run for office, work to oppose new legislation, or just annoy somebody who has connections to your local FBI office.
I do not deploy Linux. Ever.
http://www.theregister.co.uk/content/1/13767.html
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
well, he did. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Now, the SecurityFocus article also adds one other thing: Carnivore is in fact capable of performing certain kinds of searches without a warrant. According to the FBI it can only do this in "pen mode," and that mode restricts the kinds of searches it can perform, but we know already that they cannot be trusted where Carnivore's capabilities are concerned.
People talk about balancing Constitutional rights vs. "law enforcement." The fact is, the Constitution has already set the balance. We have a right to not be searched. But law enforcement can override that by getting a warrant or "probable cause" (which must by definition be established without performing any search), at which point they are allowed to search us. That is the balance, and it suffices for enforcing the law (prevention of crime is another matter, but this is not the job of any law enforcement agency, so the point is moot).
----------
ZKS Freedom already has a network of servers designed to obfuscate routes- it would probably be not terribly hard for them to encrypt everything.
Time for a comment to the developers, I guess!
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey