Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carnivore Report Released

Posted by timothy on from the the-thing-itself-as-pdf dept.

Gwaitsai writes: "I cannot believe that I've seen nothing about carnivore here after the report was released yesterday (21st Nov). Could it be that everyone is too busy thinking about turkey! Excite has an article here and you can find the report itself here."

1 of 83 comments (clear)

  1. Carnivore works to spec. I still don't sleep well. by Tackhead · · Score: 5
    Great. Carnivore works to spec.

    Now tell us something we didn't know.

    Like how to prevent the Feds from using it - to spec - but illegally.

    Constructive suggestion: The device is placed under lock and key. Two keys are required to open the case in which the device resides. One of those keys is under the control of the ISP. You can think of a "key" as either half of cryptographic key (for remote access to Carnivore) or a physical key. Better yet, both.)

    I don't mind an ISP rolling over for FBI in the face of a court order. It's not a court request, it's a court order after all! But I fear any system that denies my ISP the chance to stand up to a Fed trying to use Carnivore without that court order.

    As of now, the only thing standing between my privacy and an FBI gone berzerk is... well, the FBI.

    If it ain't there, it can't be abused.

    If Carnivore is there, and effective access controls (I can't believe I'm using the term "effective access control" with a straight face!), all we have to do is wait for them to realize that IDE drives in removable cartridges are, gig-for-gig, the cheapest storage solution around. In the name of "cost savings", the Jaz will be phased out for a hard-drive-based solution. All of a sudden, the media-size limitation on capture imposed by the use of the Jaz drive is effectively eliminated.

    (Note to self: Buy stocks in hard drive manufacturers if the Feds decide to push for laws to legalize the move to 24/7 surveillance and capture. And switch to end-to-end encryption if any single hard drive manufacturer shows a doubling in revenue in a single quarter on the grounds that they've decided to do it whether it's been legalized or not.)

    My paranoid fantasy for the day:

    FBI's position:

    • It's OK to record SMTP headers (but not the DATA portion containing the contents of an email) without a court order because "they're just like the envelope of a letter".
    The obvious extension:
    • "GET foo.html" is to HTTP as "To: foo@bar.com" is to SMTP.
    • It's therefore OK to record the GET portion of any HTTP transactions without a court order as long as you don't dump the contents of the web page being viewed.
    Watch where you click. If you don't, they will.