Slashdot Mirror
Carnivore Demo Report
michael : People are really interested in the "inner workings" of Carnivore, as shown by the many submissions. I never thought it was anything special - from the start, when I first knew that the FBI had an Internet interception box, I just assumed that it would neatly sort and deliver all Internet traffic of a particular target. I can spec out how I would design such a box; and the FBI isn't stupid; so I assume they would do it in a similar fashion. I think there's still a lot of disbelief out there, though - "You mean the FBI can really track both Web access AND email? And IRC? And Usenet? ...." People just don't believe it, because they're used to thinking of Internet traffic in different terms than phone or whatever.
The only important design aspects of the carnivore box are things like "Can the FBI set it to snoop on traffic it isn't supposed to? Can I dial into the box and snoop on my neighbors?" and other questions like that, which we'll *never* find out from any powerpoint presentation.
So get used to it, people. Assume that Carnivore neatly captures, sorts, and delivers all traffic that passes through it, and that the FBI can just type in your name and plug it in. Assume that there's a user-friendly, point-and-click interface. Assume that it will pretty-print reports, ready for filing with the court if/when you are prosecuted. Assume that there's essentially no oversight of the FBI's use of this device - after all, judges exercise almost no oversight over wiretaps, there's no reason to believe that Internet-tapping will be overseen any more diligently. The FBI and police approach wiretapping requests in the same way that conniving children approach their parents - it only takes one judge to approve a request, and the FBI can approach as many different ones as needed until they find the one that just doesn't care and rubber-stamps everything.
Get used to it. Want more data about how Carnivore works? Push for the source code to be opened. Nothing else will provide any more information about the system. You can't tell how secure it is (against the FBI, or against anyone else) from a presentation.
As for me, I'm steadily moving toward encrypting as much of my traffic as possible. I set up ssh for my home network recently. I'm setting up SSL. I'm reading up on IPSEC. I guess I just don't have a very trusting nature. The way I figure it, the time to set up countermeasures is before you expect to need them.
Next, active countermeasures must be made available. I suggest a volunteer network of servers that will verify a given carnivore box IP address and then bomb it with all sorts of bogus traffic. The countermeasures network must be distributed and anonymous because surely they will be open to charges of interfering with justice.
Lastly, the induhviduals responsible for this travesty upon freedom must be identified and targeted with hacker-run packet sniffers, yes, you heard right, vigilantes sniffing the FBI's packets to turn the spotlight back on them.
Have mercy.
How is a Carnivore box much different then a well written port sniffer. With the latter you can set it to only get traffic to and from a certian IP or you can have it get (and record) all traffic.
Also the FBI still needs to be on the same physical route of the traffic. They can't plug the box in at their office and spy on traffic that is to and from computers on an internal network as the packets sent are never on the wire they have tapped.
Networks are monitored all the time, why should the FBI be any different. It's no different then tapping a phone. The real difference is that the internet has fostered an idea on anoninimity that dosen't exist and the false sense of security that many have is getting crushed. This is GOOD thing. The more people aware that there is no such thing as internet privacy the more people will keep an eye on goverment orginizations to make sure they don't abuse the power they have.
Anyway... If i installed a port sniffer on my laptop, I would basically have all the functionality of the carnivore box. The threat is not in the box it's in the way it is used.
They will have to pry my gun from my cold dead hands. -?
Michael states: "it only takes one judge to approve a request, and the FBI can approach as many different ones as needed until they find the one that just doesn't care and rubber-stamps everything."
I am not a cop, but I work with them. Our drug enforcement guys, and I'm sure our organized crime guys, have to go before a judge EVERY WEEK and show that the tap is productive, otherwise it gets yanked.
I don't think it's quite the rubber-stamp that Michael believes it to be.
And yes, judges will vary and some might be more of the blind-eye variety.
Is nothing sacred? I expect my usenet posts to be seen by nobody. From now on I'm going to encrypt everything I post.
To protect against unauthorized snooping, you can use Freedom from Zero-Knowledge Systems. It offers 4096 bit encryption of web browsing, pseudonymous email, cooie management, ad blocing and more.
The thing that worries me is that now so much evidence used in court is made up of electronic records, which can be forged. In the bad old days you had tape recordings of conversations, which (unless you hired Rich Little) couldn't easily be faked. But with evidence like carnivore data being used in court, what is there to stop *anyone* from putting in a couple of access to www.kiddieporn.com or email to obinladin@bombmasters.com?
Same for hard drives. I know someone who had to send dumps of his hard drives in for some stupid lawsuit. What can stop someone from patching up those dumps to look as if there is a deleted version of a "smoking gun" letter that shows guilt?
I guess on the flip side you can always say "they faked this" as a defense. Does this provide reasonable doubt?
I guess it is time to start signing e-mail.
-- ac (sorry)
And don't forget, the establishment in power at the time would have thought that the 'rag-tag hooligans' were just a bunch of noisy reactionaries that should be supressed.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
The FBI has a packet sniffer. Be afraid. Be VERY afraid.
Correction: a packet sniffer *and* the authority to place said packet sniffer somewhere central in every US ISP's network.
Criminals needn't worry about this, you're right: they can encrypt. It's the rest of us who are doing nothing wrong but want a little privacy nonetheless, who are going to have to put extra effort into encrypting and/or anonymysing our net activities.
--
Two excellent points!!!!
1) The NSA is not chartered for domestic surveillance
Absolutely correct. There is more in the ways of intelligence oversight than the overly paranoid will ever understand.
2) What makes you think your ISP isn't doing this already? And for whose purposes?
They are. And for non-good-for-the-customer purposes. One guy in the area that I know (same area of the country as Ricdude...) works for one of the largest network transport companies in the world. I'm not talking AOL, I'm not talking Earthlink. We're talking business solution provider-level bandwidth - the people who sell your ISP THEIR network pipes. A direct quote: "Yeah, we mine our data." He also added something to the extent of (not direct quote) "as long as the customers don't know, and the competitors don't find out, it's fine."
Needless to say, there is ONE particular company that I will NEVER buy anything from, and NEVER anything from one of their customers.
BTW - people should really be less worried about the US government snooping than some other countries whose governments have a far greater portion of their national assets behind corporate espionage (yep - other countries' governments help snoop on US corporations for the good of that other country's domestic corporations). They have FAR less oversight, too... You want corruption? Check out some of the former Eastern Bloc countries.
They don't do this lightly, and don't like to do it, because the turnaround time is lousy, stuff sent sometimes doesn't return, and it's a bureaucratic pain in the ass. It's not in the NSA's charter to conduct domestic surveillance (and I'm inclined to believe that they don't for the most part - the FBI has always been , but you're mistaken if you think they don't cooperate in other capacities with law enforcement.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
They don't do this lightly, and don't like to do it, because the turnaround time is lousy, stuff sent sometimes doesn't return, and it's a bureaucratic pain in the ass. Essentially, it's only done when other leads are exhausted or stalled. It's not in the NSA's charter to conduct domestic surveillance (and I'm inclined to believe that they don't for the most part - that's the FBI's domain), but you're mistaken if you think they don't cooperate in other capacities with law enforcement.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
As I said in a previous comment, the quotes are taken out of context. What he actually meant was that they relied on the ISP for physical security of the box, which makes sense. They don't leave an FBI agent there to guard it.
This is reasonable because the ISP shouldn't want anyone else accessing their traffic, and if you're worried about the ISP changing the filter settings, they can already access all of your information anyhow. He's just saying that the box is left at the NOC, and is subject to the same kind of security as the NOC itself.
For this reason kiddie porn is illegal, but drugs are not.
I meant to write, "Under this concept, kiddie porn would still be illegal, but drugs would not be."
I don't make the rules. I just make fun of them.
You are absolutely correct. Let's take it a step further.
Government taxes cigarettes to discourage smoking. In other words, if you don't live the government-approved lifestyle, then you have to pay extra money. This is similar to Muslims taking over countries and telling its citizenry, "If you don't convert to Islam, then you must pay a tax."
Some big-government types have reccommended that we enact a tax on twinkies and other "high-fat" foods.
Remember, government knows best (and sends its Japanese citizens to concentration camps).
I don't make the rules. I just make fun of them.
If you aren't doing anything illegal, you have nothing to worry about.
Lots of people seem to feel this way. These seem people also seem to be the same people who think that government should be the arbiters of morality and that laws exist to make sure that people are doing the right thing.
"I'm not downloading kiddie porn, so everything is okay. The government can set up a vidscreen in my living room and I don't mind at all. Since I'm not doing anything wrong, what do I have to fear?"
The problem with this is that the lawmakers are no more or less moral than any in the citizenry. Furthermore, it fails to take into account the psychological fact that every person finds his or her own morality. What gives the government the right to dictate morality on the citizenry? Do you really want people like Bill Clinton and Ted Kennedy dictating morality to you? And what makes their morality any better than anyone else's?
This is why I think the only things which should be illegal are things which deprives other people of life, liberty, or property. For this reason kiddie porn is illegal, but drugs are not. Key words in my belief are "other people" -- every person should be completely free to destroy his or her self if they so desire as long as it's only his or her self that is destroyed by their actions.
This is why we need privacy. The government is simply not equipped to decide what we should or should not be doing. Nor can they adequately "monitor" anyone to ensure that they are living the "government-approved lifestyle." And it cannot be shown that the "government-approved lifestyle" is any better than any other lifestyle. The best that government can do is to make laws forbidding the deprivation of another's life, liberty, or property and then enforce those laws. If we allow government to do otherwise, then we are at the whims other other people who are neither more moral nor better equipped to govern than we are -- and they have the right to use deadly force to enact their goals.
There is a solution.
I don't make the rules. I just make fun of them.
Sorry, the police need a reason better than a routine traffic violation to search your car. That's already been through the courts. The cops lost. Probable cause is a really useful thing.
Now, if you consent to the search, that's your problem. You *could* have told them to come back with a warrant instead. One of my college teachers is a lawyer, and delights in making the beach cops get a warrant to search his cooler for alcolholic beverages.
Does planting of evidence never happen? There are cases where it does, sure. Is this really going to change any of that? Probably not. Are the consequences going to be any worse than they are now? Probably not.
Personally, I prefer that law enforcement be the ones doing this, rather than private industry. At least there are limits to what the law is allowed to do...
How's my programming? Call 1-800-DEV-NULL
The NSA is not chartered for domestic surveillance. End of story. If they capture any transmission or conversation with a bona fide U.S. citizen, the identity of the individual on the logs reads "U.S. Citizen". They don't outsource decryption capabilities to other agencies. They don't have the time. They're too busy looking for terrorists. Forget that Enemy of the State crap. Pure fiction. Hysterical. I live close enough to Ft. Meade to know what a joke that movie was.
Don't forget that whole probable cause thing, either. That *still* limits what they are allowed to collection. If they don't have reason to suspect you're a child pornographer, they have no legal means to collect random data from your machine, hoping to find some reference to illegal activities.
Not to mention it's a lot easier to hit a known target than to sift through all the crap that flows through my machine. A day of legwork and research could easily produce more useful results than sifting through otherwise random network traffic.
So we know the FBI wants to tcpdump at your ISP. What makes you think your ISP isn't doing this already? And for whose purposes?
M-x spook
How's my programming? Call 1-800-DEV-NULL
Get a grip slashbots! YOU ARE CHANGING NOTHING HERE!
--
You fools! You buy into anything that goes along with your narrow worldview, and scream and shake like babies if anything threatens to upset it!
WAKE UP SLASH BOTS!
YOU ARE CHANGING NOTHING!
--
Unfortunately, this is not the case. They can search anything in 'plain sight' or more importantly, within reach of the driver or any passenger. This includes closed (and locked) glove boxes, consoles, etc. They can do this in pretty much any circumstances that result from being pulled over for any traffic violation. In many places this is called Driving While Black (Hispanic). The idea is that they are looking for weapons within your reach, but certainly if they find any other contraband in the course of this search, you will be busted for that too.
and as far as not consenting to a search, that's fine. Go ahead tell the officer you don't consent. Maybe whine a little bit about your constitution freedoms. That really makes them happy and friendly. They are not going to 'come back with a warrant', they are going to hold your ass on the side of the road while they radio in for the K-9 unit to come out and sniff around your car -- they don't need a warrant for that. Hours later, when the K-9 arrives, assuming you haven't caved in by now to a search, you're still sitting by the side of a road with a suspicious cop who thinks you have something to hide by throwing the Constitution in his face. And if that dog so much as squeeks or piddles while sniffing around your car, that's all the 'warrant' they need to literally tear your vehicle apart bit by bit to search for the dreaded drugs (weapons, illegal aliens, etc). They will not put everything back into place and apologize when they don't find anything. Four hours later they will just be more pissed off, and leave you on the side of the road with your car torn to literally to shreds. That is, if they don't go ahead and plant a few cannabis seeds in the floor of your car. After all, you wouldn't consent to a search, so you probably are guilty of something.
Besides, let's say they did find something, and by a very long shot (and expensive lawyer) you manage to get the case dismissed on the grounds of illegal search. That's ok from the police's point of view, because they don't need to convict you of anything to seize your car under civil forfiture laws. Even if you were not convicted, you will never see your vehicle (home, etc) again if the police decide they want it. They will sell it and use the proceeds to fund another drug checkpoint on the highway.
Perhaps you think this is just a bunch of libertarian nonsense whining that has no basis in reality. Obviously you are not a minority, and have not seen too many real traffic stops (either in real life or on a 'realitly' show like Cops.) Yes, most people who get busted consented to the search. But you can bet your sweet ass that if you don't consent, the officer will more often than not find a reason to do a destructive search.
---
After all these years of doing everything in their power to stop encryption via export regs and Clipper & friends, the US government is *finally* doing something to encourage the use of encryption. Good on them!
-- Don't Tase me, bro!
Simple, there is a difference between public and private. We are private citizens. The FBI is a public entity, using our money to build a device to spy on us. I see nothing wrong with their benefactors requesting to know what they are doing and keep them honest. Remember this is a government that locked up Japanese during WW2, prosecuted anyone who uttered the word "communism" and shoots people's family's because they are "isolationist survivalist" wackos. Are we to assume that they will NOT abuse their power for the first time ever? :) and the rest of the country won't know or care. Then we just have to trust them to not abuse their power. Unfortunatly history is not un the side of that blind trust.
As I said, we aren't comparing the right to privacy of two equal groups. The FBI SHOULD be subject to public scrutany, however few people in this country care about Carnavore so I imagine it will be quietly installed (with the vocal whinings of some insignificant geeks
Finkployd
As long as they aren't breaking laws, yes. That is how this country works.
Finkployd
They may not be breaking a law that was written over 250 years ago, but they are breaking their social contract by being iresponsible and continuing the myth that you are "free" as long as you can own a lethal firearm.
By owning an AK-47 (which is used illegaly about 0.000001% of the time) they are breaking no social contract. Are you saying nobody can start a Militia and orginize? What other groups are wrong to be part of. Communist party? radical enviormentalists? We have freedom of speach and assembly in this country as long as you are not breaking any laws.
Heres another point: If the 2nd Amendment is so great, and every in the US is so pissed off with their current corrupt system of Government, why hasn't an armed uprising occured yet? Could it be that the average American gun owner is too stupid, ill informed and complacent to actually use the 2nd Amendment in the way it was intended?
Face it, the 2nd Amendment is an outdated law that should no longer apply.
That is an excellent point. However, I could make the same point about the first amendment, since it was also enacted to allow people to organize and speak up about a corrupt government. In fact the purpose of the two go hand in hand, so if the second has failed for this reason, so has the first.
But, you say, the need for the first amendment has changed over the years. Now we used it to voice unpopular opinions about greedy corporations, to distribute source code in a way that pisses off Sony, to protect journalists and their sources. Well the need for the second amendment has also changed over the years. I'm not saying that someday in the future an armed resistance by the public will not be necessary (it may, who knows?) but there are other compelling reasons for it. First, any law professor will tell you that it has been well established that the government (read: police) has no legal obgligation to protect you. The average response time for a 911 call is 45 minutes, and the average life sentance for a convicted criminal is sever years. I would consider it irresponsible of me to ignore the issue of my and my family's safety and not take steps to ensure it. Ultimatly, the most effective way for a woman to survive a violent encounter with a man is to resist with a firearm, coming in distant second is to submit to the man and hope he doesn't kill you, and coming way last is to resist with something inneffective, like peper spray or a knife (source: FBI stats). The fact remains that bad people out there have guns and so far gun laws haven't done anything to prevent this. The only person affected by gun laws is the law abiding gun owner.
Last, complete social breakdown DOES happen. During the LA riots many of the stores and homes in the area were ransacked and people were beaten (ironically in response to a beating). However, ALL of the stores and homes that had an owner with a gun protecting them were left alone, as were the occupants inside. Now if the store owner told you before the riot that he bought the gun in case a riot breaks out and he has to fight for his life and property while the city burned, you would probably have called him an right wing alarmist wacko, but it happend. This is still not a perfect world and while there is a chance that my life and my family's life could be placed in danger by a nut with a gun, I'm going to ensure that I have the means to protect myself. If you disagree with me, that is your right. However, you benefit from the fact that guns ARE prevelant in other people's homes. Don't believe me? Put up a big sign in your yard that says "this home is gun free" and make an example for others to follow. Insane? Dangerous? Then you benefit from the possibility that you COULD own and gun, and just might be able to put up armed resistance against an intruder.
Finkployd
Suprisingly I agree with you. However, we run into a realism vs idealism problem. Idealy, guns wouldn't exist. however they do. The question is how to get rid of them. Disarm the law abiding citizens and hope the criminals give up their guns? Even if you eradicate all the guns on earth, it is not difficult for me to make one from scratch, and I'm am only 22 with a little machining background and some basic understanding of firearm theory, imagine what a skilled machinist could do. More importantly, imagine what a criminal would pay to have a "bootleg" gun build for them to take advantage of a completly unarmed population. Hell, this is ignoring the fact that somewhere in the world guns will be produced and we will have just as much success prevent guns being smuggled as we have with drugs.
In and ideal world, I should be able to leave my doors unlocked, walk in a NYC park at night, and not ever worry about being attacked by a group of thugs (armed with guns or not). Unfortunatly, this is not the ideal world, and preteding it is and living this way to set an example will only get me in trouble. I choose to be responsible about my safety and my family's and make sure I equiped to effectivly protect myself and them. Am I wrong to do so?
Finkployd
It's an interesting point of view, but a simple journey into the writings and speaches of the framers of the constitution shows that your interpretation is indeed incorrect. They clearly state that it was intended to bestow the right to the entire population. I direct you to the writings of Madison and Jefferson specifically, who have much to say on this. Of note is that many considered the right of the population to bear arms more important than speech and debated took place to decide if it should be first. The amendment took many forms as it was writen and re-writen, and ended up the only amendment with a justification. If you don't want to look up the intended meaning of militia, here are some explinations:
... The militia is composed of free citizens.
Samuel Adams:
"It is always dangerous to the liberties of the people to have an army stationed among them, over which they have no control
Patrick Henry:
"The great object is, that every man be armed....Every one who is able may have a gun."
"Are we at last brought to such a humiliating and debasing degradation, that we cannot be trusted with arms for our own defense? Where is the difference between having our arms in our own possession and under our own direction, and having them under the management of Congress? If our defense be the real object of having those arms, in whose hands can they be trusted with more propriety, or equal safety to us, as in our own hands?"
Thomas Jefferson:
"No free man shall ever be debarred the use of arms."
George Mason:
"I ask, Who are the militia? They consist now of the whole people, except a few public officers...To disarm the people is the best and most effectual way to enslave them."
I also would submit to you that your interpretation implies that of all the amendments that make up the bill of rights, the second is the only one that does not apply to the people, only the government. In fact, the term "the people" is also used in the first and fourth amentments to grant rights. Does the phrase "the people" take on a different meaning and refer to a different group when applied in these amendments?
Finkployd
This is "coping with the loss of the first amendment". It's good advice, but it concedes the battle. Maybe it already is lost, but perhaps something can be preserved.
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
Legal: Well, partially this depends on what country you're in, and partly it depends on what you mean.
I live in the US. This is clearly unconstitutional. Unfortunately, it is also clear from recent cases that it is unlikely to be successfully challenged. What do you mean legal? What the laws say, or what the courts will uphold?
Carnivore and Echelon are the major reasons that I can't vote for Gore, even when the most likely alternative is Bush.
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
Part of the problem is a denser, more mobile, population. That really does create problems that seem to require more government power to solve. Unfortunately, if the government is given that extra power, it expends it in a way that is favorable to those who control the power, not necessarily to the more average citizen, and even more not to the citizens who fall within two standard deviations of average (along whatever axis you are measuring).
This isn't an always-true, but is almost one.
The net doesn't really require these snoops. They justify themselves by whatever they used to justify their current accrual of excess power. If they didn't have the excess power, then they wouldn't be able to scheme to have more. They'd just try to get their jobs done. Examples: Teachers, Fire Fighters.
Note that I'm not claiming that teachers and fire fighters are inherently more virtuous, though it may well be that the only people attracted to those jobs are those with a pre-existing attraction to public service. I'm focusing on a different aspect.
My suspicion is that if the teaching profession suddenly acquired more power than it required to get its job done, then teachers would start scheming to get more power. This seems to be an aspect of being human. So you need to take it into account when you design the systems.
And that's why Echelon and Carnivore are inherently bad. Even when decent folk are in charge of them, they will exert their influence to strengthen the reach and scope. If they didn't value the job, then decent folk wouldn't want to do it. If they aren't decent, then they will be reaching to strengthen their own power. I don't see any social win here. Just get rid of them immediately!
P.S.: If you think that revolution is any kind of desireable solution, I suggest that you take a vacation in Bosnia, and ask the locals what they think of it. Russia really lucked out, and their final Communist government deserves all the praise it hasn't gotten. That was one of the easiest transitions on record!
P.P.S.: The immediate eruption of Bosnia shows a part of the reason for their militaristic oppression. As foreigners, they had no hope of getting support from the locals, all they could do was support one side or the other, and try to keep a limit on the violence. And, of course, when the military got too strong, it started using the excess power to strengthen itself. There is no simple answer. Anarchy is unstable -- not even an unstable equilibrium, it immediately starts to fall apart into groups that compete. Democracy works well for groups of a certain size, and certain minimum average wealth, but it also has tendencies towards instability. The balence of power between the branches of government was an important concept, but wasn't specified sufficiently, so that nobody really knows who is responsible for what. E.g., the constitution implies, but doesn't really state, that the congress can impeach and remove the president just because it happens to feel like it. But everyone pretends it's because the president has done something really bad. Nonsense. If the president did something really bad, he could pardon himself. The president is supposed to be the center of the enforcement of the laws. More system design is needed here. But it's not going to happen. (Think of how it even could!)
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
It was reported that the already released documents already prove that it will do much more than they were claiming. Unfortunately, so much was blacked out, that what "much more" means has to be left pretty vague. Maybe it is just a packet sniffer. And maybe not. One of the problems with secrecy-philes is that it becomes difficult to know when they are scheming in a way that will impact you negatively, and when they are just being their usual paranoid selves.
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
It would seem they'd put the sniffer box on the same segment as your Internet router - all relevant traffic goes throught there. Multiple routers? Multiple NICs, or even multiple Carnivore boxes.
Besides, if you have a Cabletron, HP or other high-end switch, the firmware usually has a function that will mirror one port to another just for the purpose of sniffing - and they will likely have the court order (or subpoena or writ or whatever)forcing you to use it.
I'll admit, that if it were me facing such a court order to assist in using Carnivore, I'd trade some sc4ip7 kid33z ass for mine in an instant. Revolting, eh?
"Depression is merely anger without enthusiasm." - Anonymous
Look at the militia of that era. Not only were most state or local township forces, but there were plenty of independants. Remember, this was a revolution that had just occured, not two established nations fighting each other.
Revolutionaries wrote our constitution... they weren't just the kind of people who believed that if you don't like your government, you should pick up a gun and fight for what you believe in... they did pick up a gun and put their lives on the line for their moral beliefs.
Every letter in the constitution was written because British citizens died - so that their sons would be Virginians, Carolinians, and New Yorkers, all under a flag of the United States.
I'm amazed at the historical ignorance of the people who spout things like "Some people choose to interpret this to mean that they have a right to own a lethal firearm that is capable to inflicting serious injuries and death.". Have you ever sat down and read Jefferson? Paine? Hell, even Franklin was a hardass when it came to fighting for human rights.
These were people who had just participated in the French Revolution (yes, the same people were involved), and believed in blood-won rights. The "Don't Tread on Me" credo is associated with a venemous snake, and "Unite or Die" is Franklin's revolutionary credo.
Yes, these men were talking about empowering people with basic human rights that did not exist at the time, when masses of people still followed a King who was ordained by God... and then equipping the people with the lethal power to keep those rights though whatever means necessary.
--
Evan "I was going to vote for gun control, until I found a little known law on the books that made murder illegal already" E.
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
If you didn't do anything to prevent RIP, it's too late to complain.
Two points that the FBI guy made over and over at NANOG were that
1) Carnivore is just one tool in a suite of information-gathering utilities. Other software (demonstrated at NANOG) sorts the information gathere from carnivore, and could easily take input from other data gathering systems. All the fuss over carnivore could be (and this is just conjecture) a convenient distraction from really nefarious FBI tools.
2) Carnivore needs to be deployed with the cooperation of the ISP. In addition to simply needing access to the ISP facilities, the FBI engineers need to know where on the ISP's network to locate the box so it can be effective. The FBI agent claimed his folks didn't 'strongarm' ISPs into putting these boxes on their network, although someone from the NANOG audience vigorously claimed that that exact thing (pushy FBI agents force their way onto his network) does happen.
Either way, carnivore itself is just a packetsniffer with an interface even an agent can love. I'm more interested in what other sources of input the FBI has or is developing.
Really. It's just like using an envelope instead of a postcard. If you knew the nosey neighbour across the street was peeking in your mailbox, wouldn't you start putting even the innocent stuff in envelopes?
--
--
E_NOSIG
And what do you want to bet that the NSA can break your encryption?
That's the point in the one time pad. Eliminates all possibility of decryption as long as the pad length is the same as the message, and as long as the pad is kept secret.
Even without that, I would find it very suprising to learn that anyone, including the NSA, finds it trivial to decrypt multiple levels. Even then, the problem with the big guns is that they are big. You ever seen the flotilla that accompanies one of the Navy's big gun ships or aircraft carriers. Getting the NSA to pull out there best and brightest to tackle 4 level encryption to bust a drug ring or kiddie porn ring will not be and easy political maneuver.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The FBI has a packet sniffer. Be afraid. Be VERY afraid.
Seriously though. As I read the description, the only thing that would come to mind was that this device would only stop the most stupid of criminal. The type of rogues that murdered Michael Jordan's father. They commit a crime and then run around telling everyone about it.
Anyone foolish enough to be transmitting data in the clear concerning something that the FBI would care about needs to be locked away for their own protection. Any criminal with half a brain would set up a VPN to set up an SSH session in order to run their custom chat program that uses one-time-pad security. I guess the paranoid aren't being caught, only those who would log into #imACriminal and type, "Me Shotgun. Me rob Wells Fargo at Fifth and main last night. Me live in yellow house."
Again, I reiterate, this will only catch the stupid criminals, and maybe those that the powers that be want bad enough to invest the resource of the NSA to break a ridiculous amount of encryption.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
If the FBI wanted to monitor one of our customers, they would have to put the RADIUS server, the mail server, the proxy server AND all our routers on the same network segment. The reason that we run a switch is because we were getting network resets on a normal 100Base-T hub. Running a switch eliminates that problem and if we were *forced* to put them back on a hub, it would definately cause us some greif.
What I'm wondering is how the FBI handles making these ISPs do what I'm describing? How do the bigger ISPs deal with having to put all their machines on the same network segment? I realize that some ISPs may be running fiber, but even still, not switching the main parts of your network can cause huge problems in performance. How far is the FBI prepared to go to monitor a particular user?
Distributed, real-time indexing of the Internet. Coming soon!
Kord
Use metaphors.
Pick up a decent, non-idiosyncratic translation of some of the writings of the first century A.D. in southern Europe. They're full of references to (for example) the fall of Babylon, but what they're actually talking about is the fall of the Roman Empire.
(Recall that Rome was good at oppressing people, and that the nation of Babylon had died a long time earlier.)
Religious and political tracts have done this for a long time. We do it today: every /. reader knows which corporation I mean when I say Evil Empire, although in the mid-80's it was a different corporation, one with a three-letter acronym.
Encrypt the text, but also encrypt the meaning.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
A few historical quotes...
... to be armed, To be prepared for war is one of the most effectual means of preserving
peace. A free people ought not only to be armed, but disciplined."
... The tree of liberty must be
refreshed from time to time, with the blood of patriots and tyrants,"
..."
"Firearms stand next in importance to the Constitution itself. They are the American people's liberty teeth and keystone under independence. From the hour the Pilgrims landed, to the present day, events, occurrences and tendencies prove that to ensure peace, security and happiness, the rifle and pistol are equally indispensable. The very atmosphere of firearms everywhere restrains evil interference - they deserve a place of honor with all that's good."
-George Washington
"A free people ought
-George Washington
Americans [have] the right and advantage of being armed -- unlike the citizens of other countries whose governments are afraid to trust their people with arms,"
-James Madison
"That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms..."
-Samuel Adams
"The Constitution of most of our states (and of the United States) assert that all power is inherent in the people; that they may exercise it by themselves; that it is their right and duty to be at all times armed and that they are entitled to freedom of person, freedom of religion, freedom of property, and freedom of press."
-Thomas Jefferson
"And what country can preserve its liberties, if its rulers are not warned from time to time that this people preserve the spirit of resistance? Let them take arms
-Thomas Jefferson
"No free man shall ever be debarred the use of arms. The strongest reason for people to retain their right to keep and bear arms is as a last resort to protect themselves against tyrrany in government,"
Thomas Jefferson
"The great object is that every man be armed. Everyone who is able may have a gun,"
-Patrick Henry
"To preserve liberty, it is essential that the whole body of people always possess arms
-Richard Henry Lee
"The best we can hope for concerning the people at large is that they be properly armed,"
-Alexander Hamilton
"False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils except destruction. The laws that forbid the carrying of arms are laws of such a nature. They disarm only those who are neither inclined nor determined to commit crime."
-Cesare Beccaria, quoted by Thomas Jefferson
"Both the oligarch and Tyrant mistrust the people, and therefore deprive them of arms."
-Aristotle
Amendment. II. A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.
--The Consitution of the United States of America
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
> [
> when things get bad enough, the people will rise up and overthrow the ruler/government that is oppressing them
"If there is hope, it is in the proles."
- Winston Smith
Didn't exactly work out that way in 1984, did it?
If you believe "popular uprisings" against the government will even happen in a properly-managed police state, (let alone actually succeed in stopping oppression!), you haven't read much Orwell ;-)
On a somewhat-related note, I recently attended the Verisign security conference in San Jose. While I was there I took in some of the keynotes, and one of them was a pair of FBI agents.
They related some of their experiences tracking "network crime" (mostly pimply 13-year-olds) and talked about their opinion of computer security. During one anecdote, they related that they had seized a CD containing data that had been encrypted.
Now they didn't say exactly what this encryption was, so it might be less interesting than it sounds, but the FBI guys said they were relieved that they managed to convince the cracker to give them the key because "we hate having to ask the NSA to crack encryption." The way they said it, you would think cracking encryption was some kind of beaurocratic hassle rather than a major computation and theoretical feat.
Of course, it might have just been XOR or the key might have been a password. Still, interesting story.
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
It's been said before, but:
Vote Libertarian.
Support the EFF.
Support the ACLU.
Use encryption (someone post me a Linux link).
Call your representative.
Don't just sit there, do something. Put the right people in power and this crap will get fixed.
--jbYes. The word "militia" has already been defined in the U.S. Code. And no, you don't have to be a member of the Armed Forces to be a member; if you're a male within a certain broad age range, or are enlisted in the National Guard, you're pretty much in.
Only the dead have seen the end of war.
How legal is this? Is it, for example, legal here in Britain? Can any intelligence agency in the world just switch it on and type in my name and monitor my activities? This seems to enable monitoring from a distance - therefore, though I am in Britain, could the FBI snoop on me and get away with it because they're on US soil?
We Build Beautiful Websites
president@whitehouse.gov
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I guess in this case, it would mean the box gets all the attempts at being hacked ;)
Because people have rights, and logically following from that is that governments have no rights. If you are going to assume the responsibility of telling people what to do, and punishing people for not doing it, you must be as open and accountable about that process as humanly possible. I am entitled to personal privacy under the European Human Rights Act. My government isn't.
It's our fear of the enemy which forces us into using the same tactics he uses. I've often wondered at how insecure we in the United States must be as a society that we take such draconian measures against our social problems (i.e., very long mandatory sentences for drug use, the difficulty of using the insanity defense for any crime, etc.). Now you might say that you do not feel so insecure, or that, intuitively, you do not feel we are very insecure as a society---maybe not, but consider that the insecurity rises not from our society as a whole, but rather from a very small portion of it which is extremely rightward leaning. The problem is this small minority has gained a disproportionate amount of power because of its extreme wealth and ability to influence the political process.
Vacation at Shell Extension City
DAILY ROTATION
SLAVERY IS FREEDOM
Using Carnivore, we can save you from all those nasty child pornographers and other undesirables of the day.
WAR IS PEACE
Not to mention terrorists, hackers, communists, drug pushers/traffickers/users/advocates. IGNORANCE IS STRENGTH
Releasing the source code would make Carnivore less secure.
Looks like they're 3 for 3 to me.
--
My other computer is your IIS server.
After reading this article about Carnivore (I didn't know much about it previously), it struck me as strange as to why this should be open sourced.
This will probably be moderated down as flamebait, but hear me out.
The issue that's on everyone's minds here is not what so much what Carnivore can do (we all know it's just a sniffer with a nice interface), but how open it is for abuse. I really don't think that by forcing the FBI to allow us to audit the source that we'll find some spectacular hidden feature, again, it's only a sniffer. Carnivore can do the things a sniffer can do (capture any and all network traffic).
The issue isn't so much the potential for "hidden features", but the potential for abuse by those using it. Could the FBI watch the traffic for all users on a subnet even thought they're only supposed to be watching one user? Yes. Could the FBI do extra things and gather extra information that a normal network sniffer could not? Probably not.
In conclusion, Carnivore's potential for hidden features are what makes in dangerous, but it's potential for abuse by the people who use it is.
When you're being carnivored would it show up in a traceroute as an extra host in the route, that runs nt?
I don't want to start a political debate but.....Anymore it is not just the letter of the law that the government uses to make people conform to an Approved Lifestyle(tm). It is more insidious than that. Consider the "Targeted Tax Cut." With these things, if you live the "Approved Lifestyle" you get the tax cut, if not, you're outta luck. You middle-aged and single? *bzzzt* sorry, not tax relief for you. Oh, you have a kid and are married....here you go, cash from the Treasury! This is a rather simple illustration but the whole process can (and is right now) devolve to to an equivelant of laws dictating these same principles. It's what government thinks is best for us.
So, evil_roy, appealing as your comment sounds, "I don't want someone to see what I'm doing...but I want to see their source code", it certainly doesn't hold any weight when it comes to encryption algorithms.
In the case of computer security, there isn't as much agreement among the experts, but there is a strong trend or school of thought, that says for a system to be secure, it must be studied extensively. There are a small group of experts who believe in security through obscurity. In either case, the only hypocracy here is that a pair of dissimilar words tend to be used and if you take them out of context, it sounds funny, but it in fact does make a lot of sense to have open peer review of software and algorithms used in secure systems. The data is "closed", but the code that prevents access to the data should be (according to many experts) "open".
PJRC: Electronic Projects, 8051 Microcontroller Tools
In the case of Carnivore, well, it's part of the "DragonWare Tools". In the English article, the speech to text converter mentioned is made by Dragon Systems.
Ok, there's probably no relation, but being a bit paranoid and enjoying a good (or not so good) conspirancy theory like many slashdot readers, I thought I'd mention it. Maybe Carvivore 3.x will also intercept streaming audio, internet radio, voice over IP, etc... all with textual keyword searches and whatnot. Even if they're not the same Dragon, it's still not a giant stretch to envision capturing multimedia formats (with keyword matches) in real time... but if they are the same Dragon it'd be only a stone's throw away....
PJRC: Electronic Projects, 8051 Microcontroller Tools
Encryption won't help in "pen recording" mode -- While they would like to have what was said, police are almost as happy if they can show that a communication occurred.
The reason this is significant: Getting permission to get pen records (telephone slang, a list off all calls made by a particular phone) is a whole lot easier. IANALawyer, but I think they may be able to just supoena them, no inconvienent judge that has to be talked into issuing a warrant.
I know of at least one case where pen records (telephone) played a big role -- The investigators of a series of arson fires in the (near to the slashdot home) city of Lawrence, used analyis of calling patterns to identify the central figures.
So use that encrypted VPN, and when you aren't using it, send random data back and forth over the link so you won't face someone in the witness box pointing at an anacapa timeline, and saying: "mail was sent on tuesday, 12 hours before the bomb went off, and a reply was sent 15 minutes after detonation"...
Organizer:New England Rubbish Deconstruction Society;The NERDS,first US team in the UK Scrapheap Challenge/Junkyard Wars
Great. Now you can click on boxes like "monitor UDP traffic" and "record POP3 traffic". Which means that Joe Agent, civil servant, IQ of 100, can now set up sniffers in ISPs.
It's like the "Bob" of packet sniffers.
Of course, when this obviously computer-savvy agent (or team of them... ooh) sees "suspicious" traffic, well, then you're busted.
Except if all they do is point and click, how the hell are they expected to be able to competently analyze network traffic?
On Linux, you can do the same thing with tcpdump, iptraf, and sniffit, depending on which task you're actually trying to do. Or hell, run them all, and dump to a huge logfile.
All this does is make it easier for non-technical people to operate a technical piece of machinery, and puts us all in danger of being investigated by stupider people than before.
I want to delete my account but Slashdot doesn't allow it.
IPSEC and SSH are great tools, but they do nothing for home user's security - what's needed are things like a secure IRC client (and server), secure IM clients (and servers), and an easy-to-use PGP-style email encryptor.
The chain is only as strong as its weakest link.
I want to delete my account but Slashdot doesn't allow it.
I think the workarounds are pretty simple and probably obvious to most Slashdotters. Using encryption to muzzle Carnivore might be news on CNN but not on Slashdot. We also might want to think about the day when 4096 bit encryption can be broken in a few minutes (or seconds). Once a log of your session is captured it can be kept around for quite a long time.
Icebox
Presumably if everyone started putting up sigs including as many dodgy words as possible they would spend all day reading pointless posts like this one.
:-
So everyone include words like
guns, bomb, terrorist, bomber, semtex, nuclear weapon, spy, communist in your sig now!
Its hopelessly low tech but the easiest way to give'em a headache.
I have no problem with Carnivore if two things happen.
1) Carnivore is installed *everywhere*. Even at all government offices.
2) Anyone can access its records, or begin a trace attempt.
Ho ho.
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
THIS IS GOOD!!!
In some ways anyway.
See, one of the major points in the OJ Simpson case (he got off scot free for those who can't recall) was how easy it is to corrupt a DNA sample.
If anyone gets prosecuted with Carnivore as the main evidence remember: If anyone can forge a 'smoking-gun' letter, there is no way to prove that a suspect (in this case you) has actually produced this evidence! Use it as your argument with Jonny Cochran as your defense attorney, and there is little way you will serve any jail time.
Going through a case like this, where Carnivore evidence has been excluded from a trial due to ease of forgability, why would the FBI continue to use it to collect evidence? There wouldn't be any logical reason to! And I'm sure the CIA wouldn't mind taking over the Carnivore project.
By the way, do you know that according to the United State's Constitution, you can vote if you are under 18. It specifically forbids infringing upon 18+ year olds right to vote, but says nothing about 18.
jaHALkhglagdj sdLYJ;Q5437%7@$%*43 YLHLAGHJA$#KLHFDGHFDA TRWU*I^%43lkfjdgho43yL9--=0-8shwdvew&(^ghg^%HDS>P" ;7687432DSAGH$&(*ewkhjkgpl;p0 988653TSkui 6HDSKL:{XZfakk7o767653jkhh{{]]mnjkg3`13`1-gfj{Opop ut.w,;fyhf6765==1';sghfvctrU#ADCVGHKL0t9 84yhb3.l;c-9hj*%RFSWSgkjkthjjtnxppq^%FB)42l,f
--cr@ckwhore
Skiers and Riders -- http://www.snowjournal.com
I'm sure everybody here is familar with the Freedom of Information Act... using the FOIA, one could in theory easily produce a list of ISPs that have carnivore boxes installed. This list can then be posted online as a FREEDOM warning... if public exposure of this list results in sales drops for ISPs running carnivore, I bet they could turn around and sue the government for it.
Basically, it would be really nice to have a list of ISPs with carnivore installed. Anybody up for the task?
--cr@ckwhore
Skiers and Riders -- http://www.snowjournal.com
Hold it right there. Neither you nor ESR is "fighting" anything. Your lives are not on the line, and you insult genuine freedom fighters by pretending they are.
The correct term for you and Eric Raymond would be "freedom whiner"
-- the most controversial site on the Web
Nathan
If you don't have anything nice to say, say it often.
- Ed the Sock
Nathan
If you don't have anything nice to say, say it often.
- Ed the Sock
Get Licq-ssl. It uses the regular servers to loacte each other, but when it talks to another Licq-ssl client, it encrypts messages going across. Uses openssl.
Please, give us the source for the Carnivore system. I can imagine the FBI tracking every internet action under the 'new' legal idea of a retroactive wiretap. So the fact that I could (in the future) become a criminal would allow them to monitor my actions now, when I am a law-abiding citizen, in the interest of getting me convicted of a future crime I may-or-may-not commit. And it would become legal, because they can got a wiretap order once I am a criminal, and the data is then relevant. (And in case you doubt the reality of this scenario, just watch a few episodes of Law & Order- or any other realistic police/justice show- this is how the legal system thinks.) Never mind that the evidence from Carnivore sparked the investigation that got tap orders for carnivore.... Either Carnivore was planned by Big Brother to further his agenda, or someone will arise to be said Big Brother, as they have the power to do so (with Carnivore).
If we want to kill Carnivore (or at least the secrecy of the source code), why not try arguing that since the system intercepts every internet transmission, whether it is logged or not, it violates the privacy of every other 'net user? I don't want something reading my packets if I'm not the one under investigation!
Do you like Japanese imports?
Anyways, I wouldn't worry too much. Yes, they are bringing us closer to living in the world written about by George Orwell, but there will always be those of us that will be on the edge of the law, and a danger to the system, to keep the governments in check. Ummm...sorry, don't want to sound like I am making a movie trailer. Anyways, the point is that in any society, when things get bad enough, the people will rise up and overthrow the ruler/government that is oppressing them. This is not happening yet, and that's why some of us who see these crimes against us being committed by our leaders get frustrated when the average person on the street is apathetic. So far we still are pretty free and can do what we want for the most part. We do have less freedoms now than people did 50 years ago though, at least in the U.S.
Mas vale cholo, que mal acompañado.
When asked why the FBI would not release source, he said: "We don't sell guns, even though we have them."
Well.. not to Americans at least.
http://twitter.com/onion2k
This is a major violation of our privacy
We have privacy?
http://twitter.com/onion2k
TROLL.
The only reasonable thing to do is agree to the search and hope that the officer isn't looking for the adrenaline rush that arresting an innocent suspect brings. Some cops really get off on the idea that they are - for all practical purposes - destroying someone's life; it gives them the illusion that they rather than the government that they represent are the ones who are powerful.
If you are charged with a drug offense the odds are excellent that you will be convicted. In fact it almost doesn't matter what the outcome of the trial is; the legal system will grind you into paste regardless of whether you draw or lose. (The best you can hope for in a criminal case is a zero - zero tie. You are not allowed to score, only the state is. For sure you aren't going to win and send the prosecutor, and arresting officer to jail for lying about you to a jury. It seems pretty obvious to me, but evidently other people appear to miss the fact that if you really are innocent, everything the prosecution uses to try to convict you is a lie; they might believe their own lies, but they are still lies. )
Don't think that law enforcement agencies would do something like that? Of course, you are correct: the police have never planted drugs on a suspect. Not one time, ever.
For example: no police officer would ever claim you were speeding when you weren't - just because he wanted to search your vehicle. Oh wait, I have had that happen to me three times in the last 20 years. And no, I don't look like a drug user - or even meet any sort of profile other than being a single male driving a not very expensive vehicle. I think the officers were just bored. When they couldn't find anything wrong they looked really disappointed. I was always polite and courteous to them when they pulled me over, so they didn't 'find' any drugs in my vehicle. Of course all it would have taken was a little outrage at being stooped for a crime I wasn't committing, and suddenly boom: "Look what I found." See guys, its not paranoia when it has happened to you.
Carnivore enables the modern version of a thought crime: "We thought you might be a criminal, so you are one!"
No one should ever get used to a government repeatedly abusing it's power. The US government may be better about it than most others, but do you remember McCarthyism? Remember J. Edgar Hoover? Remember Clinton being accused of getting his opponent's records from the FBI and IRS? Carnivore may have been created with benevolent intent, but it's potential for abuse is such that it may be the single greatest threat to free speech and personal liberty in a long time.
Get used to it? Not in a million years.
-Rob
"Liberty means responsibility. That is why most men dread it." -George Bernard Shaw
Is it just me, or does that statment just give you instant wood?
Based on current ISP security and the willingness of 31337 h4xx0rz to plunder whatever and whenever they can, I'm willing to bet that at some point in the not-too-distant future we're going to hear of a Carnivore box being 0wn3d. I can just see it now:
Earlier today the FBI put out a warrant for its own arrest for a series of "distributed denial of service" attacks on major e-commerce websites earlier this week. Said one FBI source, "It appears as though we the FBI have been performing these attacks from our controversial Carnivore monitoring stations, set up around the country for legitimate purposes. Go figure, huh?"
Mr. Ska
Rather than try to do everything on your own, why not help support EFF in their efforts? One united strong voice is better than many little ones...
ps. I would say this 'demo report' is a fake because of the wording of this sentence. With the click of a check box, ahh...
--Giving to trolls for the benefit of us all
This is very bad. Now the FBI won't have to get a search warrant to dig up some dirt on any suspects of Internet crimes; all they'll have to do is set the Carnivore box to sniff their connection.
Sure, call me paranoid, but now the FBI won't have to deal with the legal system protecting our rights, the same legal system which they constantly label as a "hindrance to justice". All that they want to do is fill their quotas with the doctrine of "hook 'em, book 'em, cook 'em NOW!"
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Well, Carnivore is certainly going to have the FBI touting this Oceanic axiom from 1984 (the book, not the year). Now there's just the other two to go:
WAR IS PEACE
They're working on that one. We're almost sure to see some kind of conflict against the Taliban and Hamas.
IGNORANCE IS STRENGTH
I'm not sure how this one will be implemented. Of course, there's the CIA hiding everything from us. Also, there's the MiB factor (... and the only reason why they go on with their pathetic lives is that they do not know about it!).
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
we have all this information piling up about carnivore, all these reports coming in from the media, all this awareness, but yet, who , besides the EFF and EPIC etc are doing anything to challenge it ?. I think we all need a wake up call. This is a major violation of our privacy, and if we let them get away with this, they wont stop after that.
"sex on tv is bad, you might fall off..."
I lost my concept of community when my community lost all concept of me.
Still, if it helps to catch criminals...
"I might have made a tactical error in not going to a physician for 20 years." -- Warren Zevon
Want more data about how Carnivore works? Push for the source code to be opened.
/. or an e-mail adress to overload?
Very well, where? Anybody got an URL to
People replying to my sig annoy me. That's why I change it all the time.
Unlike Linux, not all programs are bugfree. Maybe we'll be able to find a way to escape it.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- if you love something, set it free; if it doesn't come back, hunt it down and kill it
Besides, we can compile it ourselfs and use it against our girlfriends..
Mark
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- if you love something, set it free; if it doesn't come back, hunt it down and kill it
Most small to mid-size ISPs have a single backbone provider router. That's where the sniffer box will be inserted. If you're an ISP and wanna make your network unfriendly to sniffing, use NO ETHERNET DEVICES AT ALL in your network. Make sure that all your hardware talks to one another via FDDI or ATM over single-mode fiberoptic cables. The oddball nature of such layer 1 hardware will throw a monkeywrench into the sniffing plans. It won't stop it, but it certainly will make the expense of inserting a sniffer way more unpalateable. Of course, it'll make your network expensive as hell to build too. It also wont stop anyone from sniffing your entire traffic at your backbone provider's end either.
So _because_ the militia of the day was a bunch of rag-tag hooligans who happened to be fighting for a "just" cause, this gives all rag-tag hooligans of today the excuse to call themselves a militia and tote AK-47?
Get Real!
Look at us. Here at slashdot are thousands of computer nerds, and we do nothing? Someone has to figure out a way to take down these boxes. If it monitors everything, then all we have to do is send an e-mail that had a word like bomb or something they would want to read. Then, BOOM! It is a bomb. Just have some insanely malicious little program that takes the box down for the count. That's of course only if we can't win in court or some legal way.
The GeekNights podcast is going strong. Listen!
Greetings Mr. Troll.
... "These people are the enemies of the United States of America, just as much as the Judges and Corporations who bend and twist the Constitution to fit their own needs."
You state regarding gun owners: "They clearly fail to realize that they have mis-interpreted the meaning of the 2nd Amendment, using it in such a way as to satisfy their child like need to own a lethal firearm. They choose to ignore the overwhelming statistics that show that gun related accidents, including those that resulted in death, are exponentially higher in the United States of America, than in countries with sensible gun control policies. They choose to ignore that their rights do not extend to gun ownership."
While your assertions regarding the Second Amendment mirror those of the Clinton/Gore administration, they are disproved by a cursory examination of the historical record which others in this thread have already done.
The fact is that there are fewer gun accidents now than ever in history. It may interest you to know that the statistics to which you refer are for the most part propaganda printed in the medical journals, specifically New England Journal of Medicine and Journal of the American Medical Association. I call these studies propaganda because they do not meet basic scientific requirements regarding sample selection, statistical analysis, conclusions being supported by data, proper data collection, etc. In short, they are bilge, printed for political purposes. An exhaustive scientific examination of these studies can be found at my web site, http://www.psn.net/~thephantom/ You may find it enlightening.
It may also interest you to know that Britain and Australia have experienced double digit increases in burglary, assault and other violent crimes since implementing the "sensible" gun control policies you refer to, including large increases in crimes committed with guns. On the other hand, states in the USA which have recently adopted "shall issue" concealed carry permit laws like those in Florida, Texas, Arizona etc. have seen double digit decreases in crime rates. Reputable studies have concluded that increasing gun ownership and concealed carry are correlated with decreased violent crime. A quick web search on Kleck, Lott, Mauser or others will turn up plenty of well documented evidence, as I don't expect you to take my word for it.
Kindly check your facts sir before slandering half the adult population. The "Enemies of America" are not the 40 million "child like" gun owners who assert their right to self defense.
Brought to you by the Invincible Chordate Pikaia Commemorative Society.
I don't want someone to see what I'm doing...but I want to see their source code ? Open is open and free is free. What is this ? Half the time closed source and "binary only" gets bashed but then all communications should be closed ? More than a bit hypocritical. There are heaps of options for secure communications...the internet isn't one of them. Why demand someones code be freely available but allow all else to be anonymous and hidden ?
If Carnivore is made open source then everyone could have their own carnivore(packetsniffer) and the FBI wouldn't want that even though packsniffers have been around for a years so they aren't really doing anything new. I think that if they did release the source code, people would then know what all it can do not just what THEY told us. The real reason that they want it closed source i'm sure is so that it appears to be secure for as long as possible.
"The secret of success is to know something nobody else knows." -Aristotle Onassis
It's not that carnivore can't handle it, it just can't decode it, well not in a reasonable amount of time anyway. The FBI could I'm sure break the encryption, but they wouldn't do that very much since it's such an in depth process, using just 128 bit encryption it would take months on there fastest computers to decode it. Any one who has used a packetsniffer can see how easy it is to get clear text data out of packets, but when they are encrypted almost impossible for a regular person. I'm sure the FBI has more resources at their disposal than most people but they wouldn't waste their time with encrypted data on most occasions. There is always the chance however that in a top priority case they would try.
"The secret of success is to know something nobody else knows." -Aristotle Onassis
If this is your first indication that someone might be reading your email or watching what you download, then you really need to think about how the 'net is structured.
As a systems administrator, I have total access to all the email that goes in and out of my system. I have access to every machine in the department, both over the network and physically. And I'm just one guy on one end of the chain. On the other end is someone else like me who has access to your systems.
Perhaps your logged into an ISP and those folks don't have direct access to your machine... they still have access to everything that goes in and out of the machine. And so does everyone between my site and yours. MCI/Sprint/whoever, has access to the packets that flow between. Institutional paranoia aside, think of all the individuals who work at those sites... care to trust each and every one of them?
Anyone want to guess what percentage of network traffic is clear text? Even if its encrypted, it's just a matter of CPU and time before anyone who wants to know what your sending can know it (believe strength of encryption being another topic).
So the feds can read your email. So what? So can I or someone like me.
Do not worry about questions like: are my methods of communiation private? They are not.
Instead work to ensure that those who can have access to your "private" conversations (email or otherwise), don't have the right to do anything with it.
The first step: VOTE next month. Pick your candidates at every level of office and then tell them what you want. It's that simple. And it's really all you can do about it.
Oh... and remember, sysadmins are usually bribable with a good import. Beer that is. Cars show up on the IRS radar.