Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carnivore Report Released

Posted by timothy on from the the-thing-itself-as-pdf dept.

Gwaitsai writes: "I cannot believe that I've seen nothing about carnivore here after the report was released yesterday (21st Nov). Could it be that everyone is too busy thinking about turkey! Excite has an article here and you can find the report itself here."

5 of 83 comments (clear)

  1. Read the report. by booch · · Score: 3

    If you had read the report yourself, you would have found the answers to your questions. To read a dynamic IP address, you type in the MAC address of the system in question and Carnivore will listen for DHCP. It can also listen for RADIUS-assigned IP addresses by watching for the login name.

    Just about all concerns with the system were addressed in the paper. The paper does make some recommendations to the FBI, like requiring access to the box to be auditable. There seem to be many checks and balances between the FBI and the court in regards to making sure that only the data listed in the court order is recorded. And the paper makes some recommendations to further check that.

    All in all, I'm impressed with the paper. It is much more thorough and professional than I had expected. And while I was very skeptical before, I'm fairly well convinced that there is nothing sinister going on with the FBI in regards to Carnivore.

    --
    Software sucks. Open Source sucks less.
  2. Carnivore works to spec. I still don't sleep well. by Tackhead · · Score: 5
    Great. Carnivore works to spec.

    Now tell us something we didn't know.

    Like how to prevent the Feds from using it - to spec - but illegally.

    Constructive suggestion: The device is placed under lock and key. Two keys are required to open the case in which the device resides. One of those keys is under the control of the ISP. You can think of a "key" as either half of cryptographic key (for remote access to Carnivore) or a physical key. Better yet, both.)

    I don't mind an ISP rolling over for FBI in the face of a court order. It's not a court request, it's a court order after all! But I fear any system that denies my ISP the chance to stand up to a Fed trying to use Carnivore without that court order.

    As of now, the only thing standing between my privacy and an FBI gone berzerk is... well, the FBI.

    If it ain't there, it can't be abused.

    If Carnivore is there, and effective access controls (I can't believe I'm using the term "effective access control" with a straight face!), all we have to do is wait for them to realize that IDE drives in removable cartridges are, gig-for-gig, the cheapest storage solution around. In the name of "cost savings", the Jaz will be phased out for a hard-drive-based solution. All of a sudden, the media-size limitation on capture imposed by the use of the Jaz drive is effectively eliminated.

    (Note to self: Buy stocks in hard drive manufacturers if the Feds decide to push for laws to legalize the move to 24/7 surveillance and capture. And switch to end-to-end encryption if any single hard drive manufacturer shows a doubling in revenue in a single quarter on the grounds that they've decided to do it whether it's been legalized or not.)

    My paranoid fantasy for the day:

    FBI's position:

    • It's OK to record SMTP headers (but not the DATA portion containing the contents of an email) without a court order because "they're just like the envelope of a letter".
    The obvious extension:
    • "GET foo.html" is to HTTP as "To: foo@bar.com" is to SMTP.
    • It's therefore OK to record the GET portion of any HTTP transactions without a court order as long as you don't dump the contents of the web page being viewed.
    Watch where you click. If you don't, they will.
  3. Just a quick question by FFFish · · Score: 3

    Why would anyone be thinking about Turkey?

    The only recent news about them involves a US military spokesman there that denies Iraq's claims of having shot down a US fighter jet [see here]; and a few weeks ago there were news stories about the Turkish government repressing (foreign) free enterprise business [see here]; and a heck of a long time ago (well, a few months, anyway) a bunch of boorish Brits got their asses kicked for desecrating the Turkish flag during a soccer match [see here].

    Anyway, point is, nothing much seems to be happening in Turkey, so why are we assumed to be thinking about it?

    Until some sort of really great geek hardware comes bursting out of its borders, or until they start some war with a neighbour, I just don't see why I'd ever think about Turkey.

    Jus' curious about the original author's thinking...

    --

    --

    --
    Don't like it? Respond with words, not karma.
  4. Scary and realistic slippery slope scenario... by VValdo · · Score: 3

    Let's say there's another outbreak of the ILOVEYOU virus, right? So a potentially "dangerous" type of e-mail is being forwarded via e-mail. Can the FBI step in and do what many ISPs were doing, ie, blocking that attachment? Seems like the FBI's job, right?

    Well at first blush, it seems like this is a valuable service the FBI might do-- to protect our digital infrastructure. But...what about other types of attachments or e-mail content could be considered "dangerous" that the FBI could use the same rationale for blocking?

    Where's the line?

    Allowing carnivore to exist starts us down the path where they can start doing way more than just monitoring e-mails...
    -------------------

    --
    -------------------
    This is my SIG. There are many like it, but this one is mine.
  5. or... by delmoi · · Score: 3

    you could try this

    Seriously, all you really need is to be able to open a secure connection (SSH, https, is there a secure SMTP?) to some server, and use that to send SMTP signals (or whatever). Why go for simple hacks, when you can have pure, perfict, unbreakable security?

    --

    ReadThe ReflectionEngine, a cyberpunk style n