Answers from Carnivore Reviewer Henry H. Perrit, Jr.

On October 5th we put out a call for questions about the FBI's Carnivore boxen that we could send off to Dean Henry H. Perrit, Jr. of the Illinois Institute of Tech [IIT] Chicago-Kent College of Law, who is overseeing the legal side of the Carnivore review. If you didn't read the call for questions, please check it now, and even follow a few of the links. Then read Dean Perrit's answers, which were not written or checked by the FBI or DoJ, whose agents can read them here for the first time just like anyone else, assuming they have nothing better to do than read Slashdot.

1) Ethical question
by Devolver42

Is it fair for an individual or group with clear political ties to a system to give that system a review? In other words, how can you be unbiased while still being politically tied to the situation?

Perritt:

Members of the review team do not have "clear political ties" to the Carnivore "system." I was last employed by the Federal Government 24 years ago in an Administration of the opposite party. Dean Krent was last employed by the Federal Government in the Reagan Administration, and has spent more time suing the Justice Department than he has working for it.

The notion that past federal employment or consulting with federal agencies, no matter how remote their connection to a particular program, disqualifies one from undertaking an independent review is preposterous. Certain expertise in technology and the functioning of government agencies is prerequisite to a competent review of Carnivore.

2) Is a whitewash inevitable?
by Jay Maynard

There's been a lot of comment on how the conditions the DoJ has put on the reviewers make a fair review impossible. Things like the right to edit before release, the right to veto participants, and the need to only use cleared personnel cast a cloud over the impartiality of the process. Many prestigious institutions were invited to submit proposals,and yet only two - yours and one other lesser-known - did. The backgrounds of the people atIIT and their past ties with the DoJ don't give any more reason to be comfortable.

How do those of us concerned about Carnivore's immense power for invasion of privacy have any reason to believe what you and your institution produce will be other than a whitewash designed to make Carnivore appear in the most favorable light?

Perritt:

Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States. It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

The existence of limitations on personnel and on disclosure do not suggest a "whitewash."

It is very unusual for a federal agency to acquiesce in a third party review of an important system. Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."

3) Political or Technical Review?
by Anonymous Coward

Is the substance of this review to be political or technical?

To wit, is this review to determine if Carnivore performs actions that are within the scope of the law (political), or is it to define the complete potential of Carnvore (technical)?

Perritt:

The review will not be political in the sense that the term "politics" ordinarily is used. It will be technical in the sense that term is used in the RFP.

Because Carnivore is a tool, just as a hammer or a firearm is a tool, which conceivably could be used outside the limits permitted by law, the review appropriately will consider the operation of human, organizational, and judicial controls to limit Carnivore's use.

4) Your impressions.
by M-2

Can you give us your first impressions of the concept of the Carnivore concept when you initially heard about it?

Can you give us your initial feelings as to the legal standings under the Fourth Amendment that allows Carnivore to be used for the purposes stated, which it would appear technically violates the Electronic Communications Privacy Act?

What is your impression of the amount of interest the Internet community at large is taking in the entire Carnivore concept?

Do you feel there is too much paranoid fantasy going on, or do you feel there is some justification?

Perritt:

Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy. It is appropriate for the public to be concerned about how this balance is struck.

The Internet community appropriately has been concerned about technological developments that may affect the balance, including restrictions on encryption, development of new telecommunication systems that facilitate or hamper electronic eavesdropping and devices such as Carnivore.

In this respect, interest in Carnivore and a certain amount of controversy over it is healthy.

On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.

5) Who would Carnivore Really Affect?
by drenehtsral

In the end a system like carnivore will only work for a while, and only against fairly unintelligent users because end-to-end strong encryption is no longer compuationally infeasable. Joe Schmoe with the middle of the road prebuilt gateway could easily handle the processor load of encrypting all his e-mail with 2048 bit RSA (which is now freely available, and even exportable). Not only that, but even with existing (and reasonably near-term) quantum computers, we are not even near enough qbits to start tackling these cyphers, since they can't be broken down when being fed to a quantum computer.

So in short, is this whole thing just a moot point? Who would Carnivore really catch?

Perritt:

Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.

6) Are you willing to lose everything for your rights
by anticypher

If you found that carnivore did more than the FBI is claiming, would you stand up to their threats if you published your results to counter their "edited" report? Would you be willing to lose everything you have to stand up for the rights of Americans, your property, your retirement, your liberty, and your professional reputation? You would be vilified and persecuted by the FBI for your actions, even though you would win the admiration of liberty loving individuals all over America.

Or...

Would you shrug your shoulders, and knowing that some day the truth will out, say nothing if the FBI completely changed your report, and hope that when exposed your reputation is not too badly tarnished?

Perritt:

Neither the Justice Department nor the review team has any interest in a process that will not report conclusions of the review honestly and candidly.

I have seen no indication of any intent by the Justice Department to block the review team from expressing its views completely.

Given the level of interest in the Carnivore review, it is unlikely that an effort by the FBI to "completely change" the review team's report would succeed.

I am not willing to speculate as to what action I would take if inappropriate control is exercised.

7) Is this a real review?
by Apuleius

Jeff Schiller of MIT has declined to review Carnivore, saying that "what they want is a rubber stamp."

Obviously, you will say you intend to do a genuine review.

Why should anyone take your word over Schiller's?

Perritt:

I don't know how Mr. Schiller has any knowledge of what the Justice Department wants. I have been assured by senior officials at the Justice Department that a complete review, with honest conclusions freely expressed, is desired.

It may be that what Mr. Schiller wants is a soapbox, and I don't see why he should use a government-funded review for that purpose.

8) Carnivore vs. Sniffer vs. Altivore
by RobertGraham

I'm the author of Altivore and a long time sniffer user. The RFP was for a "technical" review to validate that Carnivore captures only the data allowed by the court order. Yet reading the resumes of the members of your team, I don't see anybody with sufficient techical experience in sniffing technologies.

Packet reassembly and state-based protocol analysis are critical to the minimization function. My believe is that Carnivore is essentially stateless, just like my own Altivore. I can create real-world scenarios where Altivore fails the minimization test. Sure, they occur less than 1% of the time; I don't know how that fits within the law. However, software can be written to meet minimization requirements 100% of the time (e.g. BlackICE does this for detecting cr/hacking).

My question is: will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data? Moreover, is there really somebody on your team that understands even what I'm talking about?

Perritt:

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

9) Comparing to wire-tapping laws
by VP

During the congressional hearing on Carnivore, the FBI stated that current wire-tapping laws are adequate for the use of Carnivore. Further more, they revealed that the uses so far of Carnivore had been according to the regulations of optaining a "pen-register" wire tap. Are you aware that (from what we know) technically Carnivore is much closer to the concept of trunk-tapping, as most, if not all the traffic at the ISP has to go through Carnivore? AFAIK, trunk-tapping is illegal - would you be of the opinion that Carnivore automatically falls under the same illegal category of wire-tapping?

Perritt:

Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment. It is far from clear that such limited acquisition of network packets at lower levels of the OSI stack constitutes interception under the law. Indeed, if appropriate filters are used in a sniffer or other network monitoring device, preventing human knowledge of material that is filtered out, there may be less threat to privacy interests than if human beings must review content in order to apply minimization requirements, as is commonplace with telephone wiretaps.

We will review whether Carnivore acquires information not permitted by law or in a manner prohibited by law.

10) Oversight of this interview
by Col. Klink (retired)

Are you free to answer questions posted here, or does the FBI review your answers first?

Perritt:

Neither the FBI nor any other government agency reviewed my answers to these questions.

too bad

I thought for sure someone would ask something similar to: "What is to prevent the FBI from changing the Carnivore code in the post installation phase" I.E. It runs the evaluated system until the FBI feels they have just cause to violate constitutional rights, such as another WTC bombing.

Re:too bad

[sconeu]

Someone did. It only got modded up to 4, so it didn't get asked. I had posted a question which was 5 and didn't get asked. Given my druthers, I'd rather have the question about what really will be used (your question) than some of the repetitive "why should we trust you" questions?

IMHO, we probably can trust IIT. On the other hand, we have no reason to trust the DOJ or FBI. IIT could come out with a blistering report, and the FBI/DOJ could hide it or redact it into senselessness. Then, the proposed scenario here, IIT validates Carnivore (call it V1.0) cleanly, FBI/DOJ publishes report, and then deploys Carnivore V1.1, which has all the unconstitutional stuff that they *just happened* to add after the review...

But I definitely agree with this poster, that question SHOULD have been asked!

Re:Damn moderators

if i may add my $.02,

Really, what happens when an ISP says, "No, we aren't going to violate our customers' privacy." Do they get hit with a "sure, we're investigating someone, and it's going to take an awful long time so we'll have to leave this box here indefinitely" warrant? Do they get pressured into accepting Carnivore installations in spite of the 4th amendment?

first of all you typically need a subpoena to do something like that. and i'm pretty sure a SP's legal department looks at them carefully. depending on the circumstances, subpoenas may get challenged, and it would go to a court to decide what happens next. it's not like they can just walk in and plug their gear in. knowing how several SP's POPs/DCs look like, it would probably almost always be a considerable engineering effort anyways.

working for a SP, just the simple thought of adding something like carnivore in the data path gives me goose bumps. and those have nothing to do with paranoia, dillusions or other relative sanities.

it's not clear to me how you aggregate the snooping by carnivore of traffic load-balanced and randomly shuffled over a variety of links. it would be interesting just to see racks and racks of carnivores and them desperately trying to aggregate the data and make sense out of it, WITHOUT affecting our customers.

heck, just for network management purposes such a task is a daunting challenge.

anyways, i'm rambling.

Huh?

"Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility." 1.) My understanding was that the review was court-ordered. 2.) "Censoring" and "compromising the integrity of the review" was what got them in trouble with Waco and Ruby Ridge.

The Answers....

Question 1. Will you lie?

Yes.

Question 2. You will Lie. Right?

Not only will I lie on the report, I'm lying to you right now.

Question 3. You have no integrity...right?

What would you like my answer to be?

Question 4. You are a government shill...right?

They're paying me $20 not to answer this.

Question 5. Why should I believe you...You are a liar...right?

Would I lie to you?

Question 6. How will Natalie Portman be affected by carnivore?

I ... mhmhmhmmhhmhhmmhmhmmhm ... uh ... mhmhhhmmmmhhmhm ... question & answer is over.

Re:Crooks won't encrypt, Carnivore will work

It wouldn't have mattered if Microsoft had encrypted its e-mail. They were subpoened (sp?) and would have had to turn it over anyway. "I'm sorry judge, those files are in a locked filing cabinet, so I don't have to give them to you."

You missed the non-sequitur (something's rotten)

Here's the part of the question which throws Perrit's non-answer into sharp relief:

Question: How do those of us concerned about Carnivore's immense power for invasion of privacy have any reason to believe what you and your institution produce will be other than a whitewash designed to make Carnivore appear in the most favorable light?

Perritt: It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

The answer had no response to that part of the question. Perrit was completely unresponsive and evasive; the details of who is the subject of a criminal investigation has nothing to do with the Constitutionality of the use of a given technical device. Talk about confidentiality of "methods and procedures" doesn't excuse unlawful behavior or any cover-up for it. The question is if Carnivore is limited to probing the communications of exactly specified targets, or if it includes capabilities for "fishing" (either in the contents of messages being watched under "pen register" warrants [which do not allow interception of content], or scanning any part of messages not going to or from the target).

Another important question that wasn't touched by anyone: The verifiability of the Carnivore systems in the field. Can we be sure that they are using the same software as the system being reviewed by IIT? How? With a tap on a specific phone line, or a diversion of a specific user's packets by the ISP, it is known that no other traffic is being intercepted. With something like Carnivore, it could be doing anything... and we would never know.

Something is definitely rotten in Washington, and this latest fetid emission is proof enough to convince any reasonable person. It is time to rescind CALEA and get our government out of the population-surveillance business.

Dismissive was what came to mind

[Cardinal]

Bland is one way to put it, but what sprung to my mind while reviewing the Q&A was that he was largely as brief as possible, generally dismissing the question as being silly or ignorant.

Re:Dismissive was what came to mind

[MidnightLog]

... dismissing the question as being silly or ignorant.

IM(NS)O, most of the questions were silly. The one question that I wish he had answered in more depth was number 8 ( Carnivore vs. Sniffer vs. Altivore ). His answer consisted of:

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

Using a sniffing tool is not the same as developing one. He should have (at least) mentioned the years of development experience that the members of the review team have.

Re:One thing is clear...

[pod]

I, for one, have to applaud him for answering these questions without resorting to calling us the paranoid delusionals we really are.

In not those words exactly, but combined with previous (and following) answers this snippet should give you an idea of what he thinks about the people whose questions got submitted:

On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.

I guess it's a nice way of saying 'you're a bunch of paranoid idiots, stop whining'.

what the writers of the constitution believed

[drew]

then again, you might be shocked to know what the writers of the constitution really believed. no they didn't like big government. but they weren't a big fan of individual rights either. jefferson made a very well documented but little remembered remark to the effect that putting power in the hands of the people would be a great danger (wish i could remember the exact wording, but i can't. if you really want to know, it's probably not to hard to look up)

think of who these people were. wealthy land and slave owners. if the constitution were re-written today the same way it was back then, it would be written by bill gates, larry ellison, jack valenti, hilary rosen.....

what the writers of the constitution were protecting was their own rights to conduct their business without interference from the government (which was also the reason for the revolutionary war.) remember the bill of rights wasn't even added until the states refused to approve it the firsttime around...

scary thought, huh?

but true...

Re:Your intentions are good...

[drew]

why dont you go look up how much of your income would be taken from you by the government in other countries countries around the world. in most european companies i believe the income tax is around 50%. sure there are countries where people pay less in taxes than we do, but there are also countries where they pay a lot more.

the point is, the government provides a lot of services. most of them are valuable. you may not like them or agree with their value, and you are free to express your dissenting opinion.

but it does cost money for the government to provide these services. and the government can't make money out of thin air any more than you can.

Re:Perrit's mind may already be made up.

[drew]

Dismissing serious concerns over the constitutionality of Carnivore as conspiracy theories, and the overall tone of his answers makes it pretty darn clear that he's going to say that Carnivore's just fine and perfectly legal.

or perhaps it's possible that he believes that the idea of carnivore is not inherently unconstitutional, and that he is going to assess the implementation of the system to see whether it is implemented in a way that stays inline with current viewpoints on acceptable behavior by law enforcement agencies.

That sounds to me like he's willing to be censored

i don't see how you interpret his statement to mean anything of the sort. at any rate, maybe he is. he's not the only reviewer. it is possible that the government would wish to edit th report to keep specific implementation details out of it without changing what it says. if it's editied, we will know it. and if it is changed substantively by the government, somebody on the review team will let it be known. the govenrment can keep them from sharing technical details of the system with NDA's and top secret classifications, but they cannot keep the reviewers from sharing their opinion of the review process.

That's what impartiality means.

you, my friend, are not looking for an impartial reviewer. you are looking for a reviewer who has made up his mind ahead of time that Carnivore is unconstitutional.

but then again, i worked for the department of defense once so this is obviously a biased opinion. come to think of it, i go to school at iit, and actually had a class with dean perrit once. obviously i'm only here to spread misinformation and prevent you from uncovering the truth...

Oh well. Big Brother knows best I guess. get a life....

Re:Not exactly encouraging answers

[drew]

Dont talk down to us, we probably know more than you do!

never assume you know more than anyone. you will tend to find yourself proved wrong quite often. in this case, you may know more about setting up a linux box, but i doubt you know more than he does about the issue in question: the legality of the carnivore system. he is one of the country's more respected lawyers in the field of law & technology.

After reading his evasive and non-responsive answers, its pretty obvious that Mr Perrit (or should I say " Mr Parrot ") appears to be a shill, a disengenuous legal weasel, and is quite obviously comfortable at being kept firmly in the government's pocket.

actually, it was quite obvious to me that his answers where non-substantive because the questions were non-substantive. how many forms of "why should we believe that your report is not going to be censored" and "is the doj reading your answers to this survey" do we need to subject the guy to. there were a few substanive questions that i would have liked a bit more substantial answers to, but for the most part, i thought dean perrit did a good job responding to our accusations.

everyone here apparently has already made up their mind that carnivore is illegal and will be abused and that no matter what the result if this review is, the government has a premade report ready that they will publish in place of the "independent review". at this point, why did we even bother asking him any questions?

Re:My Carnivore review...

[drew]

actually, it is widely accepted that the tyrannosaurus was mostly a scavenger and did little hunting for his own food.

so your summary of tyrranosaurus' attacks is pretty much irrelevant... then again, so is this post.

Re:Perrit's mind may already be made up.

[drew]

yeah, it pointed to my real homepage on a server that no longer exists. someday i'll fix it. not like i had anything there anyway. unless you want to see my resume....

Writing in the present tense??

[CmdrChalupa]

Carnivore is used in sensitive criminal and foreign intelligence investigations.

I'm just curious...why is he using the present tense here??? Carnivore is?? That's frightening....

Re:he is feeding bs here

[Ares]

As so many other people have noted, the key words are "network segment". On switched Ethernet, the segment (generally) consists of the switch, and the NIC. Thus, the NIC gets all the traffic on its segment.

Further, the card does "tap" everything on its segment, but discards everything not destined for itself.

Re:he is feeding bs here

[Ares]

Until the point that the 100 Mbps Carnivore port can't handle the bandwith available through the 2.4Gbps switch.

Re:I'm glad they know how to use a sniffer.

[Art+Tatum]

Actually, I don't think it will even go that far. I get the impression that it will be more of a review of the legal institutions in place to protect privacy (like getting a warrant to use the system).

Re:foreign intelligence investigations

[Art+Tatum]

I'm not sure whether NSA conducts industrial espionage as, apparently, some western European intelligence services do.

I don't know either. But I *do* know that the CIA has often engaged in immoral activities to further the interests of large US corporations. It's sad to think that this stuff might be used to crush foreign competition in the private sector.

Re:A bit snippy?

[Art+Tatum]

Yeah, but I thought his answer to question 8 (the best one) was completely inadequate and inappropriate. I don't think the poster was being impolite. I think he was actually interested in knowing what kind of skills the reviewers had.

Re:Not clear on something..

[Art+Tatum]

This is what I don't get. So far as I can tell, no one is attacking government employees. They're only stating that it is inappropriate for a third-party review to employ people who have been involved with one of the concerned parties. It's not an implication that former government employees are evil, tyrranical, or even biased; it's simply a matter of protocol.

As for the competency of the review team, that's yet to be answered. I would feel great about this whole thing if his answer to question #8 had been in any way informative.

Re:Your intentions are good...

[Dave+Walker]

the point is, the government provides a lot of services. most of them are valuable. you may not like them or agree with their value, and you are free to express your dissenting opinion.

Let's see, the government(s) I live under take over 40% of what I "earn". (And that's a conservative estimate!)

They give part of that 40%, in the form of Food Stamps, to the lady across town who's too fat to work but still needs her daily 1/2 gallon ice cream fix (don't tell me it doesn't happen; I've been behind her in the grocery checkout line!)

Yeah, that's a valuable service!

Vote!

Re:Ummmm....yeah

[markhb]

Try splitting the clauses at "for" and "against", and it will make more sense. IOW,
Any electronic surveillance involves balancing needs
for effective enforcement of the criminal laws and protection of national security
against threats of invasion of privacy.

Re:Perrit's mind may already be made up.

[qnonsense]

He's claiming that once you've worked for an agency, you can no longer be impartial, not that you cannot be a good person anymore.

Exactly. Full impartiality means no (zip, zero, zilch, past, present or future) relationship with any of the parties.

Re:Perrit's mind may already be made up.

[qnonsense]

Do you honestly think that everyone who has ever received a paycheck from the US Govt is some brainwashed zombie who can't be trusted to tie his own shoes without somehow involving himself in a conspiracy?

No. I am saying that if I were a judge, and I had worked for MS, I would be disqualified from hearing the anti-trust suit against them because if I had EVER had ANY sort of realationship with them, I WOULD BE PARTIAL. Full impartiality legally means NO relationship with ANY of the parties involved, EVER.

Man, I know there's no Big Brother, UFOs, whatever. What I'm asking for is simply a true impartial review of a system that may well be unconstitutional. Nothing more.

Re:You're missing the whole point!

[qnonsense]

Perrit's job is to verify that the DoJ has accurately represented the functionality of Carnivore and to verify that Carnivore does not collect any more information than the DoJ says it does.

Except that the DoJ has never said what exactly Carnivore does collect. All they have said is that it does so legally. Perrit's job is to see what is being collected. He seems to have stated that if the DoJ wants him to, it wouldn't be "unreasonable" for him to LIE about it. That's what gets me.

Not clear on something..

[Xerithane]

He said "We will review whether Carnivore acquires information not permitted by law or in a manner prohibited by law."
Maybe I'm misunderstanding, but could someone clarify what he meant? Seems to me like he said we're just going to find out what illegal information it acquires - I know that's not the intent (hope) but just not clear on it.
All in all, I think he has a justifiable stance. He handled the questions remarkably well, especially about sniffing. I think that people really need to put some faith in other people. I used to work for the government myself - but I have strong ties to freedom and liberty. However if I were on this review team I'd be in the same group. Forget i work on open source software, because I worked for the government I must be a tyrant. I suppose this is a reverse-flame. Just try to be more reasonable and dont attack people because of a job they took. People need to pay the bills, and it was 24 years ago.
Get over it.
Personally I have faith in Perrit's answers and his abilities to conduct a fair review of carnivore. Not like I have a choice if I dont anyway.

Re:Not clear on something..

[j_snare]

He's just saying that they're going to find out if it does aquire information it should not have aquired, and the way it aquires the information. Keep in mind that the system could aquire information it is allowed to, but in an illegal manner.

Also, I'd like to point out that he said "by law" in each case. While I do trust this guy to do his job, I fear that the job may be to ignore anything not covered specifically by a law.. And we're lacking a lot of laws for this stuff.. I'd love to know how much leeway he's allowed in reporting the possibility of the system breaking the law.

Just a thought.. I really didn't mean to sound like a psycho..

Re:Not clear on something..

[Xerithane]

As is the method for anything. But, it does work both ways. If Carnivore can do something that is not publicly accessible but there are no laws violated -- it's technically ok. Only when private entities exploit this will there be a law. By that time, Carnivore will probably be accepted into the infastructure and whilst illegal -- no one will say anything.
Write laws first, then software.

Re:Not clear on something..

[Xerithane]

That is called at-will employment. Come to california and try to get an assurance on your job.
Works both ways.. and I personally love at-will. It got me out of a bad situation in which I was able to just walk out and say screw it, I'm gone. Just because someone can terminate you at any time for any reason including abscence doesn't mean they are evil.

Re:A bit snippy?

[Xerithane]

He could have been busy - I know that I usually dont have time to answer an interview when I'm trying to save the world from the ugly claws of the tyrants of the United States of America.
that was a joke by the way

Re:A bit snippy?

[Teancom]

LOL. I've already seen posts claiming that the answer to the question "are you being edited" was not a complete answer, so there he must be being edited, so therefore the short answers are a result of his complete answer being "chopped". I'm sorry, but if conspiracy theorists are going to be reading what you write, there is *NO* way to completely "idiot-proof" what you say. We are talking about people who think the black helicopters are coming for them every time their neighbor starts up the lawn mower...

A bit snippy?

[Teancom]

Maybe it was just a bad day for him, but did anyone else get the idea that he was feeling a bit snippy when he answered these? Most answers are a bit *too* short and to the point to be merely an efficent way of communicating, bordering on "I think this is a stupid question, so I'll give it a stupid answer". On the other hand, if I had complete strangers impunging my professional reputation and personal morality, I would probably be snippy too. Far too many people on this site and on the web in general forget that there are real people on the other end of every email and post that we send out. </end of degrading personal politeness in today's society rant>

Re:A bit snippy?

[dead_penguin]

Most of the answers seemed to be written in a style meant for dealing with the press and "dumb public" as a whole, and not for geeks/nerds reading slashdot. From my perspective, most of what he says seems pretty vague and possibly even somewhat condescending. Maybe he didn't even write all of this, but got a secretary to put together and edit answers he quickly dictated or something.

Re:A bit snippy?

[tjgrant]

After reading the questions, I'd be snippy too. While I understand the need for answers to the questions, it seemed that many of them were quite adversarial, and that the review team's integrity was being called into question pre-review.

We need to give these people the benefit of the doubt until the review comes out, then make judgements about what is said.

Stand Fast,

Re:A bit snippy?

[moopster]

WTF?!?!?! Why should we give them the, "benefit of the doubt," we are talking about a device that __could__ be a key to subverting our privacy. I think we should question every step they take, and scrutinize every word they say. The reviewer's personal feelings about how we ask questions takes a far back seat to the concept of freedom, and the strong protection of it

-------
How could this be a problem in a country where we have Intel and Microsoft?

Re:A bit snippy?

[avandesande]

I think his answers mirrored the politeness of the question

Re:A bit snippy?

[lpontiac]

Most answers are a bit *too* short and to the point

Keep in mind the number of conspiracy theorists that are going to be reading this... he was probably being pedantic regarding extra verbal fluff, because the more he said the more chance he'd have of saying something that things could be read into, that he didn't actually intend to imply.

Re:A bit snippy?

[Inmate378]

This thread is an excellent refutation of JonKatz's piece earlier this summer on the future success of "open source" web journalism. An experienced, professional journalist would never have asked questions with that argumentative a tone. An experienced, professional journalist would not have asked about theoretical outcomes to an unwritten report and expected an answer. An experienced, professional journalist would certainly never have expected anything insightful from an email interview. These questions were an interesting experiment, but the role of reporters who understand their craft as well as their beat will always be able to sell their product -- a community may understand the issue, but it is the beat reporters job to develop the relationships that lead to more candid discussions with figures of the day. There's no conspiracy here, just a poor choice of questions and unrealistic expectations about how forthcoming officials can be on the record.

Re:Your intentions are good...

[Sloppy]

For instance, the people who wrote the US Constitution believed it.

This is further evidenced by the Bill of Rights. The whole thing is about putting limitations on what the government is allowed to do.

---

Re:All network cards tap?

[HiThere]

A web of trust system is the only version that seems at all reasonable. Creating a CA just creates a new center of control. Any centralized control (e.g., centralized DNS management) is a weak point that needs to be redesigned out.

Elaboration:

Robert Smith exists in many places without trouble, because the local environment knows which Robert Smith to use. In fact the really local environment just says Bob. A more global environment does need a larger address. Then we do get city, state, zip, country, etc.

Moscow exists both in Iowa and in Russia, and several other places, without significant contention, because of localized naming conventions.

Centralized name management should be designed around.
Caution: Now approaching the (technological) singularity.

Re:I contest...

[dr_labrat]

It is successful in the sense that Gutenberg's press was successful.

I.e. worked bloody well, but is now extinct.

Re:Does it bother me? Not too much I guess.

[JonnyRotten]

I like how that lost all its formatting when I hit post.

Pretty.

Riiiiiight.

[linuxgod]

Riiiiiiiiight. ok, uptime 67 days.
It looks like im still here dumbass!


M$ users are very ignorant people. Really, they are...

Re:Riiiiiight.

[linuxgod]

Im not on futuresouth,
and what the fuck is gurlpages?
it looks to me like someone copying
my shit.

Actually YOUR the fucking idiot.
I have 1 machine, and several sites
off that IP. Thats IT. hookupwithus.com
is not mine, its hosted on my box.


M$ users are very ignorant people. Really, they are...

Re:Riiiiiight.

[linuxgod]

Thanks for pointing that URL out though.
Ill have the person who is doing it.


M$ users are very ignorant people. Really, they are...

BSOD Bitch

[linuxgod]

I think you should bow b4 me. I am your god. Im your savior. This town sucks. EBI is a bitch. And FS had lame slow connections. You don't know me. Therefor you can't judge me. I know who you are 2. I have your mother's name. And i know where you live. Watch what you say. Watch your ISP, somthing may happen.


M$ users are very ignorant people. Really, they are...

Blue Screen Whore !!!

[linuxgod]

Lets discuss why you won't use a name for everyone else to C who you are? You've been bugging me for a couple weeks, and I would like to know why you are acting like a stupid little bitch.


M$ users are very ignorant people. Really, they are...

Link

[linuxgod]

I can't tell you how much I agree.
Ive put a link on my site to your first url.


M$ users are very ignorant people. Really, they are...

Re:One thing I hadn't considered...

[dinotrac]

You're absolutely right about the "circuit" v. "trunk" part of it.

At the device level, however, you have additional pportunities for privacy loss.
For example, anyone using a telephone is only half a conversation. That means that anyone on the other end of a conversation is also being tapped. Not so bad for those conversations that the govt. is looking to capture, not so good for those who have nothing to do with the case. Prior to reaching the trial, humans have to listen to the recordings to filter out conversations not within the scope of the enabling court order. All of those filtered out conversations are instances of lost privacy.

Additionally, a single device can be used by multiple people, some of whom are not the target of an investigation.

Re:Not exactly encouraging answers

[Black+Parrot]

> its pretty obvious that Mr Perrit (or should I say "Mr Parrot") appears to be a shil

No relation.

--
Give me a candidate who speaks out against the war on drugs.

Re:Perrit's mind may already be made up.

[galen]

What the hell are you babbling about?

Do you honestly think that everyone who has ever received a paycheck from the US Govt is some brainwashed zombie who can't be trusted to tie his own shoes without somehow involving himself in a conspiracy? Man, you've got to be outrageously paranoid.

Big Brother? Man, there's so much stumbling over red tape and procedure, I seriously doubt the white hairs that run our govmt could organize anything so conspiratorial as a Big Brother scenario.

Re:Your intentions are good...

[egon]

How on earth would we know to trust a report when we have no direct information on the item being reported on?

Without that piece of information, all we have available to make a judgement with are impressions on the circumstances surrounding the report. (And of course, whether or not the final report agrees with what we all think. ;) )

Re:All network cards tap?

[halbritt]

I would happily let you plug a box into my network and put it into promiscuous mode. You would see broadcast and multicast traffic only. Shared media is obsolete, which is why this concerns me so greatly. If there is a requirement to have *all* the traffic at an ISP pass by this one box that will seriously limit the ability of that ISP to scale their network. I would hazard a guess at this point in time and say that it only monitors the traffic bound for the MTA for that particular ISP. That being the case, I would recommend only forwarding mail through a trusted MTA.

Re:All network cards tap?

[BRTB]

And besides, I'd hope most (if not all) ISPs use switches, which isolate Ethernet transmissions to only the MAC address of the destination and not "dumb" hubs which blindly broadcast everything everywhere - definite security improvements there, besides the speed jump and lack of collisions...

BRTB

An interesting slip of words...

[s390]

is Perrit's use of the term "assure" instead of "ensure." It reveals a weasel-wording tendency.

When one "assures" someone else of something, they are affirming that something, not "making sure" of it or guaranteeing it.

The term "assure" is used all the time by large companies because it gives the recipient (client, customer, user) a nice warm feeling _without_ actually promising anything. If push comes to shove, there's no legal liability in "assure."

On the other hand, if one "ensures" something, they are "making sure" that it is or will be as stated. That is a legally enforcible promise.

Re:I'm glad they know how to use a sniffer.

[Zurk]

no..they are all clueless fuckwits. trust me - i know one when i see one or read his answers. he deliberately avoided that one since he didnt understand the question.

SMTP over SSL

[RaBiDFLY]

I'm sure alot of people are thinking the same thing here.
It's time to start using encryption for everything we can online. I know there is over head to encryption, but there are hardware solutions to ease that. I realize there are countries that either don't allow encryption or only allow weak encryption, so we need to come up with a "secure as possible" way to communicate with them. eg. first try to connect with strong crypto, then fallback to weak, then back to none. This would apply most importantly to SMTP (we can encrypt mail retrieval fairly easy right now (sslwrap or stunnel)), but also use the same connect atemps with https (strong,weak,fall back to http or forget about it), for web browsing. Ftp even needs to be fixed (like most of us didn't know that). Anyway I could probably go on about this for awhile, so I won't... However NOW is the time to get are butts in gear and encrypt EVERYTHING we can EVERYWAY we can!

Re:SMTP over SSL

[RaBiDFLY]

One important idea I forgot here.
The SMTP servers would also need to leave crypted the local copy so only the true owner could open it.

Re:My Carnivore review...

[infodragon]

"Suuuper Geeeenius."

It's Supra Geeeenius!

Re:One thing is clear...

[kubalaa]

There is such a thing as a healthy amount of skepticism. Any power which could be used for nefarious purposes should be viewed skeptically no matter how much faith you have in its impartiality. For example, it's fine to be an idealist and believe that the FBI won't read your mail with Carnivore, but it would be naive to not use strong encryption nonetheless.

This guy seems to display a lack of healthy skepticism, i.e. balance. He answered most of the questions in the most perfunctory manner, refusing to play with or even entertain the idea that there might be some problems with the reviewers, process, concept, or execution. I'm not saying he should enter the review with those ideas firmly in hand, like most /.ers, but that he should be willing to play around more with the possibility.

Re:I contest...

[MustardMan]

Ah, I guess my Jurassic Park references were a bit too subtle.

Of course, one could argue that Wile E. Coyote is a cartoon and has hence never existed, so he is even less effective than the T-rex :)

Re:My Carnivore review...

[MustardMan]

and my summary of wile e.'s capabilities was accurate of course :)

lighten up, its humor. poor humor, quite possibly, but humor nonetheless. If ya dont like it, say its a lame-ass joke, ya son of a sillyperson

Re:My Carnivore review...

[MustardMan]

Point taken... but you have me confused with another species... I am actually Karmicus Whorus Post-fastus

:)

It's already out there!

[LinuxHam]

Am I the only one sick and tired of seeing, "if this ever gets deployed", or "this will be thrown out if it's evidence ever shows up in court"?

This has been out there for years, people. It's been used in hundreds of cases already. This is version 2.0 they're reviewing. It ran on Solaris for a couple years, and was recently rebuilt to run on NT. Congress and the public are just learning about it now. Search Slashdot for "Carnivore" and review the previous postings and released documentation.

And no, script kiddies won't have a field day with this thing. The released documentation showed a one-way bridge in promiscuous mode at the ISP with all data being copied off to another dedicated LAN segment on which the carnivore box does its thing. It won't be accessible from the Internet side. It's designed to receive a continuous, read-only stream of *all* data IN and OUT of an ISP, live. The question is whether or not they're only keeping data relevant to an ongoing investigation.

I'm just amazed that someone was able to build an NT box that could conceivably sniff and parse data at gigabit speeds, let alone 100Mbit/s. I imagine a fibre connection right at their core routers going to a fibre card in the carnivore box, or a fibre connection to a 100Mbit switch running full-tilt 24x7.

To cover all possibilities, it's safe to assume that every unencrypted web page view, email, ftp, AOL, AOL-IM, IRC and NNTP session *ever* has been sniffed and possibly archived or indexed somewhere. The Internet was built BY the government FOR the government, and anyone who thinks it was just "handed over" to the public in '92 probably also thinks AOL bought the Internet from the NSF.

SSL * SSH * GnuPG/PGP - these things exist for a reason. With the expiration of the RSA patents in September went all excuses for not using encryption.
--

Re:Perrit's mind may already be made up.

[empty]

Exactly. Full impartiality means no (zip, zero, zilch, past, present or future) relationship with any of the parties.

What a ridiculous concept. What if his brother had a relationship with any of the parties? What if a friend of his had a relationship with any of the parties? How about a friend of a friend?

There is no such thing as full impartiality.

Re:Ummmm....yeah

[macker]

parser phase error 37

Any electronic surveillance involves balancing:
[(=effective enforcement of= +the criminal laws+) AND (=protection of= +national security+)] against [(invasion of privacy)]

no charge... _t_h_i_s_ time

Re:Your intentions are good...

[fizban]

Jesus! You people sure like to argue yourselves in big old circles, don't you? No wonder I get so frustrated reading comments to Slashdot stories...

Listen, the guy's an academic, which means he probably has a lot more logical sense and level-headed analytical thinking skills than most of us here. He also knows what the government is like and knows what types of games they play, 'cause he used to work there. And it's not like he's working for the government right now... (No, he's not!) He's a third-party dude coming in to give a report on something that people (YOU!) want to know more about. Let the group do the report... Then go from there. Let's take it one step at a time.

It's amazing to me how so many people here spout so much rhetoric about respecting the rights of the individual and then turn around and slap labels on INDIVIDUALS because of the ORGANIZATIONS their work requires them to be involved with. These people are not evil. They're trying to do good in their own way and they're not out to get you. If they miss something along the way, and don't see a problem from every angle, don't damn them to Hell. Give 'em a break. They're human.
----
Lyell E. Haynes

Re:Question #8

[deblau]

Four words explain the avoidance: the algorithm is classified.

I'm sure Mr. Perritt can't talk about it. He probably can't even say who the experts are, because knowing them tells everyone their skillset, which in turn tells everyone what kind of knowledge is necessary to analyze the Carnivore system, which in turn tells everyone about the guts of the system. This kind of thinking is common in government work.

-- Dave

Re:Your intentions are good...

[mjackson14609]

The US government is set up to do as little as possible.

Nonsense. The Framers were replacing the Articles of Confederation, under which the US government had been permitted to do too little. The Constitution describes a system under which the US government can do a useful (and not wholly inflexible) collection of things, with safeguards that enable, but do not automatically guarantee, protection of individual liberties.

Re:Why do we need Federal Law Enforcement?

[Stonehand]

Actually, murder can be a Federal crime -- the cardinal example might be murdering a postal worker, and thus interfering with the mail system.

The 14th amendment (IIRC, that's the one guaranteeing equal protection under the law) combined with the elastic clause also yields justification for civil rights law and Federal investigation, when the local authorities are unable or unwilling, such as when local authorities who also happened to be Klansmen conspired to murder civil rights workers. The intervention via the Airborne troopers escorting black students to school against the wishes of Gov. Faubus was another clearly justified case. Local corruption, such as that relating to a former Governor of Alaska, sometimes also require Federal jurisdiction for effective prosecution.

We do need Federal law enforcement for these reasons, plus for pretty much anything that clearly transcends the authority of a single state such as interstate smuggling operations or international investigations. The Founding Fathers chose to give jurisidiction over interstate commerce and international affairs to the Federal government for a reason, presumably related to their experiences with the weak government defined by the Articles of Confederation, and to avoid counterproductive silliness such as states taxing products from other states, or worse, making their own independent treaties and declarations of war. I an fairly sure that my state does not have a counterintelligence network capable of monitoring FSB infiltration on its own, should any FSB agents for whatever reason feel Pennsylvania merits their interest, and PA most probably does not have its own agents investigating bin Laden's network at the moment.

You are correct that it has indeed at times been stretched too far. Civil forfeiture law has been cited as one obvious problem, and has gotten some attention from Congress for its abuses. By no means is Federal law enforcement unjustified in all cases, however.

Re:Confidentiality?

[Stonehand]

Not really. Keep in mind that this is apparently a custom design, not something just built around COTS foo. It may not even be remotely accessible depending upon design.

Would you ask that the FBI reveal the technical capabilities of its wiretapping methods, and how its bugs transmit information back to the operators (or how such information is collected, if it requires servicing a drop of some kind), so that the next Mafia capo tutti capo-wannabee can look out for such happenings?

Or would you ask that the NRO declassify the capabilities of US surveillance satellites, so that those who wish not to be observed know better how to camouflage?

Oh, and while we're at it, we might as well as the Russians for blueprints of all their ICBM designs, nuclear warheads, detonation and safety systems. And details of the security precautions and layouts of each installation. We're much safer knowing that anybody can learn how one might try to capture a thermonuclear device, and then smuggle it afar.

There are many, many details which have been successfully obscured. Just because many programmers lack the competence to design a remotely secure system, does not mean that any system that is secret is insecure, or that opening such a system is in the slightest appropriate.

Re:Foreign Intelligence Investigations??

[Stonehand]

Foreign intelligence may mean gathering SIG/ELINT on foreigners either in or with connections in the US, as well. They'd have to be careful not to accidentally listen to unrelated conversations between citizens that just happen to be using the same line, which may be tricky at times.

You may want to capture e-mail going to saddam.hussein@yahoo.com (No, I didn't check to see whether that's a valid address...). Sure, he isn't guaranteed full protections under the law. But your system better not result in a human being ever accidentally reading mail sent to bclinton+monica@yahoo.com, so you have to be careful designing, implementing and using whatever devices and methods are needed. Plus, the ISP has certain rights, too...

Re:One thing I hadn't considered...

[ptbrown]

With analog phone taps (circuit switching) there is a physical pair of wires that you can determine with certainty only carry the audio conversations to or from a particular location. It's the electronic equivalent of a stake-out in front of a suspect's house.

Carnivore, however, is tapping a packet switched network. It has to sit there listening to all traffic with all different sources and destinations. Then they try to apply some automated software voodoo to only record the data within the bounds of the warrant. And in that sense, it's like having a stake-out in the food court of a mall that you know the suspect occassionally visits.

Consider these scenarios: [1]The suspect is able to send information in a way that bypasses the tap or is illegible (encrypted); the tap is ineffective. [2]The tap picks up information not belonging to the suspect but turns suspicion to another person who isn't a suspect; the warrant has been violated. [3]The tap picks up information not belonging to the suspect, but is seen as if it had; the suspect is wrongfully incriminated. [4]The tap picks up incriminating evidence relating to the suspect; the tap is effective.

So we end up with a 50% chance of getting information relating to the suspect, and only 25% that it's actually useful. But it's that other 50% that worries me, because there should be a 0% chance of that ever happening.

Oh, and about Mr. Perrit. He made a big point about saying that many of the reviewers are Republicans (opposed to the current Democratic administration). Oh yeah, Republicans have *never* done anything to compromise the privacy of citizens. That makes me feel a whole lot better. Fnord.

Re:Ummm...looking for an excuse?

[MisterC]

"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy ."
I think that the sentence should be read as above. Now it sounds like english, doesn't it ?

Heh... Qualified?

[rakslice]

"A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools."

So, shall we take that as a no?

Re:boxen

[Dirtside]

Then you must HATE Don King... he's always talkin' about how great boxen' is...

Oh, that's boxING. Nevermind.

Re:Perrit Interview

[Keelor]

> the people doing this review become unemployable if they piss the Feds off

Huh?

Last I checked, Dean Perrit is quite comfortable with his job as the Dean (hence the title) of the Chicago-Kent College of Law. I'm pretty sure that he isn't leaving that position just to do a review of Carnivore. Besides, in today's society, if he pisses of the Feds he could be more employable. Definitely not the other way around.

~=Keelor

Re:The Question:

[Keelor]

*cough*

Are you free to answer questions posted here, or does the FBI review your answers first?

The implication of the question was that if the answers to the questions aren't reviewed, then he is free to post whatever he wants.

~=Keelor

Re:Ummmm....yeah

[Liza]

Although I share OlympicSponsor's skeptical view of Carnivore (at least to some extent), I think attacks should focus on the merits and risks of the technology, not the reviewer's grammar.

OS took issue with this sentence in Perrit's answers: "Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy." OS did this by claiming, "The second clause (in bold) doesn't appear to be written in English. What would it mean to threaten to invade the privacy of national security?"

In fact, this is good grammar, although commas might have helped make it clearer. The "balancing" Perrit described require the review team to weigh two concerns against one concern: The first two concerns, criminal laws AND protection of national security, should (again, in Perrit's view) be considered against one other concern, "threats of invasion of privacy." I thought it was clear that Perrit meant invasion of individual Internet user privacy under the 4th Amendment.

Re:Crooks won't encrypt, Carnivore will work

[Shagg]

Yes, but Carnivore is being developed for use by the FBI, not your local county police office. They're not going after "3-tooth Bubba" who just knocked off the corner 7-11. How many criminals that the FBI investigates do they really expect to send un-encrypted emails discussing their felonies.

You're missing the whole point!

[bwoodring]

Perrit's job is *NOT* to determine whether or not Carnivore is "fine and perfectly legal", nor is it make any moral or ethical judgements about Carnivore. He never said he liked Carnivore or endorsed it.

Perrit's job is to verify that the DoJ has accurately represented the functionality of Carnivore and to verify that Carnivore does not collect any more information than the DoJ says it does.

Bruno

Sounds good, clean. Honest even.

[chancycat]

So why don't I feel completely assured? The words all ring true, but there's a lack of content and effort behind them.

Re:One thing is clear...

[jejones]

Let's see...the government will cheerfully deprive you of your right to use your land as you see fit if it considers it (under a broad and bogus definition) a "wetland", or the habitat of an endangered "species" (which may be an obscure variety of a very common species). The government will, at the drop of a rumor, break into your house or seize your property in the name of the War on Drugs. The government is still trying to push through laws to make your bank start profiling your transactions and report anything "unusual" to the government, which will take it as possibly meaning your a drug dealer trying to launder money. The government will also take as evidence of your guilt paying for something expensive in cash.

I'm sorry, but we're headed for a police state; I don't trust the government at all.

Re:Here's one they forgot to ask...

[Donavan]

LOL I'd pull the gaming link out of your sig... Unless of course you're trying to point out what a little twit Maynard was in that article.

Re:Here's one they forgot to ask...

[Donavan]

Of course it is! Just because one person managed to screw up his order with Loki Linux is going to fall. I mean hell NO windows vendor EVER has any kind of distribution problem. Microsoft and those who write software for it never have delays finsishing a product.

Re:wrong answer?

[demaria]

He's not exactly wrong on that one, if you invision every port on the switch as a seperate network segment.

But that doesn't change that the NIC on the computer itself sees all the traffic on the line that it is connected to, whether traffic is intended for it or not.

Re:My Carnivore review...

[evilphish]

what about Uber Geeeenius!

Re:Foreign Intelligence Investigations??

[dlapine]

Uh, you have that just backwards. They can use any methods they like against foreign nationals, but must strictly apply rigorous standards when investigating US citizens. What this means in practice is that they collect everything, and officially ignore that which pertains to US citizens.

Unofficially, who knows... which is what makes this investigation important.

Good answer..

[bdigit]

" Perritt: A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools. " Sure sounds like it considering you gave a definition write out of a dictionary and no further answer to the question. It seems as though he completely tried to avoid the question or had no clue what he was talking about and wanted to move onto the next question already.

Try reading some english

[bapink01]

Try reading some precedent.

Imagine that someone calls the cops because there is screaming or shooting noises coming out of your house (even if it is the TV). You can be sure that the cops are going to take a look-see without waiting for a warrant. Exclaimation!

Even the Strict Contstructionists (on the supreme court) are likely to agree with that practice.

If you don't want to read, watch more Law and Order. It is accurate enough to make canadian leaders mad because teens learn more about the US justice system than the canadian justice system.

Why do we need Federal Law Enforcement?

[mmccune]

Most of the crimes are covered by local laws. Are murder and rape a Federal crimes? (no, the states have their own laws). Also, the states have cooperated with each other for decades and it is becoming even easier with modern communication and databases.

The only thing Federal law enforcement does is increasingly trample our constitutional rights. There are too many examples to go into: The "War on Drugs", civil seizures, Waco, Ruby Ridge, BATF and so on ....

HYPOTHETICAL COURT CASE

[Stoutlimb]

Suppose someone gets taken to court based on information that Carnivore has suplied.

First, the defence would ask "Can it be proven beyond a reasonable doubt to the jury that the Carnivore system has not been tampered with, either by law enforcement officials, or by a malicious third party?"

Then "Can it be proven beyond a reasonable doubt that the defendants win98 machine has not been cracked or tampered with by law enforcement officials or by a malicious third party?"

Voice recordings are one thing, but insecure e-mail sent from an insecure computer, and intercepted by a black box that no-one will disclose the inner workings of in a court of law? And with no safeguards in place to prove that law enforcement officials didn't upload any sneaky software not in the Carnivore documentation?

Sure, it might work, but I can hardly see anything collected by Carnivore being that strongly considered in a court of law. Just look at OJ's DNA evidence!

Carnivore is drek, the government wants it to know what it's citizens are doing, not because it will win court cases.

Blah.

Re:HYPOTHETICAL COURT CASE

[Stoutlimb]

Yes, very true. I see it as one more nail in the coffin of freedom. The justice system occasionally goes against the will of the government, but it's definately not a sure thing. I'm sure you could convince a judge that Carnivore was faulty, if you spend as much money as OJ did, but what about the common joe? Looks like government will win most cases, and lawyers will win in all cases.

And, I don't love America. I don't live there, and I don't want to live there. I'm convinced there are better places to live, even though I can get a better paid job there. But still, Carnivore is a bad precedent that others will surely follow, if they havn't already.

Computers can be the best friend of any totalitarian government, as well as tools for freedom. Since we've had so much freedom already, I think a lot of people havn't realized what is possible. I think it will take one or many countries to go all the way down the dark path of computerised totalitarianism and surveillance before the masses realize how much of a bad thing this is, and push back. Sadly, once gone down such a path, it can take a hundred years to get back on track, just look at the Russian revolution.

A sad state of affairs, but sometimes humanity's best lessons are learned the hard way. It's easy to learn from history, but in the digital age, someone has to learn it the hard way the first time. My guess is that this will either be the USA or the UK. My bets are on UK so far, USA second.

Bleh.

Re:HYPOTHETICAL COURT CASE

[chenry007]

Thats a good theory, but again you are putting your trust in the same "justice" system that allowed carnivore to be implemented. but my point was if you are innocent why worry? but if you have been bad, you will be convicted by a computer program and sentenced by a judge that more than likely cant even figure out how to get outlook to check his email. boy dont you just love america?

Wish I had posted this earlier

[Emugamer]

Well its a bit late but I would still love some feedback on this observation. From what I can read both from the comments of the slashdot readers and his answers is one thing: HE WAS GONNA DIE ANYWAY.

Why you ask? Because the questions and the subject manner. Some people praise him that he answered with dignity to a full assault on his integrity. What does that mean? He is a polititian, not a techy. Perhaps a combination of both but from looking at his answers it seems more management thoughts and how to quell the throngs of slashdotters trying to kill him.

If I had these questions asked of me Id say "Fuck you" and slam the phone/email/reporter down. but basically anyone who accpeted this bomb is gonna have the fuse lit by us slashdotters. because no one who admires,respects or thinks like us would take this hellish assignment. So we got a wussy politian who didn't really answer any question that wasn't an attack and because they were mostly attacks he got by with answering 80% of the questions in a complete manner. Perhaps next time lets ask less attacking and more substatial questions. Please tell me if I did mess up but I do believe that a interview on this subject would never turn out any other way

Inslaw is forgiven then???

[vandan]

No matter how many member of the team come out and say "Yes, we're good people. Yes, we promise (Promis) we won't do anything wrong" my view still is that the DOJ is one of the most disgusting orginisations known to intelligent life, and NEVER, EVER, EVER to be trusted. They have validated my opinion at every decision juncture. The DOJ is about money & power. Not the good of the people, or the preservation of "ethics", whatever they think this abstract term to be. Just MONEY & POWER. The only light at the end of the tunnel for us is that intelligent people - REALLY intelligent people tend to have a more developed sense of justice than the DOJ and will not work on their abominations. The very best of the world's people will always be on our side, and our chaotic nature will confuse and erode their best efforts at fucking us up the arse and hiding (killing) the evidence.

!FNORD!

Re:All network cards tap?

[drinkypoo]

So encrypt it all. Everything. ALL traffic in and out of everywhere. What is really needed is a free public CA, who can sign ssl certs for people. Or, better yet, come up with a "web of trust" system and build support for it into the web browsers...then into everything else.

Anyone can sign their own certs, and be a CA. If you're using a Unix system (or similar) then you can build openssl without any commercial software without any trouble. If you're using Windows, then you might get GNU C to work, with or without cygwin. There are documents on how to get it working (If you build under Cygwin, for example, you must turn off threading.)

I personally sign my own certs. Sure, I'm not a trusted authority, but people who trust me, well, trust me. When my website comes up again, you will be able to access any page via either HTTP or HTTPS. I'll probably only do 56-bit to save me a little CPU time on my server, but it's still encrypted traffic.

I can't get there right now, so perhaps they're being hax0r3d even as we speak, but check out OpenSSL.org for more information. If you really and truly cannot get OpenSSL built on Windows NT, contact me for binaries. I *will not* provide you with source, so don't ask; I didn't modify their source in any way to produce my binaries, and you can download it from any OpenSSL mirror. If you don't like that, don't ask me for the binaries. And I will NOT be a source mirror.

Sorry for that little rant, but hey, you have to lay down the law or people walk all over you. And before you get all snitty about the law of the license, I'm not modifying source.

Re:Dodged the question

[schatten]

actually I believe they will be reviewing a different version of the system. Lets put this into perspective from what we are most familiar with. They will be reviewing a compiled version of DOS 5.0 as Windows ME (the POS edition) is on the shelves.

I agree, the question was entirely avoided. "Network management tools" - that only tells me he looked it up in hacking for dummies or on webopedia.com. ugh!

www.buymeaferrari.com

Re:(OT) what about the NSA interview?

[rizzo242]

It looks like the answers to the questions were never posted. What happened? Did I miss the followup?

IIRC, the NSA interview was with the person in charge of their museum (not exactly the Cigarette-Smoking Man). I doubt we missed much.

Team not qualified?

[bataras]

Perritt said, "A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools." Hmm. A "number of member" implies "not all of the members". So, you're saying that not all of the members of the review team are familiar with a routine network management tools? Encouraging indeed...

Re:I have it up to here

[NevDull]

Implicit in allowing the government to do something which you don't believe will work is the validity you grant to their intentions.

If they were somehow to fix all the technical issues related to encryption, etc., then they could say, "You already gave us permission to do this. We just fixed things."

Oh, and as for the stance those who do nothing wrong have nothing to fear... remember that what is wrong depends on who does the judging. That'll be changing in January, and again in 2004 or 2008.

"I [may] disapprove of what you say, but I will defend to the death your right to say it."
-Voltaire

-Nev

Re:Widespread crypto

[lpontiac]

Although the export controls caused a real problem, they have been lifted.

Maybe over there.. over here (.au) anything stronger than 56-bits (symmetric) is classed as a munition. I find it quite amusing that I can't legally stick the assignment I just did, up on the web for general viewing :)

Re:Your intentions are good...

[InfinityWpi]

I'm not going to bash him, but I believe he's not suspicious enough. I might trust him as a person, but I'm still not going to trust his report.

..... Since he's not suspicious enough? You don't need to be suspicious to be thorough. Simply because he doesn't have the preconcieved notion that Carnivore is bad doesn't mean his report will state "Carnivore is fine." Are you saying that if his report details a list of thirty ways that Carnivore is illegal, you'll still not trust it? Why? Because you'll think there's more things wrong? You've already pre-judged the report withotu even having a look at it or the equipment the report is based on, just on what you've gotten from /. and the 'net. That would be as bad as voting for or against a president based on late-night talk-show monologues.

Let the report come out, read it, then judge if you can trust it or not.

WTF moderated this as 'funny'?

[InfinityWpi]

I liked 'Insightful'. I was expecting 'flamebait'. But 'funny'? Geeze...

Re:Question #8

[gscott]

Thought they already released the names. As Mr. Graham says, he saw no one on the list that seemed to have the appropriate technical skills. So if you are correct, either they are bringing in other people and are not being up front about it or he does not wish to say who they are for other reasons. Just my humble thoughts. I had not considered the possibility of the names being classified for security reasons.

Haha...

[zoftie]

Hey, we do not have it here =) In Canada, Eh? Anyhow, The guy is total dumb rasin bag. He is being political an all, but I could've gotten very same answers from my Eliza bot. He is just providing output that does not carry any information. Like what if some FBI employees screwed up and used Carnivore to gather dirt on someone else, and place the wrong person in jail using 'modified' output of carnivore. There is no human to check with nor any other opposing information system that would allow for double checing the data.The whole thing means simply that we all should start using encrypted email and SSLed servers, with ceritificates generated by themselves and not escrowed to Thawte and other two faced demons. I wonder if they going to share the pipe with the ISP for sending off the filtered data, or have their own brought in. That would cost a mighty large dollar to Americans, while many other social problems are not solved. Here it is not better, at least we are not the only stupid ones.

Re:My Carnivore review...

[GungaDan]

"First we will examine the Tyranosaurus Rex, here forward referred to as T-Rex. The Tyranosaurus has two main attack methods."

Now we will examine the Posterus Slashdoticus Ignoramus, hereafter known as Mustard. Posterus Slashdoticus Ignoramus are often seen ignoring the stuff they say in the sentence right before the one they're writing at present.

No personal offense intended, Mean Mr. Mustard. I rather enjoyed your post, actually.

I contest...

[ninjawhoreior]

Just exactly how is the T-Rex more succesful? I was under the impression that it was no longer around, while the coyote probably is.

a late comment, but I got it in. freedom at will

[Vspirit]

We have two opposites, one is the party fighting for freedom(& the criminals) and the other is the one for control(& the law).

In the age of information these entities are in a battle of interests. The battle aid's to the evolution of information technology.

When the those that do not abide to law, engineer new technology for protection of privacy and at the same time intrusion into other parties, the law/control side are to enhance their technology base, which they do. This teoretical scenario can most likely be pictured by those having insight in the world of hacking, and related interests.

This works in both ways,

Now when those in control/those who abide to the law they have set and feels good to them, enhance their technology base with a system such as carnivore or similar (carnivore doesn't actually seem so scare, I can imagine much worse), then the situation has been turned upside down and now it is the ones fighting for freedom who are to introduce better technology to protect their interests.

epilog.
Systems such as carnivore that provokes actually aids to the evolution of protection of privacy. It helps to bring more awareness to the issues and more activity to solving the problems. Existing systems are being reviewed and improved systems will appear.

I have it up to here

[chenry007]

I dont know about anyone else but I am tried of reading about Carnivore, the way I see is that the FBI is fighting a loosing battle since any half decent crook would probably encrpty there email anyway. And the way I see it is that if you arent dont anything illegal then you should have nothing to worry about, think of the number of emails that passes through an ISP's mailserver each day, do you really think that the FBI will waste their bandwidth scaning all those emails? I would be more worried if the FBI wanted everyone to to turn over a copy of their PGP key. -

Re:I have it up to here

[Stonehand]

Many criminals aren't terribly clued, and few are careful to the extreme. The World Trade Center bombers come to mind as cardinal examples -- returning to claim a refund on the Ryder Truck wasn't the smoothest of possible moves.

There used to be a "Moron Muster" listing people who posted, publicly (on USENET, in plaintext) blatantly requesting pirated software (usually caught via a fake FTP w4r3z S1t3 announcement followed by a request for public "add me to the list" posts. Sure, they got added to a list...) The list was alarmingly large, but IIRC is no longer maintained.

The Algerian who got caught with explosives at the Canadian border 'round New Years -- apparently he or somebody in his cell made a pretty hefty mistake. Perhaps t'was infiltrated -- ISTR that once upon a time, a very, very large number of "members" of various extremist orgs like Weathermen, Klan spin-offs, and such, were actually Feds.

As for legality, well, that is a concern. Frankly, even for a "good cause" (counterrorism), I would not want to accept a precedent which said that existing statutes should be ignored when it is expedient to do so; it is too easy to cynically manufacture "good causes".

Consequently, current privacy guarantees should be maintained... and whether that is true may be based upon how good Carnivore's filtering system is. If the architecture guarantees that only specifically targetted communications will be visible to human observers (Ever. Not on tape; not shown on screen; but INVISIBLE as far as Carnivore's users and the users of its product are concerned), then it could be permissible. But ignoring existing Constitutional protections, or those granted by laws consistent with such, simply due to expedience is intolerable.

Carnivore might become as abused as wiretapping.

[AFCArchvile]

Think of it: 24 hours a day, 7 days a week, 52 weeks a year, the NSA and the FBI use wiretapping all over the US. Wiretapping is usually the very first action taken against a suspect to attempt to incriminate him/her. The same might happen soon with e-mail and submitted forms. Perhaps the CIA has already developed a way to crack 128-bit encryption for the purpose of enlarging Carnivore's scope. If this is the case, I fear that some hackers might isolate this utility and use it against other sites.

Re:Well that was rather... bland

[MidnightLog]

The proof should be "in the pudding". You can't do an unbiased review if you're already biased.

email posts to piss off Carnivore

[TWX_the_Linux_Zealot]

Well, if we don't like what we get out of the review, maybe we should all just start sending emails with "bomb", "machine gun", "kill", "sniper", etc, to the point that carnivore intercepts traffic that it isn't supposed to get to make it useless...

Moving Forward

[silas_moeckel]

It would seem that everybody is assuming for purposes of a legal definition that all networks are clasical hubed Ethernet as far as gathering infomation. In a switched network all packets do not end up at every NIC and lets face it bobody building a modern network is going to utilize hubs if they can avoid it. So you must invasavly tap the trunk of the dataflow to gather the data it is not simple there for you to easedrop. It would seem that this technology is planned to be deployed to tap trunks and then discriminate that data wich as previously stated is not legal. To make a true wiretap this sort of thing would have to be placed on the individuals network connection not so frar upstream as inside the network provider.

Re:One thing is clear...

[gashbot]

We the People are supposed to beleive that the gov't is 'inherently evil' and 'trying to screw us over.' That's what the Founders of this nation beleived and that assumption is the foundation for the structure of the federal government. (See, e.g., U.S. Constitution, @nd Amendment) There is hardly anything more patriotic than distrusting the government. Slashdotters are not paranoid delusionals only red-blooded Americans.

government

[techno-at-nni.com]

Face it, they are going to install this thing or a variant of it somewhere and whether you know about it or not is of no concern to them. The government is there and is always there, even when you're sleeping. Call it crazy or nonsense, but I think it's true.. sometimes they know things about you before you do. You don't want to be monitored? then shut off the TV, hang up the phone and move to a shut off island, because even if you waste your *precious vote* the government is going to do what it wants, when it wants and it's not going to ask you. Hell, you even get monitored on services you pay for... They know who's watching what, 'they' know what you're talking about. Sure, we pay the bills for our senators, but do *you really think they care*? They get paid either way.. its not like you can stop paying taxes because you don't like the service you're getting... In the end you have as much say in your own life as a 3 year old child.. the government tells you what else to do (or your damn job for that fact).

Which is more inane?

[SecondSon]

I'm trying to decide which is more inane: the Justice Department "submitting" Carnivore to such a tightly controlled review, or /. readers asking one of the reviewers to assuage their privacy fears.

Violated

[NGTV13]

In my humble opinion, I believe, it makes little difference why the government wants to snoop on our email, it's the fact that they are. There's the old metaphor "If you don't have anything to hide, you don't have anything to worry about" granted, in theory this is beautiful, it couldn't be farther from the truth. I could write my sister an email saying my son wet his bed, and do I want the government knowing that? It's not that I'm hiding, it's a thing (which now has become very very close to obsolete) called PRICAVY. If I want to talk to someone, let me do it, I don't need big brother standing over me and asking me how many fingers he's holding up.
You may view this as extreme... But, I think we have to stop it early, before it gets out of hand... Governments do things one small step at a time, until we don't even notice when we have no rights anymore. Take for example Hitler and WWII (terrible terrible person, by the way). He slowly became more and more oppressive to the jews, and they didn't (largely) notice it. They noticed that they were mistreated, but even as they walked into their death showers, they believed that they were getting bathed, when infact they were being exterminated.
Now, i'm not saying the white house is the next hitler (I pray there never is another hitler) but with every oppressive action the government takes, there is one more step to a completely orwellian society
Thank you

Re:wtf is pricavy?

[NGTV13]

smartass

Re:foreign intelligence investigations

[SlippyToad]

I would have to say that's a pretty lame excuse for violating our privacy in every possible way that technology allows. I feel much safer from terrorists overseas than I do from my own government's blundering idiocy. The wish of the government to gather intelligence data isn't my problem. I didn't ask them to do it.

wtf is pricavy?

[snowshovelboy]

It's not that I'm hiding, it's a thing (which now has become very very close to obsolete) called PRICAVY.
I are you sure pricavy isn't a new thing? I can't find it here, herethis lame thing!!

Re:Here's one they forgot to ask...

[config.sys]

Whatever. Just glad I run Windows. That whole thing looked downright crass. Linux is heading for the BIG FALL

Re:Perrit Interview

One thing I find amusing, is that thie person whose job security depends 100% on the goodwill of the FBI-- which controls his security clearance-- brushes off any consideration of bias, with the false statement that the review team's ties with the Federal government are in the past.

Another thing I find amusing, is that the review is already over and done with. The gentleman sees "no reason" why the FBI should want anything other than a fair & impartial review. That's the exact same thing, as saying that Carnivore's software does exactly what we have been told, neither more nor less.

So... the Feds are paying for this review, the people doing this review become unemployable if they piss the Feds off, and the Feds get to edit the final report to suit themselves.

Am I the only one who refuses to take this matter seriously??

why impartiality is important to the doj

[drew]

alright, the department of justice has as much reason as everyone else here does to want this review to be impartial. why? because the united states department of justice is not related to the united states court system. remember that whole three branches of government thing?

jump a few years ahead. the carnivore review was a wash. the doj have put their handy little sniffers in place, and actually manage to catch a two bit drug smuggler who wasn't smart enough to encrypt his email. he sues the doj based on the unconstitutionality of the carnivore device. the judge agrees.

oops. now doj is up a creek. carnivore has been declared unconstitutional and all of the work they put into it is for nothing. what's worse, they never got any big convictions out of it, and the one little two-bit smuggler they did catch gets off the hook. not to mention all of the bad publicity the doj gets.

if the carnivore system is going to get declared illegal or unconstitutional by a federal judge, it is in the doj's best interest for these lawyers to point that out now. because the doj can't do anything about a judges decision. they can do something about the decision of these reviewers: they can listen to what they say, and, if neccessary, change the implementation of carnivore so that it behaves within what is considered to be acceptable behavior for electronic surveillance. because not all electronic surveillance is unconstitutional. and if carnivore does violate our constitutional rights, the case will get thrown out of court the first time they try to use it.

Thoughts

[Urmane]

Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States. It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

He misses the point - that's not what we're worried about.

Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. [...]It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."

Um, hello? This is done all the time in the courts, by "experts". Obviously the DOJ has something to gain: power. And I'm sure they could offer something to the review team to persuade them. No, I don't think this'll happen, but simply saying "it's not in our interest" doesn't convince me.

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

Yeah, well, ping is routinely used, but that doesn't mean the users are familiar with ICMP "technology". I know plenty of people that use snoop on Solaris who don't understand protocol analysis. I don't consider this answer sufficient.

His answers appear a bit vague and "don't-worry"-ish, but maybe he didn't expect them to be examined so thoroughly, or maybe he had a bad day. I'm willing to give him the benefit of the doubt, but I'm still not completely conviced.

--

Re:Hmmm

[Dasein]

Or... "I think that I might get removed from the review team if I said that I'd fight them tooth and nail. So I'm not saying anything."

It's seems to me that this guy is walking a fine line. He's answering questions in a hostile environment. That takes guts and speaks a little to his credibility.

By my view, this sort of system is an affront to our liberties. The fact that he's answering questions here make me think that he believes that there is a balance to be had (a hardliner wouldn't bother). I expect that he'll discharge his duties in accord with his beliefs.

Re:One thing is clear...

[Goonie]

This man does not share the belief that most /.ers have, that being, the government in inherently evil and trying to screw us over. over.

Intelligence-gathering services and federal police agencies h ave a long history of politicization and exceeding their authority. Perhaps you've forgotten what the FBI got up to under Hoover, or the CIA's activities in the 1980's?

Even in my home state of Victoria, Australia, an "intelligence bureau" was set up where police were infiltrated into various groups of political activists such as student groups, the Squatters' Union, and a whole bunch of mostly innocuous community organisations. While it might be arguably legitimate to surveil these groups (including reading their mail, tapping phone calls, and keeping extensive dossiers on people who *hadn't committed crimes*) if they are planning violent protests, most of them had no such plans, and indeed the officers performing the surveillance begged their superiors to stop wasting their time. In one particularly sad/amusing case, the officer concerned sympathised with the advocacy group to such an extent that he spent a substantial amount of time teaching the members of the group typing skills so they could advocate their views more effectively.

When a new government was elected and discovered the surveillance division, the minister concerned ordered that the surveillance be stopped and all files to be destroyed. However, the surveillance continued and files were retained for at least another five years in direct contravention of the wishes of their political bosses (who were *fully* empowered to direct the police in this way).

People who worry about "law and order", "national security" and "stability" go work for these organisations. People worried about "civil liberties" don't.

Just because you're paranoid...etc

[msouth]

It is very unusual for a federal agency to acquiesce in a third party review of an important system. Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility.

Okay, I"ll try not to sputter uncontrollably at the poor logic here. First off, why do you think they commissioned this? Public outcry (you used the term "acquiesce" yourself, so I assume you realize that this wasn't something they wanted). What, may we infer from this fact, is their "interest"? Settling the public down. Getting people to accept the boxes. Censoring anything that would prompt further outcry from the public (which they might again have to "acquiesce" to) would obviously be in line with these "interests".

The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."

Maybe I can help you with an example of the correct use of "counterintuitive": It's counterintuitive to believe that the review process has any integrity when a majority of institutions turned down an opportunity for a prestigious opportunity for national exposure because of concerns about the process.

Intuition says, and your comments bear out, that the only institutions that have no problem with the possibility of censorship are institutions that essentially trust the government (and of course, intuition can be wrong--I'm just saying that it's not on your side, not that we should trust it). Intuition tells me that, if you are the type of person that says "well, the govenrnment will probably only take out the parts of the report that are essential to security", you are much more likely to be the type of person that says "well, the government will probably only listen to the stuff that they're pretty sure is related to a crime". That doesn't give me warm fuzzies about your qualifications.

While I certainly agree that the average Slashdot poster is on the high end of the paranoia scale, I think there is a lot about this case that makes a lot of suspicion healthy. You appear to either believe or be trying to push the idea that this review is something that the government came up with because it felt that it would be the best way to protect our privacy. Whether you believe that or are trying to make it appear that way, it casts doubt on your credibility.
--

Re:One thing is clear...

[Col.+Klink+(retired)]

> The government isn't always out to screw us, people.

True enough. It isn't *always* doing that. But you can't ignore the historical fact that the gov't did indeed set out to screw people like Martin Luther King.

This bill gives the gov't more than enough power to slap down anyone that ever tries to oppose it. You can't say "won't happen here" because it already did happen here. Nixon had an enemies list, but he didn't have the technology to review every god damned web page his opponents looked at...

DOJ Overview

[Col.+Klink+(retired)]

He insists that the gov't wants an honest review. I must wonder why, then, the gov't insisted on retaining the right to alter or withhold the final report.

If the DOJ *really* wants an honest review, why maintain the right to turn it into a whitewash?

Incongruent conspiracy theories

[FallLine]

One of my nagging issues with these conspiracy theorists is that their beliefs don't seem to match. Ok, so you believe the NSA and/or the FBI is trying to hide features in Carnivore? If you believe these agents are that evil, that intelligent, and that motivated, why would they bring the press and _any_ academic scrutiny upon themselves to begin with? Why couldn't they just go behind everyone's back? Why couldn't they just give MIT a dummy machine and let them say whatever they will? The fact of the matter is that no review, be it academic or media, is going to completely obviate the need for trust.

As this guy said, Carnivore is a tool, it can be used for good or bad. You trust our intelligence services with agents and sattelites and what not. You trust our law enforcement agents with guns. You trust our military with a staggering amount of weaponary. All these can be used for great evil. But that doesn't mean we would be better off sticking our head up our ass and abolishing them entirely simply because there is potential for abuse. Question them? Sure. Nail them where they abuse? Certainly. Abandon all reason? Never.

Re:Incongruent conspiracy theories

[kevlar]

Why couldn't they just go behind everyone's back?


Because they are still restricted by law. Civil rights groups have sued to make the details of Carnivore public. As a result, the FBI was ordered to have an independent review of the system.

They already tried to go behind everyones back when they claimed it was the "Internet equivalent of a wire tapping". I know you see this as a blatently false statement.

Re:Incongruent conspiracy theories

[bnenning]

The reasonable view, in my opinion, is where both sides admit that both sides are basically trying to follow the law.

I won't admit that, because I don't believe the government is trying to follow the law, which in this case means the Constitution. There is plenty of evidence for this position; the Communications Decency Act, the Clipper chip, crypto export controls, Know Your Customer, the meth anti-proliferation bill, etc, etc.

What I do take issue with, is when they distract from the central questions by bashing integrity of the FBI and all other involved parties.

The FBI and many other government agencies deserve to have their integrity questioned based on past activities. Very few people here seem to have any difficuly accepting that entities like the RIAA and MPAA are determined to remove consumers' rights in order to increase their own power. Why can this not be true for government as well?

Carnivore is unconstitutional on its face. It is the equivalent of bugging every telephone in the country and promising only to listen to the "bad" people.

Re:Incongruent conspiracy theories

[FallLine]

Yes, that's right. They were and still are restricted by law. The reasonable view, in my opinion, is where both sides admit that both sides are basically trying to follow the law. They may have two entirely different takes on the issue, but that is the way law works. The real question is whether or not these agencies will hear stuff that they're not entitled to; not that they're _actively_ trying to setup some kind of echelon-style sniffing network. This leaves two questions: The legal debate and the technical debate (whether or not they can follow the legal criteria).

I have no problem when people want to argue the issues where they lay. What I do take issue with, is when they distract from the central questions by bashing integrity of the FBI and all other involved parties. There is a world of difference between saying "I don't trust your judgement entirely, I want X, Y, and Z" and saying "I know you're TRYING to take my civil rights away, therefore I will do the exact opposite as you no matter what"

harsh punishment or investigative powers, not both

[jetson123]

The problem is that the US legal system is, at its core, about harsh retribution not rehabilitation. And the kind of punishments the US legal system can dole out are very serious: imprisonment in an overcrowded, disease-infested prison system that does not meet international human rights standards, loss of property and income without any kind of social safety net, or simply outright execution. People are right to be suspicious of giving such a judicial system extensive investigative powers in addition to its already extensive powers of punishment.

If the US justice system ever became oriented more towards rehabilitation and helping the offender reintegrate into society, then, and only then, would extensive investigative powers be justified. (That is the route many European countries have followed in the past, and their lower crime rates seem to justify it.)

So, people probably would be happy to give the US government broad new investigative powers if the US government abolishes the death penalty, decriminalizes drug posession, and shifts emphasis from retribution to rehabilitation. Otherwise, giving it both extensiv power to punish and extensive power to investigate means going down the road towards a police state.

Re:wrong answer?

[kevlar]

While thats true, you can still hook up a machine at the uplink level for an ISP and be able to "see" traffic. Technically this can be done. Whether its a violation of peoples rights or not is in an extremely gray area. It scares me that the FBI would invade such an area.

Re:Foreign Intelligence Investigations??

[kevlar]

True. But by using just that section of law, then the police could tap every phone in the country and target whomever they wanted without a court order.

The reason why this is illegal is because they are thus spying on everyone, regardless of whether or not it will be used in court. Imagine technology like this being used in Nazi Germany. Holy hell would resistence not stand a chance.

I know thats an extreme example, but its best to understand power limitations in extreme situations. Then you can see how power is abused.

Re:Foreign Intelligence Investigations??

[kevlar]

You're missing my point. The restrictions on Carnivore are based on what the Constitution allows (in theory).

If they're using this against foreign nationals as well, then they'd be alotting them the same rights as American citizens. That is of course, unless Carnivore has the ability to not play by the rules.

I take his statement practically as admittion that Carnivore does not play by the rules.

Foreign Intelligence Investigations??

[kevlar]

Carnivore is used in sensitive criminal and foreign intelligence investigations.


Interesting... so when they conduct foreign intelligence investigations, they must provide the target with the same rights as an American citizen? What a load of crap!

Widespread crypto

[Sloppy]

one of the reason that strong encryption by default is a good idea, so only the source and recipient can read that data? (Every web session over SSL, every shell over SSH etc...) Ooops, the government doesn't like widespread crypto either.

Although the export controls caused a real problem, they have been lifted. So I wonder what (if anything) the government is doing to prevent the proliferation of strong crypto. I kinda suspect they doing very little, either due to it being hopeless (genie can't go back into bottle) or because their cracking ability is far beyond what is believed (i.e. they can quickly crack what we think is strong).

About the only thing they can do to slow down crypto would be to apply pressure at some centralized points that effect many people (e.g. Microsoft, Apple).

Many of the mundane uses of the internet don't have any centralized point that can easily be pressured, though. (e.g. Open source.) That's why ssh/ssl are so much more commonly used by BSD/Linux users. I wonder why Slashdot doesn't let people connect via HTTPS yet. (But then I've always also wondered why Slashdot still uses GIFs, links to Amazon, etc. Inconsistency is not new here.)

---

Re:he is feeding bs here

[tweek]

Actually my assumption is that the ISP's will mirror all traffic to one port of the switch that the carnivore box is plugged into.

One thing I hadn't considered...

[dinotrac]

Personal disclaimer: I graduated from Chicago-Kent and do not believe that the folks there would "turn over" for the government. That would, in the end, be bad for them and bad for the Law School. Remember: Lawyers often make their money and reputations by fighting against misbehaving elements of the government. Besides, the first time Carnivore generated data gets used in trial, the defendants will claim that it is unconstitutional. Case goes out the door if the judge agrees.

anyway...

The part that interested me:

If appropriate filters are used in a sniffer or other network monitoring device, preventing human knowledge of material that is filtered out, there may be less threat to privacy interests than if human beings must review content in order to apply minimization requirements, as is commonplace with telephone wiretaps.

I don't know how we feel warm and fuzzy about it, but digital eavesdropping at least has the theoretical capability to be digitally filtered, with only relevant info ever seeing human eyes. Analog phone taps don't have that.

Re:The Questions....

[Black+Parrot]

> If I was that guy I would have refused to answer attacks on his integrity after the third or fourth time.

Only honest people take offence at attacks on their integrity.

--
Give me a candidate who speaks out against the war on drugs.

Slashdot is a tool

[dkfn]

Since we all know that the FBI runs Slashdot, most of these questions were redundant anyway.

Re:Or it might just be...

[dead_penguin]

Right; I think that his reply to this was purposely vague. Assuming the conspiracy theorists *are* correct, you'd better believe the powers that be are reading all his answers to questions here, and all of our replys.

If he had come up with an answer that stated that he *would* go against the FBI and anyone else trying to cover up the final report, I doubt they'd even give him much of a chance to put his input into the report-- i.e. "We're sorry, Mr. Perrit, but you're now responsible for checking grammar and spelling of the background section of the report!"

Not quite right.

[rjh]

He did a fine job of answering questions which were, for the most part, irate, hostile and defensive. I'd like to applaud his reasoned response.

Something to keep in mind: just his willingness to field questions about his Carnivore review says something about his commitment to an open process. He could have just told Slashdot to go away; instead, he chose to answer questions and bear the thousands of flames by people who really didn't think things through. For that, Mr. Perrit has my thanks and my commendations.

Now, on to a dissection of your flame:

This is a dodge--he was asked to address why the secrescy [sic] about the functioning of the device, not its actual in-operation placement. Let "regular" people see the source--the system is effective by its placement not by its function.

First, he did answer the question. The answer to the secrecy question is that the US Government is using this software in sensitive investigations which pertain to the national security of the United States. It is possible that Carnivore has some extremely cool technology inside of it (I doubt it, but it's possible) that the US Government doesn't want to see in private hands, for fear that it will launch a new generation of information-warfare tools.

Please note that for about eight years I was constantly violating ITAR and export restrictions. I am extremely skeptical of national-security claims when applied to technology. Just because ITAR was a steaming load of excrement, though, doesn't automatically mean Carnivore is. It also doesn't mean it isn't.

What Mr. Perrit said was, essentially, "the Government feels it is a national security interest to keep the Carnivore source closed." Frankly, I disagree with the Government's position--but I don't disagree with Mr. Perrit. Why should I disagree with him? He wasn't the one who declared Carnivore a national-security issue; that was the Department of Justice.

Carnivore's closed-source status, as well as the not-quite-open status of the technical review, are both political decisions made by political animals. Don't flame Mr. Perrit for it; his job is only to conduct a technical review, not to make political decisions.

What you're doing here is shooting the messenger for the message he brings. Better to shoot the politicians who wrote the damn message. (US Secret Service, take note--this is a figure of speech, not an incitement to violence.)

Yes, we know that about sniffer ... Dont [sic] talk down to us, we probably know more than you do!

Statistically, I find that doubtful. The overwhelming majority of Slashdotters know very little about crypto, about network security, about the interaction of technology and politics. There are eight people here whose opinions I give a lot of weight to. You aren't one of them. :)

Mr. Perrit did not get to his current position by being an idiot. It is hardly seemly for someone to accuse him of being an intellectual inferior without first reading his academic papers, talking to his past students, or maybe (just maybe) waiting for the Carnivore review to come out and then dissecting it paragraph-by-paragraph.

[W]e probably know more than you do!

What do you base this probability on? Please, enlighten me. The "we" you're talking about is all of Slashdot--and I've got to tell you, most of Slashdot is composed of morons. Richard Feynman was reviewing school textbooks a few decades ago, and one of the most egregious ones had been approved by the sixty-five engineers of some corporation or another. "Ah," said Feynman, "so that's why it's so lousy. If only three or four had approved it, it might have been worthwhile--but of sixty-five engineers, you can be assured most of them are crap."

(I'm putting words in Feynman's mouth here, but that's the general gist. See Surely You're Joking, Mr. Feynman! for his account of the matter.)

After reading his evasive and non-responsive answers, its [sic] pretty obvious that Mr Perrit (or should I say "Mr Parrot") appears to be a shill, a disengenuous [sic] legal weasel, and is quite obviously comfortable at being kept firmly in the government's pocket.

Grow up and stop flaming. Real hackers argue on the merits of something, not devolve into ad-hominem attacks.

It's unbiased because we say it is!

[M-G]

Well, you can tell he's a lawyer by his content-free answers...

It is very unusual for a federal agency to acquiesce in a third party review of an important system. Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."

Justice has every incentive to cover up anything that may be damaging to their case. Given government abuses of the past, it's not out of the question that Justice has commissioned this review simply to create the impression that we have nothing to worry about from Carnivore. And the fact that the review team does not want to compromise their reputations, etc. is a pretty poor guarantee of a proper review. If they present a whitewash report (or Justice turns it into one), the truth will likely be hidden for many years, until long after the team members' careers are over.

I have been assured by senior officials at the Justice Department that a complete review, with honest conclusions freely expressed, is desired.

And senior government officials tend to get to their levels of power by officially saying one thing and then doing another.....

I didn't expect much more

[anticypher]

I'd like to thank Dean Perrit for taking the time and energy to answer slashdot's questions. He was purposefully vague, but the questions (due to the whole /. moderation system) didn't allow a fully fleshed out Q&A session. From his answers, slashdot will still remain divided, but he may have swayed people to one viewpoint or the other.

My original question had a background, which would have taken hours to think out, edit, and make concise and explicit. So my question was posted in haste, and didn't force the type of answer I was hoping for. Especially the "I am not willing to speculate as to what action I would take" bit.

Years ago I took an oath, to "support and defend the Constitution of the U.S. of A against all enemies foreign and domestic". Throughout my career I was questioned on a regular basis on the constitution, what actions were considered "defending", and which would be a violation of my oath. Some of these were taken from local problems which were never fully resolved, such as "If an FBI agent with local clearance for our SIGINT unit were to abuse the equipment to spy on his ex-wife, ex-girlfriend, and the local police investigating the stalking and harrassing charges, what would you do?" We had to state clearly what actions we would take to preserve our oath. Failing to swiftly and lawfully prevent others from violating the constitution was considered a violation of the oath, and a court martialable offense.

Those who have studied the US constitution, and the well documented actions of the FBI to ignore all of the limitations placed upon them, have to question whether advances such as carnivore will continue to violate the constitution. Certainly it is the major cause of concern with the critics of carnivore.

What happens when the FBI approaches an ISP with the demand to install carnivore for an indefinite length of time, and the ISP refuses? What if the ISP instead installs a publically reviewed wiretapping system such as altivore, and allows the FBI agents to access only certain information in return for a valid court order, to protect the fourth amendment? What if the engineers at the ISP were ex-military and took their oath seriously, as I still do, 20+ years after leaving active duty?

I've dealt with rogue FBI agents in the past, and the answer is that individuals inside the ISP would quickly find themselves with many small legal problems. IRS audits, anonymous tips to local police about pedophile activities, "ghost" warrants mysteriously inserted into the NCIC2k database, DEA alerts. When the FBI plays rough, citizens tend to get hurt.

Knowing that the FBI will play dirty to protect themselves, and their ability to ignore constitutional protections guaranteed to all citizens of the US, is what led to my question for Dean Perrit. He clearly knows the reputation of the FBI, knows they operate with impunity from prosecution for their crimes, and he declined to speculate on whether he has the integrity to stand up to the FBI. Given the possiblity he could quickly find himself an "ex-reviewer", his answer is about what I would expect. I also suspect Dean Perrit has never served his country in any manner requiring him to take an oath to defend the constitution, which is why the FBI has chosen him to be a reviewer. He may have no qualms about lying to the US population about the constitutional abuses carnivore will permit the FBI to inflict.

the AC

Re:One thing is clear...

[Hard_Code]

My little opinion on this:

Yes, there are a lot of people that are unreasonably paranoid about government. I think for a large part, a lot of what we see as "conspiratorial" behavior is just ignorance or stupidity, or truly accidental shredding of documents, whatever. Sometimes these people are annoying, but you can easily ignore or marginalize them (like those self-proclaimed "anarchists" at most of the protests happening - there point was...?).

*However* I think history has given us *plenty* of reason to be paranoid and _highly_ skeptical. Here is my rationalization: If we are *too* paranoid the *worst* that happens is we waste a lot of energy shouting about nothing and annoying people. If we are not paranoid *enough*, if we are too complacent, the price is far greater...we can get f*cked in so many ways we can't imagine.

Given that cost/benefit equation, I'll endure paranoid protesters. Hey, think of them as performing a service. They are harrassing government so that it is harder to step out of line. Is that fair? That's your call. Let's just wait until 2020, or 2040, when they release what "really" happened to JFK ;)

Re:Or it might just be...

[devphil]

Because it was easier to write than the Slightly Libertarian All-Government-Is-Evil If You Disagree With Anything We Say You Are Obviously A Tool Of {RIAA,Microsoft,BigMoney,Satan} Party Line.

Answer the frickin' questions.

[TheTomcat]

So in short, is this whole thing just a moot point? Who would Carnivore really catch?
---
Any electronic eavesdropping technique or system is subject to frustration by new technologies.

It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.


Uh, it would be nice if he would answer the question, I'd really like to know. It's pretty obvious that law enforcement and national security agencies will keep up on technology, but he didn't make ANY reference to the practicality of a system like carnivore.

Way to play safe...

Re:Here's one they forgot to ask...

[wolf-]

Would decryption violate the DMCA?
* kidding *

Re:Ummmm....yeah

[Performer+Guy]

You read it wrong, it says "balancing ..A.. against ..B..". item "..A.." was double barreled with an "and" which confused your English parser but it made sense to anyone with reasonable interpretive skills.

Confidentiality?

[Noryungi]

Perritt:

Carnivore is used in sensitive criminal and foreign intelligence investigations. The
need for confidentiality in such investigations long has been recognized by the
Congress and Supreme Court of the United States. It is not unreasonable for the
Justice Department to assure that the details of confidential criminal investigations
or of foreign intelligence methods and procedures will not disclosed to the public.

Isn't that "Security by obscurity"?

If it is, I am afraid it has been shown not to work... Script Kiddies are going to have a field day with this.

Just my US$ 0.02...

Crooks won't encrypt, Carnivore will work

[evan1l38]

I decided to go for the opposite approach...

I keep reading posts claiming that all crooks will use 128bit RSA encryption etc. However, if you actually read police reports and pay attention to who is getting arrested, I would say 99% of crooks have no idea what encryption is and no clue that email is logged and traceable. Yes, international terrorists and some smarter organizations will figure it out, but most criminals are not computer guys. Yes, they could easily be trained in all this stuff - but they have to know that it exists first. And Bob in his basement emailing plans for a heist or trying to pick up a minor is usually NOT thinking about that sort of thing.

Hell, how often do you read about computer companies that should know better getting caught this way? (ie, Microsoft.) Why the attitude that Microsoft isn't smart enough to encrypt, but Joe Criminal IS smart enough to encrypt?

Note that I'm not claiming that Carnivore is or is not a good idea here, just that it will actually have results if used.

Evan Reynolds evanthx@hotmail.com

Question #5 wasn't answered either

[LordNimon]

The question:

Who would Carnivore really catch?

The answer:

Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.

The question specifically asked who. The answer does not contain any specific names or categories of individuals or organizations. Even a statement like, "Carnivore will catch those individuals or organizations who are not equipped to thwart its capabilities" would be technically an answer, even though it wouldn't say anything.

I'm very dissappointed with Mr. Perritt. All he's done is further convince the technical community that Carnivore is a really bad idea.
--

Re:Perrit Interview

[ignorant_newbie]

and as a consumate bullshitter, i saw nothing to suggest the oppost either. basically, this was exactly what we should have expected, since he's not in a position to tell us anything at this point. the only reason they consented to the interview in the first place is that it would have looked worse to avoid it than to consent and then say nothing. this way they're hopeing we'll be satisfied and leave them alone.

Re:Ummmm....yeah

[benenglish]

There is no "balancing"--the Fourth Amendment says you cannot search/seize my property without a warrant PERIOD.

Wow. I've rarely encountered any statement so completely erroneous.

The Fourth does no such thing. It prohibits unreasonable searches and seizures. The police can legally do any search/seizure they damn well please as long as they can later convince a court that it was reasonable. In practice, a whole body of judicial rulings has sprung up over the last 100 years or so that essentially translates "get a warrant first and you won't have to worry (much) about having a search subsequently ruled unreasonable." But that certainly doesn't mean that warrants are required in every case.

I don't like the idea of Carnivore. I feel sure it will be used for nefarious purposes. I think it should be vigorously opposed at every opportunity. But ridiculous overstatement such as this one only undermine our position.

Tell us why Carnivore is unreasonable. Then you'll have a leg up on showing why it violates the Fourth. I'm sure we could serve the cause of liberty by coming up with hundreds of scenarios where it would be unreasonable. Unthinking condemnation of warrantless searches, though, serves no useful purpose.

Re:Your intentions are good...

[jejones]

If the government was really out to screw you, you'd be dead.

No, I'd be what I am now, namely a drone having a major portion of my income seized by the government so government officials can stay in power by trading the money so seized for votes.

Re:Your intentions are good...

[(nil)]

This man does not share the belief that most /.ers have, that being, the government in inherently evil and trying to screw us over.

Ok. Maybe you don't believe this. But I believe it. And many other people believe it.

I don't believe it. The government is not inherently evil. Capable of great evil, yes. But by itself, it just is. The government is made up of individuals, each of which is capable of making the wrong decision--as we have all seen many times. The reviewer does not, IMO, believe that the government will heed this review because of an enlightened sense of morality; he said that it was in the best interest of the government and of the reviewers to ensure a fair report. I happen to agree with that assessment. I also agree with the general sentiment that if there were a concerted effort towards a coverup, it may be hard to detect (given the level of secrecy around the issue)--and that's a shame. There is a need for secrecy, but the technologies here are pretty easily fathomed--it's not rocket science!

The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.

Ah.... I don't know. "Security" and "avoidance of embarassment" are very easily interchangeable.

There may be problems, and toes stepped on, but the fact remains that significant public outcry exists. It is not in the government's interest to look like the bad guy, and more importantly, it isn't in the reviewers' interest to not be impartial. (Cynical comments about impartial reviewers having good prospects for employment these days are obvious, here)

The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.

I'm not going to bash him, but I believe he's not suspicious enough. I might trust him as a person, but I'm still not going to trust his report.

Healthy suspicion doesn't have to look like paranoia. The government has a lot wrong with it, but even more is right. The fact that we can have this debate at all is evidence of the things we're doing right. Our government isn't supressing unpopular views! It's (in a fashion) welcoming them! It's far from perfect, but public opinion does get heard, and even acted upon. If the government was really out to screw you, you'd be dead. You're not, so we can happily argue about it. :)
-(())

what a load of crap.

[photozz]

5) Who would Carnivore Really Affect? by drenehtsral In the end a system like carnivore will only work for a while, and only against fairly unintelligent users because end-to-end strong encryption is no longer compuationally infeasable. Joe Schmoe with the middle of the road prebuilt gateway could easily handle the processor load of encrypting all his e-mail with 2048 bit RSA (which is now freely available, and even exportable). Not only that, but even with existing (and reasonably near-term) quantum computers, we are not even near enough qbits to start tackling these cyphers, since they can't be broken down when being fed to a quantum computer. So in short, is this whole thing just a moot point? Who would Carnivore really catch? Perritt: Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.

So far as I can see, he has not realy answerd anything.... my confedence in all this is still in the toilet.

The FBI has already lied about Carnivore

[ras_b]

what i don't understand is why it hasn't been a big deal that it has already been proven that Carnivore does more than the fbi said. according to this article at securityfocus, Carnivore not only sniffs email, but it can also reconstruct web pages a user views. isn't the whole point of the review to make sure that it doesn't do more than the fbi says (and doesn't violate our rights)?

i'm sure after the review even more lies will come out. even if that happens, is there anything we can do about it? so they lied about what it does, they will still try to prove that it's within the boundaries of the law.

Re:Or it might just be...

[Veteran]

Edward's law is correct: any technical person can solve the population crisis easily. Simply line everybody up and shoot every other person. Repeat until crisis is solved.

However, the opposite of Edward's law is also true: you can't supply a sociological solution to a technical problem. When you do you get something like the Challenger. "See there is no formal specification on how cold the o-rings can be, therefore it is safe for us to launch."

People - people rule the world - always have, always will. However People - people are for the most part evasive, dishonest, untrustworthy, weasels.

By his answers the person reviewing Carnivore is a People - person. He gives answers which appear to be straight forward and forthright. They are actually evasive and weasel worded. Of course most people are swayed by surface appearances - so his answers will be adequate for most people.

If he actually gave straight forward correct answers he would be a technical person, and he wouldn't be in a position to be answering the questions; he would be one of us asking them.

Re:Ummmm....yeah

[Veteran]

In order to say why Carnivore is unreasonable we would have to know what it does. By your argument since we don't know what it does we can't say that it is unreasonable, and thus we can have no 4th amendment argument against it.

Pretty clever, if the government wants to violate the 4th amendment all they have to do is keep the technique they use a secret and they are home free.

I think that a counter argument is "Any surveillance technique which is kept a secret is an unreasonable search technique - how can you reason against something when you don't know what it is?

Well that was rather... bland

[mr.ska]

Is it just me, or do those answers not really change anything? I think the proof will be "in the pudding", so to speak, when the actual report is published. Until then, it's all just words.

Question 11

[Ndog]

11. Mr. Perritt, what did you have for lunch today?

A cheeseburger and fries.

Post: He clearly didn't answer that question. What kind of cheese? Did he have mayonnaise or ketchup? I know he didn't eat without a drink. He's clearly avoiding the question.

Does it really matter what the answers are? The proof is in the pudding. The review should be judged by the methods with which it was conducted and the results. All these posts remind me of someone's wife (not my wife...really). "Well, I want to be mad, and since you haven't done anything wrong yet, I'll just get mad at you for something I think you're going to do in the near future."

Here's one they forgot to ask...

[config.sys]

What are you going to do when IPV6 and IPSec/ESP become standard in all networking stacks? When you can't read the decrypt the packet, never mind reading the header, how do you "filter" out only the right email headers???

Oh yeah, clipper... I guess that's the solution.

Re:Story submitted to slashdot ( more information)

I should also mention that this bill will allow them to bypass the normal court order, and the government would be allowed to search your records if you even had known somebody who might be under investigation. The bill also protects the party doing the investigation from any litigation resulting from their misuse of your information. What this means is that they can take your private information ( bank records, and so on), and give them to anybody without being prosecuted.

I submitted this story to slashdot, but I have yet to see anything, so I thought I'd post it here.

Scanning for whitewash .... found!

[Sloppy]

Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States.

The question posed to this guy was not about a specific investigation or case; it was about the general process used for investigating. There is a huge difference between law enforcement not wanting to go public about the details of an investigation, and them not wanting to talk about how this new investigation tool will be used.

It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

This falls under "foreign intelligence methods and procedures"? If that were true, then wouldn't they only need to tap into the backbones that connect USA to other countries, rather than tapping into domestic ISPs' LANs? If tapping into domestic networks is justified as an "intelligence method or procedure" that need not be disclosed to the public, then there is absolutely no limit as to what sorts of surveillence can be used against US Citizens. They could require that a microphone be surgically implanted in every US Citizen, and the application of this justification would be just as valid.

---

Re:I'm glad they know how to use a sniffer.

[twdorris]

I'd agree 100%. I had already developed a sense that this guy might not be qualified for the task at hand before I read his answer to that particular question. After I read his answer, I knew he wasn't qualified. Great, he can use a freakin' sniffer. So can I, so can my MOM with a couple minutes of teaching. That wasn't the question. I believe this guy is attacking this problem from a very simple angle...he's going to check that they have some basic filtering mechanisms in place at the protocal stack level and rubber stamp the system as safe. Yippee.

(OT) what about the NSA interview?

[fReNeTiK]

Some time ago, this slashdot interview was posted in which we were given the oportunity to ask some questionst to a guy from the NSA. It looks like the answers to the questions were never posted. What happened? Did I miss the followup?

Looking at his answers to my question...

[M-2]

Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy. It is appropriate for the public to be concerned about how this balance is struck.

In the past, the FBI and the other groups in the Federal Government have tried to shove the balance completely to their own side. This has given us a significant amount of distrust in their motives. From the CDAs to Operation Sundevil, they have shown a lack of comprehension of the issue they have to deal with, instead avoiding the hard questions for the easy ones. And more and more often, they've gotten slapped down, and I think that's starting to make them very very cranky. And they want something that'll move the balance the way they want, and that no one can take away from them. And they think Carnivore is it.

The Internet community appropriately has been concerned about technological developments that may affect the balance, including restrictions on encryption, development of new telecommunication systems that facilitate or hamper electronic eavesdropping and devices such as Carnivore.

The FBI has, in every case, tried to push to have back-doors put into encryption methods that they can access. Into IPsec. Let's not forget Clipper all those years ago. While I can understand there are potentially pressing reasons for these restrictions in the name of National Security, what's going to keep these people who would use encryption from snagging a half-dozen comp-sci majors from India and having them write a half-dozen different quick-and-dirty encrypts that you can use once or twice and then throw away. Even if it takes 24 hours to crack, some of these drug shipments will be done by then if they time it right and get it on the way. And they won't have the back-doors. Even if they use something like DES, they still need to figure the key for it... Which is something that hasn't been put forth. One-shot encryption is possible for the big criminal cartels, because they can afford to pay some people for it in order to make a profit in an illegal business.

In this respect, interest in Carnivore and a certain amount of controversy over it is healthy.

On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.

I'm going to go out on a limb here and think this means that he feels that our desire for a completely objective peer review by individuals who have no connection with the Federal administrative process is a bad thing. I'm not sure there's really anyone available who meets the criteria:

• Not having performed any work for the Federal government on a for-pay basis
• Having the technical expertise that the FBI would have see as the 'minimum' for their review.

Would Lawrence Lessig? He's testified in a number of trials, and the fact that he's been mostly against the Federal requests may be a big red mark. Can anyone think of someone who's got the technical chops AND managed to avoid either annoying the Feds OR working for them?
----

I'm glad they know how to use a sniffer.

[nonya]

He answers Question 8:

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

My reading of this is members of the team have used sniffers. What the question asked is if the team has any skills in implementing a sniffer. Does anyone know the answer?

Re:Story submitted to slashdot

[Stonehand]

It might be worth noting that...

A) This only applies to evidence relevant to finding the whereabouts of a fugitive from justice. A person only under investigation does not count. A person under arrest does not count. Evidence relevant to guilt does not count. Evidence requested must be relevant to finding a fugitive.

B) These are not secret -- in fact, they have to be reported (in number) to the House and Senate, at least for the next three years. In order to avoid disclosure to third parties, a Court must agree to one of various conditions, and "just because the AG says so" is not one of them. And judges DO get seriously, seriously angry at the Federal Government when they feel that the latter is abusing their court -- and the court can specify that nondisclosure is only temporary...

The court system is not being bypassed, folks.

But thanks for the alarmism. Without that, this just would not be Slashdot, no?

boxen

[sean@thingsihate.org]

"On October 5th we put out a call for questions about the FBI's Carnivore boxen that we could..." I can not tell you how much it makes me want to kill when people say "boxen."

What we already know is bad enough.

[Animats]

The review of the code isn't that big a deal. We already know that the system has sufficient features to snoop on anything on the network to which it is connected, and no interlocks to prevent it from doing so. From a public policy standpoint, that's bad enough.

The real problem is the features Carnivore doesn't have.

• "Online registration" Every time a Carnivore unit is connected to a net and activated, it should report into somewhere not under law enforcement control. It should report to the Clerk of the Court of Appeals for the Federal Circuit (so the judicial system can verify that there's a matching warrant), the Clerk of the House of Representatives (for the annual report of FBI wiretaps required by the Wiretap Act), and the Attorney General (who supervises the FBI). Audit trails on what was being requested to be monitored (not content, just what the requests by law enforcement were) would be sent in. That would discourage illegal wiretaps.
• ISP control Even under CALEA, law enforcement can't initiate their own wiretaps. The telco has to turn the data stream on, on a circuit by circuit basis. Carnivore is different, and much worse. It allows snooping entirely under law enforcement control.

  The FBI fought hard against that requirement in CALEA, and they lost. They also fought against the FCC requirement that the telco has the legal right to examine and question the legal basis of the warrant, and they lost on that one too. The Internet needs similar treatment.

Ummm...looking for an excuse?

[YU+Nicks+NE+Way]

Blockquoth the poster

"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy."

The second clause (in bold) doesn't appear to be written in English. What would it mean to threaten to invade the privacy of national security?

(Emphasis added by previous poster)

He's right, it isn't in English. That's because he parsed the sentence wrong. The correct (and syntactically and semantically valid) parse is

"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy."

In formal English, one "balances" a "against" b -- in this case, needs against threats -- and one does not "balance" a "and" b.

foreign intelligence investigations

[e_lehman]

Peritt had two sentences that I think explain why the Carnivore review is being conducted in such cloak-and-dagger style:

• Carnivore is used in sensitive criminal and foreign intelligence investigations.
• It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

These are the first overt admissions I've seen that Carnivore is not just a law-enforcement tool. I suspect that the foreign intelligence gathering aspect is what the DoJ, FBI, etc. don't want publicly revealed or even discussed.

For example, perhaps Carnivore does something special with packets that are headed overseas or to foreign embassies. I bet these can be legally tapped at will, much as the NSA is allowed to monitor international (but not domestic) phone calls. I'd guess that scraps of intelligence could frequently be gleaned in this way. Say a Moscow embassy functionary emails his girlfriend back in St. Petersburg and says a tad more than he should to make himself look cool and important. Perhaps Carnivore would gobble this down.

I'm not sure whether NSA conducts industrial espionage as, apparently, some western European intelligence services do. If so, emails from foreign business travelers back home would be a gold mine. This would defintely be hush-hush to a vastly higher degree than banal packet sniffing related to a criminal investigation.

(Of course, why they wouldn't just watch overseas pipes instead of local ISPs isn't clear to me... okay, NO ONE BRING THAT UP, all right? I like my theory.)

wrong answer?

[Spider-X]

"Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment. It is far from clear that such limited acquisition of network packets at lower levels of the OSI stack constitutes interception under the law. On the contrary, not all of them. On switched networks, which are pretty common, especially at ISP's, you only get what's destined for you, or the broadcast address. It may be a moot point, but I *hate* it when I see an error such as this in a published article.

Perrit Interview

[herwin]

As a security engineer, I saw nothing in Dr. Perrit's answers to suggest that the review will be anything but conscientious, professional, and independent. I'm willing to wait for the results before making my final judgment.

The Question:

[abe+ferlman]

10) Oversight of this interview by Col. Klink (retired) Are you free to answer questions posted here, or does the FBI review your answers first?

Perritt: Neither the FBI nor any other government agency reviewed my answers to these questions.

Non-responsive. Only the second half of the question was answered.

he is feeding bs here

[cronack]

Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment.

The previous statement is not true. (How does that sig go? All generalizations are false.)

First, many computer networks are now switched. A net card on a switched network segment does not "tap" all of the traffic traversing the segment. In fact, it does not even come in contact with it. The switch only sends data to a machine that is destined for that particular machine (done by mac address). This is, of course, with the exception of broadcast traffic.

Second, even if the net card is on a hub vs a switch, it still does not "tap" all the traffic on the segment. Any traffic that is not destined for that particular machine gets discarded. It only begins "tapping" all the traffic once it is put into promiscuous mode (sniffing mode).

Someone correct me if I am wrong, buy my understanding is that the Carnivore boxen will be inline on the ISP's network. In other words, all the ISP's traffic will pass through it. Seems to me he is playing down the sniffing functionality like it is something that every networked system does. This is simply not true.

IMO, someone who is supposed to be reviewing a sniffing system should not be spreading false information. Either he does not know what he is talking about, or he is spreading misinformation on purpose. Either way, I will not trust any information that he publishes about the system.

Hmmm

[arothstein]

I am not willing to speculate as to what action I would take if inappropriate control is exercised.

In other words, "I'm pretty sure I don't have the balls to make any waves."

Ummmm....yeah

[OlympicSponsor]

Didn't run it past the FBI--because it is content-free. Check this:

"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy."

The second clause (in bold) doesn't appear to be written in English. What would it mean to threaten to invade the privacy of national security?

The first clause is more frightening: We (the people) allow laws to be created that "can't possibly be enforced" and then his first clause comes into play: "effective enforcement of the criminal laws". First you define the criminals, then figure out how to catch them.

This is EXACTLY why we (in the US) have a Bill of Rights. It says that, no matter what "criminal laws" you think you have to enforce, you can't do X, Y and Z. There is no "balancing"--the Fourth Amendment says you cannot search/seize my property without a warrant PERIOD. Carnivore violates that amendment, therefore it is unconstitutional. Catch your "criminals" another way.
--
An abstained vote is a vote for Bush and Gore.

Story submitted to slashdot

I submitted a story to slashdot, which I don't think is going to go through. Here is the text of that post:

The government is going to be voting on a bill today that may give them the right to search records without a warrant, in secret. This bill has already passed the Senate! HELP!!!

The full story is at http://www.defendyourprivacy.com/

I have some other urls as well to go along with this:

http:/ /wo rldnetdaily.com/bluesky_poole_news/20001011_xnpol_ senate_bil.shtml
http://thomas.loc.gov/cgi-bi n/b dquery/z?d106:s.02516:
http://www.nationalreview.co m/k opel/kopel101000.shtml

Perrit's mind may already be made up.

[qnonsense]

From reading Perrit's answers, it looks like his mind is already made up. Dismissing serious concerns over the constitutionality of Carnivore as conspiracy theories, and the overall tone of his answers makes it pretty darn clear that he's going to say that Carnivore's just fine and perfectly legal.

And even if he comes to the opposite conclusion,
It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

That sounds to me like he's willing to be censored. This whole thing is a bit more than fishy if you ask me.

And yes, if you worked for the Feds at any time (even 24 years ago), much less the DoJ (Krent), then that sure as hell disqualifies one from undertaking an independent review. That's what impartiality means.

Oh well. Big Brother knows best I guess.

Re:Perrit's mind may already be made up.

[Xerithane]

I worked for the government at one point, I had a great time there. It was a good job, pay sucked but it was fun.
But am I an evil person? Hell no, I am more for freedom than you are -- you know why? You are trying to censor him - I'd be willing to bet you haven't lived 24 years, so how do you know how long of a time that is? It's a long time, and a lot can change. Even if he did work for the DoJ, NSA, CIA, FBI or whatever - he still is a person with his own beliefs, not of the government.

Very formal and cautious...

[stienman]

Very formal and cautious...

The FBI didn't need to review this interview, since they know that he is very careful with his wording. He answered every question by either determining not to answer, or by being very terse and formal. Oh well, it's better than nothing, and gives us a peek into how their minds operate. We'll end up with a report that is worded very carefully and scholarly. They won't leave anything out, but they aren't going to speculate or probe the possibilities. More of a technical specification than a discussion of Carnivore.

-Adam

But roses don't eat people... do they?

Or it might just be...

[devphil]

...that "Since I can't see into the future, I'm not going to guess how I might react to any of an infinite number of possibilities, especially in a public forum famous for roasting alive anybody who doesn't swear by the Linux Party Line."

Don't you think that what action he takes might, just might depend on exactly what kind of "inappropriate control" is exercised?

Seemed a fair answer to me. What were you expecting? "I shall immediately flood the DoJ with complaints even though I haven't read the edited report!"??

All network cards tap?

[lpontiac]

Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment.

You could say that.. but you could also say that the Wire itself taps all the traffic, and so does the T-connector...

The entire *point* of having that layer model is that a clear hierachy is specified as to what has access where, and the NIC is an integral part of the network layer itself. By default a network card doesn't generate an interrupt for packets that aren't addressed to itself, and I'm fairly sure that if I placed a card onto someone else's network and set it to promiscuous mode against their wishes I'd be violating a law or two.

I concede there are a few ambiguities... one of the reason that strong encryption by default is a good idea, so only the source and recipient can read that data? (Every web session over SSL, every shell over SSH etc...) Ooops, the government doesn't like widespread crypto either.

Re:All network cards tap?

[TheCarp]

> (Every web session over SSL, every shell over
> SSH etc...)

I have to agree.

One of the battle cry's we have used at work is
"Plaintext Passwords must die" (they wont die soon but we are working on it).

I am in favor of doing it up right. Phase out http in favor of https. I know my webserver will soon have a rewrite rule to redirect all http traffic to https.

I like the analogy used in the PGP manual the best. Would you send all your personal mail on psotcards? If everyone did, then sending something in an envelope would look weird - suspicous even.

So encrypt it all. Everything. ALL traffic in and out of everywhere. What is really needed is a free public CA, who can sign ssl certs for people. Or, better yet, come up with a "web of trust" system and build support for it into the web browsers...then into everything else.

Crypto needs to be made painless to use. Simple and default.

-Steve

Your intentions are good...

[spam-o-tron+mk1]

... but your conclusions are dead wrong.

This man does not share the belief that most /.ers have, that being, the government in inherently evil and trying to screw us over.

Ok. Maybe you don't believe this. But I believe it. And many other people believe it.

For instance, the people who wrote the US Constitution believed it. That's why they set up three branches of government specially designed to frustrate and impede each other. The US government is set up to do as little as possible. And for very good reasons: bureaucracies (and governments) expand to fill all available space. Go down to the DMV some afternoon and see for yourself.

It would be easy to say that he's just a governmen patsy, but that wouldn't be true.

Correct. He's not doing anything he knows to be wrong.

The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.

Ah.... I don't know. "Security" and "avoidance of embarassment" are very easily interchangeable.

The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.

I'm not going to bash him, but I believe he's not suspicious enough. I might trust him as a person, but I'm still not going to trust his report.

Bruce

Damn moderators

[roystgnr]

The most important question I saw only got moderated to a 4, in favor of repetitious "Can we really trust you? Really, really?" BS.

To paraphrase, the question was something like "How do you know the software you are reviewing will be the (only) software installed on the FBI's black boxes?"

Perritt did admit in question 9 that Carnivore would need to physically tap all traffic on a subnet, then apply software to reject packets not related to a particular investigation.

So how does he know that the software actually going into use will be the same as the software he is being asked to review? Since the FBI will need encrypted remote access to operate the Carnivore boxes, what is to stop them from uploading whatever software they want, without any judicial review or ISP knowledge, after the fact?

Of course, the answers have to be "he doesn't know", and "nothing", but I would have liked to hear it from Perritt himself.

Let's not forget the second most important question, which only got moderated to a 3:

In Marshall v. Barlow's, US Supreme Court 1978, the court found that businesses are subject to the same Fourth Amendment protection as individuals are, in regard to Administrative agencies. How will the FBI install these boxes in ISPs when there is no ongoing investigation, and no warrant?

Really, what happens when an ISP says, "No, we aren't going to violate our customers' privacy." Do they get hit with a "sure, we're investigating someone, and it's going to take an awful long time so we'll have to leave this box here indefinitely" warrant? Do they get pressured into accepting Carnivore installations in spite of the 4th amendment?

FBI reads for first time?

[The+Dev]

Then read Dean Perrit's answers, which were not written or checked by the FBI or DoJ, whose agents can read them here for the first time just like anyone else, assuming they have nothing better to do than read Slashdot.

Unless of course he sent it in an email.

Not exactly encouraging answers

[EQ]

He was almost Clintonesque in his responses. Answered without supplying anything truly substantial.

For example

Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States. It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

This is a dodge - he was asked to address why the secrescy about the functioning of the device, not its actual in-operation placement. Let "regular" people see the source - the system is effective by its placement not by its function.

q:will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data?

And the answer?

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

Yes, we know that about sniffer - anyone here that has run Network General product to diagonose packet problems is aware that they are used routinely.

• Dont talk down to us, we probably know more than you do!

Are your team members going to ensure that it captures only the authorized intercepts and not infringing on the innocent? We are still waiting for a clear and definite answer on that one

After reading his evasive and non-responsive answers, its pretty obvious that Mr Perrit (or should I say " Mr Parrot ") appears to be a shill, a disengenuous legal weasel, and is quite obviously comfortable at being kept firmly in the government's pocket.

My Carnivore review...

[MustardMan]

For this review, I have chosen to compare the merits of two well known carnivores:
1. The Tyranosaurus Rex, Common name T-Rex.
2. The Eatius Roadrunnerus, Common name Wile E. Coyote.

For the purpose of this review, I will be dealing with five categories: Attack method, Persistance, Cyclic Preference (Day or night?), Natural tools, and Success rate.

I.) Attack method.
First we will examine the Tyranosaurus Rex, here forward referred to as T-Rex. The Tyranosaurus has two main attack methods. The first and primary method is its enormous, powerful jaws. This attack allows a very quick kill of the quarry and is effective in preparing the meal for easy digestion. The second attack method of the T-Rex is its long tail, which can be used to knock over or stun the quarry at range. This attack has one major disadvantage, namely that it puts the T-Rex off balance, leaving it vulnerable.

The Coyote, on the other hand, has many attacks, but tends to focus on two: The Trap, and the Pursuit. In both cases, the attack is augmented by techological means, showing the cognitive abilities of the Coyote, also known as its "Suuuper Geeeenius."

II.) Persistance
In this case, the coyote is a clear winner. The coyote has been known to stalk the same prey for well over twenty years, showing that it is a very vicious and persistant hunter.

The T-Rex, on the other hand, shows limited persistance, generally giving up on any given quarry within ten to fifteen minutes, and not possibly re-attempting the attack more than an hour and fifteen minutes or so later.

III.) Cycle
Here, again, the Coyote is a clear winner. It has been known to stay up all night preparing for the next day's hunt. The T-rex, on the other hand, basically only attacks something near it, and has only been known to hunt during the day, unless it's raining.

IV.) Natural Tools.
In this case, the coyote is a sore loser at best. Its only natural tool is its mind, which, having no physical presence, does not really satisfy this category. The T-Rex, on the other hand, has many natural tools, including its attacks (see I. above), and its large, well formed muscles and skeletal structure, designed for the pursuit.

V.) Success rate
This, being the deciding factor between the two, determines who is the superior carnivore. So far, the contestants are fairly evenly matched, with the T-Rex excelling at attack methods and natural tools, while the Coyote is both persistant and follows a more effective day/night cycle. This makes the final category, the Success Rate, the tie breaker. In this category, the T-Rex clearly excels. It is able to make regular meals of many varieties of woodland creature, ranging from goats to Pondus Scumus, the modern Lawyer. The Cotote, however, has not once been seen to successfully capture and consume its prey. More often than not, it severely injures itself in the course of its hunt.

Therefore, the clear winner is: The Coyote, because it is much more entertaining.

Thank you and good night.

The Questions....

[TheReverand]

Question 1. Will you lie?

Question 2. You will Lie. Right?

Question 3. You have no integrity...right?

Question 4. You are a government shill...right?

Question 5. Why should I believe you...You are a liar...right?

Question 6. How will Natalie Portman be affected by carnivore?

*ahem* half those questions were absolutely redundant. If I was that guy I would have refused to answer attacks on his integrity after the third or fourth time.

rev

One thing is clear...

[InfinityWpi]

This man does not share the belief that most /.ers have, that being, the government in inherently evil and trying to screw us over.

I, for one, have to applaud him for answering these questions without resorting to calling us the paranoid delusionals we really are.

It would be easy to say that he's just a governmen patsy, but that wouldn't be true. The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.

The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.

Question #8

[gscott]

Interesting to me that the question by Mr. Graham, a well known and respected technical expert, was answered in a two sentence response as follows: "A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools." This looks like a deliberate attempt to avoid answering the question in any way, shape, or form. Who has experience? What type? How much? I am FAMILIAR with Linux, and have installed it one time, but I am sure not an expert who is qualified to make any sort of judgement on any Linux device. Similarly, how do we know whether these people are truly qualified in the manner that Mr. Graham asks? And network management is a LOT different than performing a critical review of something like Carnivore. I will be totally honest, I cannot even begin to understand the second paragraph of Mr. Graham's question. Why does Mr. Perritt neglect to even attempt to respond to any part of that, or if he is not qualified, even mention forwarding it to someone who is qualified to respond as to whether or not it is relevant? Seems like this is a very deliberate avoidance of the truth. Let the whitewash begin!