Slashdot Mirror
Carnivore Demo Report
michael : People are really interested in the "inner workings" of Carnivore, as shown by the many submissions. I never thought it was anything special - from the start, when I first knew that the FBI had an Internet interception box, I just assumed that it would neatly sort and deliver all Internet traffic of a particular target. I can spec out how I would design such a box; and the FBI isn't stupid; so I assume they would do it in a similar fashion. I think there's still a lot of disbelief out there, though - "You mean the FBI can really track both Web access AND email? And IRC? And Usenet? ...." People just don't believe it, because they're used to thinking of Internet traffic in different terms than phone or whatever.
The only important design aspects of the carnivore box are things like "Can the FBI set it to snoop on traffic it isn't supposed to? Can I dial into the box and snoop on my neighbors?" and other questions like that, which we'll *never* find out from any powerpoint presentation.
So get used to it, people. Assume that Carnivore neatly captures, sorts, and delivers all traffic that passes through it, and that the FBI can just type in your name and plug it in. Assume that there's a user-friendly, point-and-click interface. Assume that it will pretty-print reports, ready for filing with the court if/when you are prosecuted. Assume that there's essentially no oversight of the FBI's use of this device - after all, judges exercise almost no oversight over wiretaps, there's no reason to believe that Internet-tapping will be overseen any more diligently. The FBI and police approach wiretapping requests in the same way that conniving children approach their parents - it only takes one judge to approve a request, and the FBI can approach as many different ones as needed until they find the one that just doesn't care and rubber-stamps everything.
Get used to it. Want more data about how Carnivore works? Push for the source code to be opened. Nothing else will provide any more information about the system. You can't tell how secure it is (against the FBI, or against anyone else) from a presentation.
As for me, I'm steadily moving toward encrypting as much of my traffic as possible. I set up ssh for my home network recently. I'm setting up SSL. I'm reading up on IPSEC. I guess I just don't have a very trusting nature. The way I figure it, the time to set up countermeasures is before you expect to need them.
Is nothing sacred? I expect my usenet posts to be seen by nobody. From now on I'm going to encrypt everything I post.
To protect against unauthorized snooping, you can use Freedom from Zero-Knowledge Systems. It offers 4096 bit encryption of web browsing, pseudonymous email, cooie management, ad blocing and more.
The thing that worries me is that now so much evidence used in court is made up of electronic records, which can be forged. In the bad old days you had tape recordings of conversations, which (unless you hired Rich Little) couldn't easily be faked. But with evidence like carnivore data being used in court, what is there to stop *anyone* from putting in a couple of access to www.kiddieporn.com or email to obinladin@bombmasters.com?
Same for hard drives. I know someone who had to send dumps of his hard drives in for some stupid lawsuit. What can stop someone from patching up those dumps to look as if there is a deleted version of a "smoking gun" letter that shows guilt?
I guess on the flip side you can always say "they faked this" as a defense. Does this provide reasonable doubt?
I guess it is time to start signing e-mail.
-- ac (sorry)
And don't forget, the establishment in power at the time would have thought that the 'rag-tag hooligans' were just a bunch of noisy reactionaries that should be supressed.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
The FBI has a packet sniffer. Be afraid. Be VERY afraid.
Correction: a packet sniffer *and* the authority to place said packet sniffer somewhere central in every US ISP's network.
Criminals needn't worry about this, you're right: they can encrypt. It's the rest of us who are doing nothing wrong but want a little privacy nonetheless, who are going to have to put extra effort into encrypting and/or anonymysing our net activities.
--
They don't do this lightly, and don't like to do it, because the turnaround time is lousy, stuff sent sometimes doesn't return, and it's a bureaucratic pain in the ass. It's not in the NSA's charter to conduct domestic surveillance (and I'm inclined to believe that they don't for the most part - the FBI has always been , but you're mistaken if you think they don't cooperate in other capacities with law enforcement.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
They don't do this lightly, and don't like to do it, because the turnaround time is lousy, stuff sent sometimes doesn't return, and it's a bureaucratic pain in the ass. Essentially, it's only done when other leads are exhausted or stalled. It's not in the NSA's charter to conduct domestic surveillance (and I'm inclined to believe that they don't for the most part - that's the FBI's domain), but you're mistaken if you think they don't cooperate in other capacities with law enforcement.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
How does downloading any type of porn deprive people of life, liberty, etc...?
People who view child porn are those who create the market and the incentive for those who produce it.
I don't make the rules. I just make fun of them.
If you aren't doing anything illegal, you have nothing to worry about.
Lots of people seem to feel this way. These seem people also seem to be the same people who think that government should be the arbiters of morality and that laws exist to make sure that people are doing the right thing.
"I'm not downloading kiddie porn, so everything is okay. The government can set up a vidscreen in my living room and I don't mind at all. Since I'm not doing anything wrong, what do I have to fear?"
The problem with this is that the lawmakers are no more or less moral than any in the citizenry. Furthermore, it fails to take into account the psychological fact that every person finds his or her own morality. What gives the government the right to dictate morality on the citizenry? Do you really want people like Bill Clinton and Ted Kennedy dictating morality to you? And what makes their morality any better than anyone else's?
This is why I think the only things which should be illegal are things which deprives other people of life, liberty, or property. For this reason kiddie porn is illegal, but drugs are not. Key words in my belief are "other people" -- every person should be completely free to destroy his or her self if they so desire as long as it's only his or her self that is destroyed by their actions.
This is why we need privacy. The government is simply not equipped to decide what we should or should not be doing. Nor can they adequately "monitor" anyone to ensure that they are living the "government-approved lifestyle." And it cannot be shown that the "government-approved lifestyle" is any better than any other lifestyle. The best that government can do is to make laws forbidding the deprivation of another's life, liberty, or property and then enforce those laws. If we allow government to do otherwise, then we are at the whims other other people who are neither more moral nor better equipped to govern than we are -- and they have the right to use deadly force to enact their goals.
There is a solution.
I don't make the rules. I just make fun of them.
The NSA is not chartered for domestic surveillance. End of story. If they capture any transmission or conversation with a bona fide U.S. citizen, the identity of the individual on the logs reads "U.S. Citizen". They don't outsource decryption capabilities to other agencies. They don't have the time. They're too busy looking for terrorists. Forget that Enemy of the State crap. Pure fiction. Hysterical. I live close enough to Ft. Meade to know what a joke that movie was.
Don't forget that whole probable cause thing, either. That *still* limits what they are allowed to collection. If they don't have reason to suspect you're a child pornographer, they have no legal means to collect random data from your machine, hoping to find some reference to illegal activities.
Not to mention it's a lot easier to hit a known target than to sift through all the crap that flows through my machine. A day of legwork and research could easily produce more useful results than sifting through otherwise random network traffic.
So we know the FBI wants to tcpdump at your ISP. What makes you think your ISP isn't doing this already? And for whose purposes?
M-x spook
How's my programming? Call 1-800-DEV-NULL
After all these years of doing everything in their power to stop encryption via export regs and Clipper & friends, the US government is *finally* doing something to encourage the use of encryption. Good on them!
-- Don't Tase me, bro!
Simple, there is a difference between public and private. We are private citizens. The FBI is a public entity, using our money to build a device to spy on us. I see nothing wrong with their benefactors requesting to know what they are doing and keep them honest. Remember this is a government that locked up Japanese during WW2, prosecuted anyone who uttered the word "communism" and shoots people's family's because they are "isolationist survivalist" wackos. Are we to assume that they will NOT abuse their power for the first time ever? :) and the rest of the country won't know or care. Then we just have to trust them to not abuse their power. Unfortunatly history is not un the side of that blind trust.
As I said, we aren't comparing the right to privacy of two equal groups. The FBI SHOULD be subject to public scrutany, however few people in this country care about Carnavore so I imagine it will be quietly installed (with the vocal whinings of some insignificant geeks
Finkployd
As long as they aren't breaking laws, yes. That is how this country works.
Finkployd
They may not be breaking a law that was written over 250 years ago, but they are breaking their social contract by being iresponsible and continuing the myth that you are "free" as long as you can own a lethal firearm.
By owning an AK-47 (which is used illegaly about 0.000001% of the time) they are breaking no social contract. Are you saying nobody can start a Militia and orginize? What other groups are wrong to be part of. Communist party? radical enviormentalists? We have freedom of speach and assembly in this country as long as you are not breaking any laws.
Heres another point: If the 2nd Amendment is so great, and every in the US is so pissed off with their current corrupt system of Government, why hasn't an armed uprising occured yet? Could it be that the average American gun owner is too stupid, ill informed and complacent to actually use the 2nd Amendment in the way it was intended?
Face it, the 2nd Amendment is an outdated law that should no longer apply.
That is an excellent point. However, I could make the same point about the first amendment, since it was also enacted to allow people to organize and speak up about a corrupt government. In fact the purpose of the two go hand in hand, so if the second has failed for this reason, so has the first.
But, you say, the need for the first amendment has changed over the years. Now we used it to voice unpopular opinions about greedy corporations, to distribute source code in a way that pisses off Sony, to protect journalists and their sources. Well the need for the second amendment has also changed over the years. I'm not saying that someday in the future an armed resistance by the public will not be necessary (it may, who knows?) but there are other compelling reasons for it. First, any law professor will tell you that it has been well established that the government (read: police) has no legal obgligation to protect you. The average response time for a 911 call is 45 minutes, and the average life sentance for a convicted criminal is sever years. I would consider it irresponsible of me to ignore the issue of my and my family's safety and not take steps to ensure it. Ultimatly, the most effective way for a woman to survive a violent encounter with a man is to resist with a firearm, coming in distant second is to submit to the man and hope he doesn't kill you, and coming way last is to resist with something inneffective, like peper spray or a knife (source: FBI stats). The fact remains that bad people out there have guns and so far gun laws haven't done anything to prevent this. The only person affected by gun laws is the law abiding gun owner.
Last, complete social breakdown DOES happen. During the LA riots many of the stores and homes in the area were ransacked and people were beaten (ironically in response to a beating). However, ALL of the stores and homes that had an owner with a gun protecting them were left alone, as were the occupants inside. Now if the store owner told you before the riot that he bought the gun in case a riot breaks out and he has to fight for his life and property while the city burned, you would probably have called him an right wing alarmist wacko, but it happend. This is still not a perfect world and while there is a chance that my life and my family's life could be placed in danger by a nut with a gun, I'm going to ensure that I have the means to protect myself. If you disagree with me, that is your right. However, you benefit from the fact that guns ARE prevelant in other people's homes. Don't believe me? Put up a big sign in your yard that says "this home is gun free" and make an example for others to follow. Insane? Dangerous? Then you benefit from the possibility that you COULD own and gun, and just might be able to put up armed resistance against an intruder.
Finkployd
Suprisingly I agree with you. However, we run into a realism vs idealism problem. Idealy, guns wouldn't exist. however they do. The question is how to get rid of them. Disarm the law abiding citizens and hope the criminals give up their guns? Even if you eradicate all the guns on earth, it is not difficult for me to make one from scratch, and I'm am only 22 with a little machining background and some basic understanding of firearm theory, imagine what a skilled machinist could do. More importantly, imagine what a criminal would pay to have a "bootleg" gun build for them to take advantage of a completly unarmed population. Hell, this is ignoring the fact that somewhere in the world guns will be produced and we will have just as much success prevent guns being smuggled as we have with drugs.
In and ideal world, I should be able to leave my doors unlocked, walk in a NYC park at night, and not ever worry about being attacked by a group of thugs (armed with guns or not). Unfortunatly, this is not the ideal world, and preteding it is and living this way to set an example will only get me in trouble. I choose to be responsible about my safety and my family's and make sure I equiped to effectivly protect myself and them. Am I wrong to do so?
Finkployd
It's an interesting point of view, but a simple journey into the writings and speaches of the framers of the constitution shows that your interpretation is indeed incorrect. They clearly state that it was intended to bestow the right to the entire population. I direct you to the writings of Madison and Jefferson specifically, who have much to say on this. Of note is that many considered the right of the population to bear arms more important than speech and debated took place to decide if it should be first. The amendment took many forms as it was writen and re-writen, and ended up the only amendment with a justification. If you don't want to look up the intended meaning of militia, here are some explinations:
... The militia is composed of free citizens.
Samuel Adams:
"It is always dangerous to the liberties of the people to have an army stationed among them, over which they have no control
Patrick Henry:
"The great object is, that every man be armed....Every one who is able may have a gun."
"Are we at last brought to such a humiliating and debasing degradation, that we cannot be trusted with arms for our own defense? Where is the difference between having our arms in our own possession and under our own direction, and having them under the management of Congress? If our defense be the real object of having those arms, in whose hands can they be trusted with more propriety, or equal safety to us, as in our own hands?"
Thomas Jefferson:
"No free man shall ever be debarred the use of arms."
George Mason:
"I ask, Who are the militia? They consist now of the whole people, except a few public officers...To disarm the people is the best and most effectual way to enslave them."
I also would submit to you that your interpretation implies that of all the amendments that make up the bill of rights, the second is the only one that does not apply to the people, only the government. In fact, the term "the people" is also used in the first and fourth amentments to grant rights. Does the phrase "the people" take on a different meaning and refer to a different group when applied in these amendments?
Finkployd
It would seem they'd put the sniffer box on the same segment as your Internet router - all relevant traffic goes throught there. Multiple routers? Multiple NICs, or even multiple Carnivore boxes.
Besides, if you have a Cabletron, HP or other high-end switch, the firmware usually has a function that will mirror one port to another just for the purpose of sniffing - and they will likely have the court order (or subpoena or writ or whatever)forcing you to use it.
I'll admit, that if it were me facing such a court order to assist in using Carnivore, I'd trade some sc4ip7 kid33z ass for mine in an instant. Revolting, eh?
"Depression is merely anger without enthusiasm." - Anonymous
Look at the militia of that era. Not only were most state or local township forces, but there were plenty of independants. Remember, this was a revolution that had just occured, not two established nations fighting each other.
Revolutionaries wrote our constitution... they weren't just the kind of people who believed that if you don't like your government, you should pick up a gun and fight for what you believe in... they did pick up a gun and put their lives on the line for their moral beliefs.
Every letter in the constitution was written because British citizens died - so that their sons would be Virginians, Carolinians, and New Yorkers, all under a flag of the United States.
I'm amazed at the historical ignorance of the people who spout things like "Some people choose to interpret this to mean that they have a right to own a lethal firearm that is capable to inflicting serious injuries and death.". Have you ever sat down and read Jefferson? Paine? Hell, even Franklin was a hardass when it came to fighting for human rights.
These were people who had just participated in the French Revolution (yes, the same people were involved), and believed in blood-won rights. The "Don't Tread on Me" credo is associated with a venemous snake, and "Unite or Die" is Franklin's revolutionary credo.
Yes, these men were talking about empowering people with basic human rights that did not exist at the time, when masses of people still followed a King who was ordained by God... and then equipping the people with the lethal power to keep those rights though whatever means necessary.
--
Evan "I was going to vote for gun control, until I found a little known law on the books that made murder illegal already" E.
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Two points that the FBI guy made over and over at NANOG were that
1) Carnivore is just one tool in a suite of information-gathering utilities. Other software (demonstrated at NANOG) sorts the information gathere from carnivore, and could easily take input from other data gathering systems. All the fuss over carnivore could be (and this is just conjecture) a convenient distraction from really nefarious FBI tools.
2) Carnivore needs to be deployed with the cooperation of the ISP. In addition to simply needing access to the ISP facilities, the FBI engineers need to know where on the ISP's network to locate the box so it can be effective. The FBI agent claimed his folks didn't 'strongarm' ISPs into putting these boxes on their network, although someone from the NANOG audience vigorously claimed that that exact thing (pushy FBI agents force their way onto his network) does happen.
Either way, carnivore itself is just a packetsniffer with an interface even an agent can love. I'm more interested in what other sources of input the FBI has or is developing.
Really. It's just like using an envelope instead of a postcard. If you knew the nosey neighbour across the street was peeking in your mailbox, wouldn't you start putting even the innocent stuff in envelopes?
--
--
E_NOSIG
And what do you want to bet that the NSA can break your encryption?
That's the point in the one time pad. Eliminates all possibility of decryption as long as the pad length is the same as the message, and as long as the pad is kept secret.
Even without that, I would find it very suprising to learn that anyone, including the NSA, finds it trivial to decrypt multiple levels. Even then, the problem with the big guns is that they are big. You ever seen the flotilla that accompanies one of the Navy's big gun ships or aircraft carriers. Getting the NSA to pull out there best and brightest to tackle 4 level encryption to bust a drug ring or kiddie porn ring will not be and easy political maneuver.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The FBI has a packet sniffer. Be afraid. Be VERY afraid.
Seriously though. As I read the description, the only thing that would come to mind was that this device would only stop the most stupid of criminal. The type of rogues that murdered Michael Jordan's father. They commit a crime and then run around telling everyone about it.
Anyone foolish enough to be transmitting data in the clear concerning something that the FBI would care about needs to be locked away for their own protection. Any criminal with half a brain would set up a VPN to set up an SSH session in order to run their custom chat program that uses one-time-pad security. I guess the paranoid aren't being caught, only those who would log into #imACriminal and type, "Me Shotgun. Me rob Wells Fargo at Fifth and main last night. Me live in yellow house."
Again, I reiterate, this will only catch the stupid criminals, and maybe those that the powers that be want bad enough to invest the resource of the NSA to break a ridiculous amount of encryption.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
If the FBI wanted to monitor one of our customers, they would have to put the RADIUS server, the mail server, the proxy server AND all our routers on the same network segment. The reason that we run a switch is because we were getting network resets on a normal 100Base-T hub. Running a switch eliminates that problem and if we were *forced* to put them back on a hub, it would definately cause us some greif.
What I'm wondering is how the FBI handles making these ISPs do what I'm describing? How do the bigger ISPs deal with having to put all their machines on the same network segment? I realize that some ISPs may be running fiber, but even still, not switching the main parts of your network can cause huge problems in performance. How far is the FBI prepared to go to monitor a particular user?
Distributed, real-time indexing of the Internet. Coming soon!
Kord
Use metaphors.
Pick up a decent, non-idiosyncratic translation of some of the writings of the first century A.D. in southern Europe. They're full of references to (for example) the fall of Babylon, but what they're actually talking about is the fall of the Roman Empire.
(Recall that Rome was good at oppressing people, and that the nation of Babylon had died a long time earlier.)
Religious and political tracts have done this for a long time. We do it today: every /. reader knows which corporation I mean when I say Evil Empire, although in the mid-80's it was a different corporation, one with a three-letter acronym.
Encrypt the text, but also encrypt the meaning.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
A few historical quotes...
... to be armed, To be prepared for war is one of the most effectual means of preserving
peace. A free people ought not only to be armed, but disciplined."
... The tree of liberty must be
refreshed from time to time, with the blood of patriots and tyrants,"
..."
"Firearms stand next in importance to the Constitution itself. They are the American people's liberty teeth and keystone under independence. From the hour the Pilgrims landed, to the present day, events, occurrences and tendencies prove that to ensure peace, security and happiness, the rifle and pistol are equally indispensable. The very atmosphere of firearms everywhere restrains evil interference - they deserve a place of honor with all that's good."
-George Washington
"A free people ought
-George Washington
Americans [have] the right and advantage of being armed -- unlike the citizens of other countries whose governments are afraid to trust their people with arms,"
-James Madison
"That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms..."
-Samuel Adams
"The Constitution of most of our states (and of the United States) assert that all power is inherent in the people; that they may exercise it by themselves; that it is their right and duty to be at all times armed and that they are entitled to freedom of person, freedom of religion, freedom of property, and freedom of press."
-Thomas Jefferson
"And what country can preserve its liberties, if its rulers are not warned from time to time that this people preserve the spirit of resistance? Let them take arms
-Thomas Jefferson
"No free man shall ever be debarred the use of arms. The strongest reason for people to retain their right to keep and bear arms is as a last resort to protect themselves against tyrrany in government,"
Thomas Jefferson
"The great object is that every man be armed. Everyone who is able may have a gun,"
-Patrick Henry
"To preserve liberty, it is essential that the whole body of people always possess arms
-Richard Henry Lee
"The best we can hope for concerning the people at large is that they be properly armed,"
-Alexander Hamilton
"False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils except destruction. The laws that forbid the carrying of arms are laws of such a nature. They disarm only those who are neither inclined nor determined to commit crime."
-Cesare Beccaria, quoted by Thomas Jefferson
"Both the oligarch and Tyrant mistrust the people, and therefore deprive them of arms."
-Aristotle
Amendment. II. A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.
--The Consitution of the United States of America
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
> [
> when things get bad enough, the people will rise up and overthrow the ruler/government that is oppressing them
"If there is hope, it is in the proles."
- Winston Smith
Didn't exactly work out that way in 1984, did it?
If you believe "popular uprisings" against the government will even happen in a properly-managed police state, (let alone actually succeed in stopping oppression!), you haven't read much Orwell ;-)
On a somewhat-related note, I recently attended the Verisign security conference in San Jose. While I was there I took in some of the keynotes, and one of them was a pair of FBI agents.
They related some of their experiences tracking "network crime" (mostly pimply 13-year-olds) and talked about their opinion of computer security. During one anecdote, they related that they had seized a CD containing data that had been encrypted.
Now they didn't say exactly what this encryption was, so it might be less interesting than it sounds, but the FBI guys said they were relieved that they managed to convince the cracker to give them the key because "we hate having to ask the NSA to crack encryption." The way they said it, you would think cracking encryption was some kind of beaurocratic hassle rather than a major computation and theoretical feat.
Of course, it might have just been XOR or the key might have been a password. Still, interesting story.
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
How legal is this? Is it, for example, legal here in Britain? Can any intelligence agency in the world just switch it on and type in my name and monitor my activities? This seems to enable monitoring from a distance - therefore, though I am in Britain, could the FBI snoop on me and get away with it because they're on US soil?
We Build Beautiful Websites
president@whitehouse.gov
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Because people have rights, and logically following from that is that governments have no rights. If you are going to assume the responsibility of telling people what to do, and punishing people for not doing it, you must be as open and accountable about that process as humanly possible. I am entitled to personal privacy under the European Human Rights Act. My government isn't.
It's our fear of the enemy which forces us into using the same tactics he uses. I've often wondered at how insecure we in the United States must be as a society that we take such draconian measures against our social problems (i.e., very long mandatory sentences for drug use, the difficulty of using the insanity defense for any crime, etc.). Now you might say that you do not feel so insecure, or that, intuitively, you do not feel we are very insecure as a society---maybe not, but consider that the insecurity rises not from our society as a whole, but rather from a very small portion of it which is extremely rightward leaning. The problem is this small minority has gained a disproportionate amount of power because of its extreme wealth and ability to influence the political process.
Vacation at Shell Extension City
DAILY ROTATION
After reading this article about Carnivore (I didn't know much about it previously), it struck me as strange as to why this should be open sourced.
This will probably be moderated down as flamebait, but hear me out.
The issue that's on everyone's minds here is not what so much what Carnivore can do (we all know it's just a sniffer with a nice interface), but how open it is for abuse. I really don't think that by forcing the FBI to allow us to audit the source that we'll find some spectacular hidden feature, again, it's only a sniffer. Carnivore can do the things a sniffer can do (capture any and all network traffic).
The issue isn't so much the potential for "hidden features", but the potential for abuse by those using it. Could the FBI watch the traffic for all users on a subnet even thought they're only supposed to be watching one user? Yes. Could the FBI do extra things and gather extra information that a normal network sniffer could not? Probably not.
In conclusion, Carnivore's potential for hidden features are what makes in dangerous, but it's potential for abuse by the people who use it is.
So, evil_roy, appealing as your comment sounds, "I don't want someone to see what I'm doing...but I want to see their source code", it certainly doesn't hold any weight when it comes to encryption algorithms.
In the case of computer security, there isn't as much agreement among the experts, but there is a strong trend or school of thought, that says for a system to be secure, it must be studied extensively. There are a small group of experts who believe in security through obscurity. In either case, the only hypocracy here is that a pair of dissimilar words tend to be used and if you take them out of context, it sounds funny, but it in fact does make a lot of sense to have open peer review of software and algorithms used in secure systems. The data is "closed", but the code that prevents access to the data should be (according to many experts) "open".
PJRC: Electronic Projects, 8051 Microcontroller Tools
In the case of Carnivore, well, it's part of the "DragonWare Tools". In the English article, the speech to text converter mentioned is made by Dragon Systems.
Ok, there's probably no relation, but being a bit paranoid and enjoying a good (or not so good) conspirancy theory like many slashdot readers, I thought I'd mention it. Maybe Carvivore 3.x will also intercept streaming audio, internet radio, voice over IP, etc... all with textual keyword searches and whatnot. Even if they're not the same Dragon, it's still not a giant stretch to envision capturing multimedia formats (with keyword matches) in real time... but if they are the same Dragon it'd be only a stone's throw away....
PJRC: Electronic Projects, 8051 Microcontroller Tools
IPSEC and SSH are great tools, but they do nothing for home user's security - what's needed are things like a secure IRC client (and server), secure IM clients (and servers), and an easy-to-use PGP-style email encryptor.
The chain is only as strong as its weakest link.
I want to delete my account but Slashdot doesn't allow it.
Anyways, I wouldn't worry too much. Yes, they are bringing us closer to living in the world written about by George Orwell, but there will always be those of us that will be on the edge of the law, and a danger to the system, to keep the governments in check. Ummm...sorry, don't want to sound like I am making a movie trailer. Anyways, the point is that in any society, when things get bad enough, the people will rise up and overthrow the ruler/government that is oppressing them. This is not happening yet, and that's why some of us who see these crimes against us being committed by our leaders get frustrated when the average person on the street is apathetic. So far we still are pretty free and can do what we want for the most part. We do have less freedoms now than people did 50 years ago though, at least in the U.S.
Mas vale cholo, que mal acompañado.
This is a major violation of our privacy
We have privacy?
http://twitter.com/onion2k
The only reasonable thing to do is agree to the search and hope that the officer isn't looking for the adrenaline rush that arresting an innocent suspect brings. Some cops really get off on the idea that they are - for all practical purposes - destroying someone's life; it gives them the illusion that they rather than the government that they represent are the ones who are powerful.
If you are charged with a drug offense the odds are excellent that you will be convicted. In fact it almost doesn't matter what the outcome of the trial is; the legal system will grind you into paste regardless of whether you draw or lose. (The best you can hope for in a criminal case is a zero - zero tie. You are not allowed to score, only the state is. For sure you aren't going to win and send the prosecutor, and arresting officer to jail for lying about you to a jury. It seems pretty obvious to me, but evidently other people appear to miss the fact that if you really are innocent, everything the prosecution uses to try to convict you is a lie; they might believe their own lies, but they are still lies. )
Don't think that law enforcement agencies would do something like that? Of course, you are correct: the police have never planted drugs on a suspect. Not one time, ever.
For example: no police officer would ever claim you were speeding when you weren't - just because he wanted to search your vehicle. Oh wait, I have had that happen to me three times in the last 20 years. And no, I don't look like a drug user - or even meet any sort of profile other than being a single male driving a not very expensive vehicle. I think the officers were just bored. When they couldn't find anything wrong they looked really disappointed. I was always polite and courteous to them when they pulled me over, so they didn't 'find' any drugs in my vehicle. Of course all it would have taken was a little outrage at being stooped for a crime I wasn't committing, and suddenly boom: "Look what I found." See guys, its not paranoia when it has happened to you.
Carnivore enables the modern version of a thought crime: "We thought you might be a criminal, so you are one!"
No one should ever get used to a government repeatedly abusing it's power. The US government may be better about it than most others, but do you remember McCarthyism? Remember J. Edgar Hoover? Remember Clinton being accused of getting his opponent's records from the FBI and IRS? Carnivore may have been created with benevolent intent, but it's potential for abuse is such that it may be the single greatest threat to free speech and personal liberty in a long time.
Get used to it? Not in a million years.
-Rob
"Liberty means responsibility. That is why most men dread it." -George Bernard Shaw
Is it just me, or does that statment just give you instant wood?
Based on current ISP security and the willingness of 31337 h4xx0rz to plunder whatever and whenever they can, I'm willing to bet that at some point in the not-too-distant future we're going to hear of a Carnivore box being 0wn3d. I can just see it now:
Earlier today the FBI put out a warrant for its own arrest for a series of "distributed denial of service" attacks on major e-commerce websites earlier this week. Said one FBI source, "It appears as though we the FBI have been performing these attacks from our controversial Carnivore monitoring stations, set up around the country for legitimate purposes. Go figure, huh?"
Mr. Ska
Rather than try to do everything on your own, why not help support EFF in their efforts? One united strong voice is better than many little ones...
Well, Carnivore is certainly going to have the FBI touting this Oceanic axiom from 1984 (the book, not the year). Now there's just the other two to go:
WAR IS PEACE
They're working on that one. We're almost sure to see some kind of conflict against the Taliban and Hamas.
IGNORANCE IS STRENGTH
I'm not sure how this one will be implemented. Of course, there's the CIA hiding everything from us. Also, there's the MiB factor (... and the only reason why they go on with their pathetic lives is that they do not know about it!).
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
we have all this information piling up about carnivore, all these reports coming in from the media, all this awareness, but yet, who , besides the EFF and EPIC etc are doing anything to challenge it ?. I think we all need a wake up call. This is a major violation of our privacy, and if we let them get away with this, they wont stop after that.
"sex on tv is bad, you might fall off..."
I lost my concept of community when my community lost all concept of me.
Want more data about how Carnivore works? Push for the source code to be opened.
/. or an e-mail adress to overload?
Very well, where? Anybody got an URL to
People replying to my sig annoy me. That's why I change it all the time.
If this is your first indication that someone might be reading your email or watching what you download, then you really need to think about how the 'net is structured.
As a systems administrator, I have total access to all the email that goes in and out of my system. I have access to every machine in the department, both over the network and physically. And I'm just one guy on one end of the chain. On the other end is someone else like me who has access to your systems.
Perhaps your logged into an ISP and those folks don't have direct access to your machine... they still have access to everything that goes in and out of the machine. And so does everyone between my site and yours. MCI/Sprint/whoever, has access to the packets that flow between. Institutional paranoia aside, think of all the individuals who work at those sites... care to trust each and every one of them?
Anyone want to guess what percentage of network traffic is clear text? Even if its encrypted, it's just a matter of CPU and time before anyone who wants to know what your sending can know it (believe strength of encryption being another topic).
So the feds can read your email. So what? So can I or someone like me.
Do not worry about questions like: are my methods of communiation private? They are not.
Instead work to ensure that those who can have access to your "private" conversations (email or otherwise), don't have the right to do anything with it.
The first step: VOTE next month. Pick your candidates at every level of office and then tell them what you want. It's that simple. And it's really all you can do about it.
Oh... and remember, sysadmins are usually bribable with a good import. Beer that is. Cars show up on the IRS radar.