Slashdot Mirror
Carnivore Demo Report
michael : People are really interested in the "inner workings" of Carnivore, as shown by the many submissions. I never thought it was anything special - from the start, when I first knew that the FBI had an Internet interception box, I just assumed that it would neatly sort and deliver all Internet traffic of a particular target. I can spec out how I would design such a box; and the FBI isn't stupid; so I assume they would do it in a similar fashion. I think there's still a lot of disbelief out there, though - "You mean the FBI can really track both Web access AND email? And IRC? And Usenet? ...." People just don't believe it, because they're used to thinking of Internet traffic in different terms than phone or whatever.
The only important design aspects of the carnivore box are things like "Can the FBI set it to snoop on traffic it isn't supposed to? Can I dial into the box and snoop on my neighbors?" and other questions like that, which we'll *never* find out from any powerpoint presentation.
So get used to it, people. Assume that Carnivore neatly captures, sorts, and delivers all traffic that passes through it, and that the FBI can just type in your name and plug it in. Assume that there's a user-friendly, point-and-click interface. Assume that it will pretty-print reports, ready for filing with the court if/when you are prosecuted. Assume that there's essentially no oversight of the FBI's use of this device - after all, judges exercise almost no oversight over wiretaps, there's no reason to believe that Internet-tapping will be overseen any more diligently. The FBI and police approach wiretapping requests in the same way that conniving children approach their parents - it only takes one judge to approve a request, and the FBI can approach as many different ones as needed until they find the one that just doesn't care and rubber-stamps everything.
Get used to it. Want more data about how Carnivore works? Push for the source code to be opened. Nothing else will provide any more information about the system. You can't tell how secure it is (against the FBI, or against anyone else) from a presentation.
As for me, I'm steadily moving toward encrypting as much of my traffic as possible. I set up ssh for my home network recently. I'm setting up SSL. I'm reading up on IPSEC. I guess I just don't have a very trusting nature. The way I figure it, the time to set up countermeasures is before you expect to need them.
The thing that worries me is that now so much evidence used in court is made up of electronic records, which can be forged. In the bad old days you had tape recordings of conversations, which (unless you hired Rich Little) couldn't easily be faked. But with evidence like carnivore data being used in court, what is there to stop *anyone* from putting in a couple of access to www.kiddieporn.com or email to obinladin@bombmasters.com?
Same for hard drives. I know someone who had to send dumps of his hard drives in for some stupid lawsuit. What can stop someone from patching up those dumps to look as if there is a deleted version of a "smoking gun" letter that shows guilt?
I guess on the flip side you can always say "they faked this" as a defense. Does this provide reasonable doubt?
I guess it is time to start signing e-mail.
-- ac (sorry)
After all these years of doing everything in their power to stop encryption via export regs and Clipper & friends, the US government is *finally* doing something to encourage the use of encryption. Good on them!
-- Don't Tase me, bro!
Two points that the FBI guy made over and over at NANOG were that
1) Carnivore is just one tool in a suite of information-gathering utilities. Other software (demonstrated at NANOG) sorts the information gathere from carnivore, and could easily take input from other data gathering systems. All the fuss over carnivore could be (and this is just conjecture) a convenient distraction from really nefarious FBI tools.
2) Carnivore needs to be deployed with the cooperation of the ISP. In addition to simply needing access to the ISP facilities, the FBI engineers need to know where on the ISP's network to locate the box so it can be effective. The FBI agent claimed his folks didn't 'strongarm' ISPs into putting these boxes on their network, although someone from the NANOG audience vigorously claimed that that exact thing (pushy FBI agents force their way onto his network) does happen.
Either way, carnivore itself is just a packetsniffer with an interface even an agent can love. I'm more interested in what other sources of input the FBI has or is developing.
Use metaphors.
Pick up a decent, non-idiosyncratic translation of some of the writings of the first century A.D. in southern Europe. They're full of references to (for example) the fall of Babylon, but what they're actually talking about is the fall of the Roman Empire.
(Recall that Rome was good at oppressing people, and that the nation of Babylon had died a long time earlier.)
Religious and political tracts have done this for a long time. We do it today: every /. reader knows which corporation I mean when I say Evil Empire, although in the mid-80's it was a different corporation, one with a three-letter acronym.
Encrypt the text, but also encrypt the meaning.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
How legal is this? Is it, for example, legal here in Britain? Can any intelligence agency in the world just switch it on and type in my name and monitor my activities? This seems to enable monitoring from a distance - therefore, though I am in Britain, could the FBI snoop on me and get away with it because they're on US soil?
We Build Beautiful Websites