Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dartmouth Student Invents A Carnivore Leash

Posted by timothy on from the now-heel-and-fetch dept.

timdorr writes: "Looks like a student at Dartmouth wants to turn Carnivore into a much more resonable tool according to this Wired article. I'd personally feel a lot less invaded if I knew the system was in place and in this form. Hopefully the government takes notice becuase Carnivore still seems like quite a loophole for our government to exploit."

4 of 188 comments (clear)

  1. Re:Encrypt your mail... by u01000101 · · Score: 4, Informative

    most websites only support 128bit encryption for online transaction, which can be broken in a matter of days

    No, AC, you got it wrong: 128bit *symmetric* encryption is very strong - comparable to 1024-1536 bit public-key (or assymetric) encryption.

    If you're feeling like a good read, try "Handbook of Applied Cryptography" - do a google search, it downloadable for free.

    --
    if you use a good enough junk-filter, slashdot.org will display a single, *blank*, page
  2. Re:Questions for the security experts by vidarh · · Score: 3, Informative
    First of all the processor destroys itself, not the data. If a second copy of the private key exists, then you could still access the data by installing a new processor with the same key. However of course, then a possible attack against the system would be to get hold of the second copy of the key.

    You could keep a set of processors encoded with the same key available as backups in case the processor in use is destroyed, though.

    Also, presumably in real life use noone would have network access to the interface you'd request data from, so unless someone gained physical access to the box at the ISPs offices, they wouldn't be able to trigger any destruction.

  3. Re:Justice Dept partially paid for it. Wow by David+Kennedy · · Score: 3, Informative

    > I take that back.
    > The guy's paper clears says it was funded by DoJ.
    >
    > Wired == suckAssJournalism

    Learn to read carefully; the article clearly states
    "The U.S. Department of Justice and IBM partially funded this research."

    Wired isn't my journalistic choice, but this criticism at least is unfounded.

  4. Re:Get some perspective by Angst+Badger · · Score: 3, Informative
    I'm afraid there's a lot more to monitoring communications than just keyword searches, which are not necessarily even the first thing an email monitoring system would examine.

    When examining a communications network -- which is what we would be doing if we were trying to track illegal activity through email -- the first thing we look at is not the content of the messages, but the pattern of communications between nodes. We would only have to start with keywords if we had no suspects, and that would be the sort of fishing expedition that is prohibited by law. But odds are we do have a suspect, so we look at who he's talking to, who those people are talking to, and so on, until we are eight or nine steps away from the suspect. (Much further than that is not only impractical but generally pointless.)

    Having established a clique, we can examine the volume of mail between nodes, and see who is the best-connected (and therefore likely to be exerting some kind of administrative control). If, in the course of this, we see some people who are suspects in a previously unrelated investigation, we can explore the possibility of hitherto unknown connections.

    Without once having looked at the content of a single message, we have developed a pretty clear picture of the relationships between our suspect, people not yet suspected of anything, and if we are lucky, other suspects.

    Then we can start using keyword searches on a reasonable volume of mail to serve as a starting point for manual examination of message contents.

    In any event, the word 'terrorist' is not going to be a problem for law enforcement, because terrorists don't call themselves terrorists -- that's a label that our propagandists apply to them. Judging from what has been released to the public, they refer to themselves as 'freedom fighters', 'fighter brethren', 'mujahideen', and several other labels -- which points out another thing we can exploit: people who belong to cliques, especially tight-knit underground ideological factions, develop their own characteristic jargon. Simple word-frequency analysis as well as more complicated techniques such as n-gram analysis and Markov chains, can be used to pick these out of the crowd once you have a 'model text' to study. (These techniques can be applied with significant but lesser accuracy to less-cohesive cliques, such as professions, religious affiliations, and ordinary political factions.)

    In short, it is wise to bear in mind that however misguided federal law enforcement agencies may be, they are not stupid or naive, and neither are the computer scientists who work for them. Even if they were, the kind of programming involved is not especially challenging -- ninety percent of what you'd need to know can be found in Knuth.

    --
    Proud member of the Weirdo-American community.