Slashdot Mirror
Dartmouth Student Invents A Carnivore Leash
timdorr writes: "Looks like a student at Dartmouth wants to turn Carnivore into a much more resonable tool according to this Wired article. I'd personally feel a lot less invaded if I knew the system was in place and in this form. Hopefully the government takes notice becuase Carnivore still seems like quite a loophole for our government to exploit."
fp for the AC's !!!
Finally First Post, Carnivore sux
ass. karma is my friend?
1. Lay down tha boogie 2. Play that funky music 'til I die
it's me.. remember me?
:-D
5:25 AM.. repruzentin NYC.. fo life
Get that rats nest off your head, you numbskull -- Wesley Willis
No offense to the ASPCA, but how about a quick and dirty neutering?
How soon before this student will be detained for 'Un-American' behavior?
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
Dinosaur!
I R00z j00!!!!!
Don't just leash your Carnivore, spay or neuter it unless you want to be responsible for little baby Carnivores.
Kierthos
Mr. Hu is not a ninja.
Our government does not use Carnivore or whatever.
I g0nna h4x0r j00
This would certainly limit the FBI from snooping a post containing the words bomb, blow up, embassy, congress, and president. This guys idea would essentially ruin the Carnivore project. As much as I would like for my freedom to be protected, I do not like the idea of someone sniffing my underwear(computer) for shit stains(anything they deem illegal).
>>> The U.S. Department of Justice and IBM partially funded this research. I am surprised that the justice dept would pay for this. If they actually use it, my impression of them will actually improve for once.
France
Monkey Testicles
Preparation:
While in France, fry up some monkey testicles. Mmm! Them's good eatin'!
Shouldn't it be OpenBSD? ;)
This is an excellent approach! I am really thrilled to see someone coming up with a solution that allows the government all legitimate use while providing the tools to prevent overstepping. And partially funded by the justice department too!
The big problem with this is that even if it's implemented, since under the Patriot Act judges need not sign off on subpoenas, the FBI et al would still be able to get all they keys they want and still access all the data.
For this device to be useful, unfortunately, the law must be changed to require judicial oversight... and the judges must be trustworthy!
Anyone who thinks Carnivore is a ferocious animal right now, please step into the hallway for your I.Q. test.
Everyone else knows that after 9/11 so many people made calls, emails, HAM traffic to the tune of 'terrorist' this, 'Cell' that, that Carnivore must have sustained a complete mental(server) breakdown. Put your thoughts to things of more importance (Israel/Palistineans, Coke vs Pepsi). The chance that something the FBI/CIA built outside of a national coding symposium would be so utterly, absolutely crashed from the traffic of keywords that it doesn't bear looking at. I'm not trying to point you in the direction of unilateral oversight and say it's OK, I'm just saying that 'right now' there are more important things to look at than a system more crashed and confused, that it probably thinks its an Atari 2600 with a buggy version of Combat loaded up
Great, just what we need- something comes along to make the public think it's perfectly okay for the government to monitor email. I don't care how secure it is, I would still rather have no government monitoring at all than even a system that would guaranteed not to be prone to abuse.
I'd personally feel a lot less invaded if I knew the system was in place and in this form.
I'll personally continue to encrypt my emails - as many as possible of course.
Routine use of encryption (like for the one-liners) defeats to some extent traffic analysys.
The recent improvements in factoring (look here and here) don't affect 1536- or 2048-bit keys (or larger). For the time being, public-key encryption is the best means of protecting your e-mail privacy. Don't rely on some guys' kindness - with a little effort you can be sure your nosy admin/ parent/ spouse/ street cop won't "accidentally" read your stuff.
http://www.gnupg.org
if you use a good enough junk-filter, slashdot.org will display a single, *blank*, page
... convert Carnivore into Herbivore (e.g. something that's not going on a legal 'fishing expidition')
Otherwise, only criminals are entitled to [or get any] privacy...
True, they would be able to get all the keys they want - but they would still be limited in the data each key can retrieve. It's highly unlikely that the system would allow the FBI to request key allowing them to access ALL emails, or enough restricted-data keys, without there being some oversight by a third body (the judge)
This is an important developement because it looks like striking the right balance between the individuals' right to privacy and the requirements of the government in their quest to protect us. Whether the system will be used to protect us or not is not something programming can change, sadly, that's a matter for the judges et al signing off on the subpoenas/search warrants/what not
Antiquis temporibus, nati tibi similes in rupibus ventosissimis exponebantur ad necem.
The Wired article didn't go into too much detail, but I can see a couple of potential problems here..
- how exactly does the FBI (or whatever) specify *what* they're looking for? Searching for "all traffic containing the keywords TERROR, BOMB, COCAINE and OSAMA" sounds like Carnivore as is, and would be pretty easy to defeat anyway. Anyone remember "The Longest Day", in which the Allies sent messages re: the date of the D-Day invasion over clear channel radio, using a code based on a Rimbaud (I think) poem?
- the data vault might hold the FBI/NSA/whoever to their warrant, it does nothing about intentionally vague/overreaching warrants or the laws that enable them.
- re: using this system to keep medical/financial/etc. info private: Hardly a catch all solution, the data vault can't stop companies from spreading/selling your info after you've given it to them in confidence.
- If these do become commonplace, how long before a bungled police investigation results in evidence being lost because of one of these things self destructing? And once that happens, how long until they become outlawed?
Click here if you just like to click on shit.
Hopefully the government takes notice becuase Carnivore still seems like quite a loophole for our government to exploit.
Apparently Micro$haft Windoze does not have a spellchecker. And yes, I know you are a Windoze user becasue you are concerned about Carnivore.
You see, I had sex with a floor mop and I shit out the child.
My problem is my shit-haired child looks more like my uncle than my mop.
Pleasehelpme
if it becomes a legal requirement for sysadmins to log certain traffic then it sounds like this is a better soloution than somthing written by the goverment. Still i live in the uk so it effects me slightly less.
Burt "Out of my mind back in 5 minutes"
For this device to be useful, unfortunately, the law must be changed to require judicial oversight... and the judges must be trustworthy!
:) ]
[ I said this before, but I like to repeat myself
Current public-key encryption (gnupg, pgp) is strong enough to keep you safe from "casual" prying eyes - like your spouse, children, parents, syadmin, boss, street cops, even the fbi. Maybe they *can* crack it (i mean the feds), but they won't go to that without strong reasons and probably more thinking.
What really pisses me off if this "casual" attitude to authorities snooping my personal communication; I'm sure that if the cia, nsa, kgb, mafia, big corporations or who knows else - want to read my email, they will. But I'm also sure that by using gpg, none of the small big-brothers will get their kicks.
if you use a good enough junk-filter, slashdot.org will display a single, *blank*, page
You know, I always kinda knew that must be the truth. After all, I have this irrational fear of dinosaurs that could only be explained by some ancestral memory. Maybe.
I found Jurrasic Park very scary. Hold me?
Looking at the turn of events latley I'm glad to see that someone is taking such an active role in keeping the Govt agencies in check.
If they have the right to enact the holy "DMCA" then what do we have to ensure they are not using computers to break the law for their own benifit?
We can't even have code distributed that might possibly break someones rights, but they can copy every data transmittion across a network that they don't own? I don't think so. There needs to be some sort of fair play here, or else we're not much better than a dictatorship in which they get to tell us what we can't do and we get to shut up and take it or be arrested under laws we didn't vote on (read DMCA).
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.
i have one word to say to you.
that word is: TIMAAAAAAAAAA
dumbass.
I R00z j00!!!!!
LUNIX IS FOR LUSERS!!!!
I R00z j00!!!!!
YAWN..
http://www.scrappi.com/deceit/nrlydeep/mndvswir.ht ml
Conspiracy-oriented Mondoids saw a conscious plot by the New World order, in its various manifestations, to capture the New Edge. Timothy Leary told stunned Wired staffers that Wired was a CIA plot to derail Mondo 2000. There was, in fact, a soft conspiracy. Initial funding for Wired came from the cyber-hipeouise, people who had been given the opportunity to invest in Mondo 2000 but couldn't relate to its sense of the ludicrous. Electronic Frontier Foundation cofounder Mitch Kapor, after his interview appeared in M2k, shook his confused head and told me, "All my friends *love* Mondo 2000. I don't understand why."
Since the entire Carnivore system - new or old can be thwarted just by encrypting your emails or using secure tunnelling it seems pointless to even waste money developing it. Ok, so most people don't bother and don't even need to, but one day a popular OS or internet package will come with features to do this automatically with out the user having to worry about it (maybe its here already but i haven't seen it.. Peek-a-booty? maybe?). Then, all emails/etc. will be encrypted and the governments won't be able to do anything about it. Then most people will start installing similar things on their phones, and buying hard-drives that are rigged to self destruct etc.. and no warrant or wire-tap will be able to get anything.
All this technology is available now, but no-one can be bothered to use it (except the criminals). All it would take is one popular browser/email/OS developer to implement encryption like they implement spy-ware and half the internet would become unavailable to the governments over-night.
This comment does not represent the views or opinions of the user.
I guess, for me anyway, the irony here is that a single student did this. Not the FBI or any other agency/department of the government, but a private citizen had to come up with a way to harness and focus the power of Carnivore. I know the FBI probably could have done so themselves, or any other company/corporation, but they didn't. Never underestimate the power of the individual.
...we are from the government - we are here to help...
The problem is the people have huge misconceptions about Carnivore. Being concerned about personal privacy, I chose to research Carnivore for an Ethics class at school. I found that Carnivore is pretty much just misunderstood; it is really incapable of doing any large-scale surveillance. There's an independant review that was conducted by IITRI last year that points out that Carnivore is the safest of any online monitoring tool and that it is incapable of wantonly collecting data. Incidentally, the report suggests that Carnivore be open-sourced. Fat chance.
The real issue is whether or not it's right to perform surviellance. I think that it can be necessary at times (with the required warrants) but I also think that it needs to be taken more seriously and greater restrictions need to be in place to ensure that it is only used in extreme situations. If you think that Carnivore could invade your privacy, read up on how many wiretaps are used every year. Carnivore is used much less and is safer to boot. The real problem here is whether the government should be allowed to monitor communications at all, not that Carnivore gives the government some awesome new powers of data capture.
njord
By the way, I really have no association with the government. I'm just a left-winger college student that did a little research and was surprised by what I found.
An FBI agent who wanted to access the information would obtain a search order that was digitally signed by a judge, yeah right. And that signature would not be worth the paper it was not written upon. Like no one would forge a digital signature.
Lamoid stuff here. The bogosiyt meter just pegged!
Even if the FBI physically seized the vault, legally or otherwise, it's supposed to be just about impossible for the cops to crack. Iliev's program runs on an IBM 4758 cryptographic coprocessor, designed to destroy itself if it detects an intrusion attempt. (emphasis added)
I'm curious about this passage from the article. Would the ISP have a backup copy or does it completely eradicate the information? Would it destroy all the Carnivore data at an ISP or just the files that a "hacker" was trying to access?
And finally, if the FBI got a warrant(?) to request the e-mails from a certain person, couldn't that person engineer a "hack" attempt on his own files, thus triggering their destruction before the FBI could access them?
Simply take them to their logical end.
The fact that Carnivore exists, in any form, indicates that the government wants access to all your communications, to know exactly what it is you're saying and hearing.
This modified Carnivore is an attempt to claw a way back up the slippery slope when you've already hit bottom.
You're only real options are either not to say or do or listen to anything the government might find objectionable, or encrypt all your communications.
668: Neighbour of the Beast
The article mentions the use of an cryptographic coprocessor that will self destruct if it notices any breach of security, rendering the stored data useless. It also states that this "vault" could be used to store medical information etc..
I for one would like to know for sure that my medical information could be retrieved even after the destruction of the coprocessor.. would be nice when i'm caught in accident and i'm not able to sum up my medical history myself...
Off course it's possible to use a less secure version of this "vault" for this kind of applications
This is one nice solution though to harden the carnivore system against unwanted, illegal, snooping around for nice bits of information that could be used by a cop or fbi agent on the take...
[your blabla]
"There are only two things that have come out of Berkeley; LSD and Unix. And that's NOT a coincidence!"
[/your blabla]
[myblabla]
LSD was discovered in Basel/Switzerland.
What about Steve Vai?
Which Unix do you refer to?
[/myblabla]
I ack your points on the subject though.
Someone says "You didn't get my email? Carnivore ate my homework prefessor. That is the only explanation."
Taken from the PDF of his proposal "Prototyping an Armored Data Vault Rights Management on Big Brother's Computer" Alex Iliev and Sean Smith Department of Computer Science/Institute for Security Technology Studies Dartmouth College PDF can be found at http://www.cs.dartmouth.edu/~pkilab/papers/bb.pdf "This paper reports our experimental work in using commercial secure coprocessors to control access to private data. In our initial project, we look at archived network traffc. We seek to protect the privacy rights of a large population of data producers by restricting computation on a central authority's machine. The coprocessor approach provides more exibility and assurance in specifying and enforcing access policy than purely cryptographic schemes. This work extends to other application domains, such as distributing and sharing academic research data.This paper reports our experimental work in using commercial secure coprocessors to control access to private data. In our initial project, we look at archived network traffc. We seek to protect the privacy rights of a large population of data producers by restricting computation on a central authority's machine. The coprocessor approach provides more exibility and assurance in specifying and enforcing access policy than purely cryptographic schemes. This work extends to other application domains, such as distributing and sharing academic research data."
This guy was in my database class in the summer of 2000. He thought he was so l33t, he decided to do his final project in java when everybody else was doing theirs in C++ (I did mine in php). The problem was, his JDK was like 1.5 gigs, and the system we had to use only had a 2 gig hard drive (it was a mac running linuxPPC and postgresql!!). Between that and people's runaway processes, nobody could get any work done and we all got extensions. Anyhow, I never thought he was terribly smart after that.
but i thought bsd was dead?
So what is this story all about? Media whoring and fundraising?
Problem: we have invetented this cool technology, which noone is going to understand because it's a little complex and "people" (replace with "reporters" or "managers" as you see fit) are stupid. So how are we going to get some attention (and as a result, more funding)?
Solution: we apply our gadget to some area where it doesn't really fit in (just sort of will do), but which will result in loads of attention because we'll get connected with the latest buzzwords and issues.
Problem solved.
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.
LSD was discovered in the 1930's in Switzerland. Unless the Berkeley you are referring to is NOT the University of California.
For further reference:
The History of LSD Therapy"
Need to get away?
Adirondack Vacations
I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.
Carnivor cannot catch real terrorists. There is no way that is possible - the various encryption techniques can encrypt unbreakably and disguise the fact that any encryption is going on. Programs to do this are free (both meanings). Any real terrorist or anyone with any real degree of malice or danger would encrpt their communciations in such a way that breaking them takes more time than the FBI can afford to spend... say, 10,000,000 years.
And the FBI isn't stupid - they must surely realise this.
So, two and only two possibilities remain:
1] The FBI can factor large numbers unbelievably fast and keeps the secret of doing this to itself.
2] They use other projects to get information about terrorists, and Carnivor to get a different sort of information. (but what?)
I know... Let's turn the net into the wild west, where the person with the fastest ping flooder wins. "Ugh! Ya got me sheriff!" While I would like to be so naive as to think that the net could survive without regulation, the sad facts are that the very thing that makes it so useful to us is the same thing that makes it useful to foriegn (and domestic) entities looking to do us harm. Yes, I know they can find other ways to do it, but not quite as quick and efficiently as on the net. Our entire society is rapidly going digital and that real estate is going to need some kind of defense and monitoring, just like the boarders of our nation.
The big debatable question is how you do it. I think it was an interview with Neal Stephonson posted to Slash that correctly noted that it's not nessisarily the monitoring of our lives, but whether that monitoring has a watchdog in place to keep the power from being abused. Personally, I think Alex has the right idea. You need a search warrent to enter an search a house and likewise you'd need something similar to access somebodies digital "life", both requiring just cause. I'm not saying that they're not prone to abuse, but it'd sure go a long ways in the right direction.
Unfortunately, the problem I see with Alex's system is not it's security, but in what Carny was originally designed to do. It is an evidence collector, designed to proactively track names and keywords, not wait for the e-police to have just cause to raid a database. Putting a search warrent lock on Carny defeats the entire purpose of having a system that illuminates potential problems before they happen. I think there acually needs to be a group that monitors everything the CIA/FBI/FIAA pulls from Carny and asks if it's A) relevant to the defense of our nation and B) Even ethical. That's the counter balance systems like Carnivore need, not simply a padlock.
You need a FREE iPod Nano
Carnivore is just the domestic version of the Echelon system for use on americans by americans.
Echelon is used for those situations where your government wants to read information on foreign companies, organisations & individuals.
I wonder how many tourists, immigrants and US citizens that work for foreign owned companies or belong to international organisations there are.
It could easily be over 12 million people in the USA at any time are being watched by Big Brother.
Carnivore is just the tip of the iceberg on this issue.
- Kaos games and encryption systems developer
I just finished reading Crypto, and this sounds an awful lot like the escrow system the government was proposing and security advocates fought so hard against in the early 90's. Has anything changed to make this system more palatable?
I think people need a history lesson on all the arguments surrounding the Clipper chip. Remember, the problem isn't always government (although that's definitely part of it), but the inability of government to effectively protect the information from third parties that will abuse it. Key escrow is something that can and will be compromised. And because it is a technology that can and will infiltrated everything, it will allow complete access to your privacy by anyone who wants it. Again, it's the Clipper chip all over again!
Need I revisit the the classic boofernery of the Social Security Number? Outlawed by the government for use outside of its specific creation, it is now used by everyone. And it is extremely easy to obtain, let alone steal! Now the government wants to introduce a national ID, something that is "more controlled" than the SSN. But it too will be easy to obtain and steal in no time as well. Only now, with a national ID, more people will put more of that so-called "faith" it in, so good Americans will have a tougher time proving someone has stolen their identity when it does happen (and it will). And if Microsoft gets Passport behind an "eID," God help us!
Combine this with the CBDTPA/SSSCA, and there's plenty to worry about. The CBDTPA/SSSCA is exactly a pro-Clipper chip mentality! Only it isn't the FBI asking for it, but "Big Media." Heck, I'm surprised no one in "Big Media" is selling the CBDTPA/SSSCA to the government as an "unified solution" for "guaranting copyrights, privacy and law-enforcement" all in one shabang!
Now this researcher has got "all the answers." His solution? Implement an encrypted recording and storage system with key escrow for access. How original! How many times are we going to go in the same damn circle on this???
-- Bryan "TheBS" Smith
Independent Author, Consultant and Trainer
Somehow, I doubt it can monitor all that traffic myself, especially when it's labelled
"PlansForTheAttack.MP3". But your right. It does something.
Heh, of course, maybe they realized it too late and figure since they can't get anything useful out of it, they'll use it as a trogan to draw attention from the real projects. Heck, they could just be using it to run some liquid multi- player Quake servers for all I know =p
You need a FREE iPod Nano
"What? need Joe's complete digital history? Let me hack into Carny and get it for you..."
You need a FREE iPod Nano
But then, the govenment doesn't monitor every piece of mail, every conversation or every package you send IRL, now does it? While I do think the net needs regulation of some sort, vacuuming up every piece of information out there is the easy way out.
You need a FREE iPod Nano
"The source code for the vault, which runs under the Linux operating system, is available on Dartmouth's website."
So this system will itself be illegal when Senator Hollings and his ilk finally get non-security-compliant systems banned.
Chuck Norris: Socialism == a thousand years of darkness.
- The judiciary being incorruptible;
- All ISPs being incorruptible;
- The laws being such that the judiciary doesn't OK any and every excuse to look at data;
- The idea that some kid supplying a nice geek-friendly method automatically makes it OK for a government to enforce mandatory logging.
Once again, an attempt to apply a technological solution to a social problem. This is to privacy as CSS encryption is to piracy.JNA is going to the outhouse
"Hey Judge Judy, I'm calling in a favor. I need a key to search the entire life history of my ex-Girlfriend..."
Or
"Here's a $50,000... Look the other way while I search for ______"
The government can't look through your mail, packages or monitor your every conversation in real life, why should they over the net?
You need a FREE iPod Nano
The FBI needs a court order or the permission of one of the two parties involved to get a wiretap. It's not trivial.
Carnivore, on the other hand, listens without permission from the judicial system, without any oversight. There is no balance to this power.
Sure, Carnivore is equivalent to a phone tap for email---a phone tap that the feds can apply to anyone, for any reason, on the merest whim.
I think the tin-foil hats are justified here.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
The software installed by default with these devices is not secure. http://www.cl.cam.ac.uk/~rnc1/descrack/
Live with it.
You need a FREE iPod Nano
That was bad... I guess Herbivore would collect only publicly availible information?
You need a FREE iPod Nano
The Internet has become a personal communications medium, with people blissfully chatting away on email, instant messagers, message boards, et cetera. The question is simple: If it was your phone, would you let a machine be installed to listen to all of your conversations without judicial oversight?
No? Well, how about we read all of your mail as a matter of routine.
No again? Why not have someone follow me around and tape all of my meatspace conversations?
Still no? So why are you giving in so easily when it's just the Internet?
Anybody who thinks that this capability won't be abused just has their head in the sand. It's only a matter of time.
LV
Woot w00t w007.
Hello EFF, gonna set such a service up or just gonna whine about the record industry all the time? ACLU, what about you?
(I know they could still track some traffic to/from the network, but surely not all of it, and much less efficiently than being able to actually browse through a stored history of mails.)
Courtesy of About 420
;-), Homer mentions to
;-), Homer mentions to
Connotative Use/Meaning
420 is a phreak's (and not just a hippie's) favorite number for a
variety of reasons, or maybe for no reason at all, but colloquially
the number says pot -- "let's smoke pot", or "someone's smoking
pot", or "gee, i really like pot", or "time to smoke pot", either by
time (4:20 a.m. or p.m.), date (April 20th), or otherwise (e.g. State
Route 420). April 20th at 4:20 is marked by annual events in
Mount Tamalpais, CA (an informal gathering); Marin Conty, CA
(the 420 Hemp Fest); Ann Arbor, MI (the Hash Bash); and
Washington, D.C. (buildup towards the July 4th Smoke-In).
Original Source(s)
Conventional wisdom: The most common tale is that 420 is the
police radio code or criminal code (and therefore the police "call")
in certain part(s) of California (e.g. in Los Angeles or San
Francisco) for having spotted someone consuming cannabis
publicly, i.e. "pot smoking in progress"; that local cannabis users
picked up on the code and began celebrating the number temporally
(esp. 4:20 a.m., 4:20 p.m., and April 20); that the number became
nationally popularized in the late 1980s and, more ferverently, in
the early- to mid-1990s; and is colloquially applied to a variety of
relaxed and/or inspired contexts, including not only pot
consumption but also a "good time" more generally (in contrast to
the drug war surrounding).
Conventions are legends: 420 is not police radio code for
anything, anywhere. Checks of criminal codes (including those of
the City of San Francisco, the City of Los Angeles, Los Angeles
County, the State of California, and the federal penal code) suggest
that the origin is neither Californian nor federal (the two best
guesses). For instance, California Penal Code 420 defines as a
misdemeanor the hindrance of use ("obstructing entry") of public
lands, and California Family Code 420 defines what constitutes a
wedding ceremony (Marco). One state does come close: "The
Illinois Department of Revenue classifies the Alcoholic Liquor Act
under Part 420, and the Cannabis and Controlled Substances Tax
Act are next, under Part 428." (RB 5/19/99)
True story?: "According to Steven Hager, editor of High Times,
the term 420 originated at San Rafael High School, in 1971,
among a group of about a dozen pot-smoking wiseacres who
called themselves the Waldos. The term 420 was shorthand for the
time of day the group would meet, at the campus statue of Louis
Pasteur, to smoke pot. ``Waldo Steve,'' a member of the group who
now owns a business in San Francisco, says the Waldos would
salute each other in the school hallway and say ``420 Louis!'' The
term was one of many invented by the group, but it was the one
that caught on. ``It was just a joke, but it came to mean all kinds of
things, like `Do you have any?' or `Do I look stoned?' '' he said.
``Parents and teachers wouldn't know what we were talking about.''
The term took root, and flourished, and spread beyond San Rafael
with the assistance of the Grateful Dead and their dedicated cohort
of pot-smoking fans. The Waldos decided to assert their claim to
the history of the term after decades of watching it spread, mutate
and be appropriated by commercial interests. The Waldos contacted
Hager, and presented him with evidence of 420's history, primarily
a collection of postmarked letters from the early '70s with lots of
mention of 420. They also started a Web site, waldo420.com. ``We
have proof, we were the first,'' Waldo Steve said. ``I mean, it's not
like we wrote a book or invented anything. We just came up with a
phrase. But it's kind of an honor that this emanated from San
Rafael.''" Maria Alicia Gaura for the San Francisco Chronicle,
4/20/00 p. A19; and thanks to Noah Cole for the submission
Alternate explanations
There are a variety of other explanations, all much more interesting
than "police code", and many plausible. Some are more likely uses
of the 420/hemp connection rather than sources of it, such as the
score for the football game in Fast Times at Ridgement High,
42-0.
Known Myths: It isn't police code (see above). There are 315
chemicals in marijuana, not 420. And although tea time in
Amsterdam is rumored to be 4:20, it is actually 5:30 (Gerhard
den Hollander).
Sixties Songs: For instance, Bob Dylan's famous "Rainy Day
Women #12 and 35" is a possible reference, or source --
12x35=420. And Stephen Stills wrote (and Crosby Stills Nash
& Young performed) a song "4+20" (first recorded 7/16/69,
released on Deja Vu 3/11/70) about an 84-year-old
poverty-stricken man who started and finished with nothing.
(Thanks to Sherry Keel 12/6/98.) Dylan aslo mentions "4 and
20 windows" in "The Balland of Frankie Lee and Judas Priest"
(on John Wesley Harding).
Older Verse: But 420 in poetry is older than that - Greg
Keller notes the old nursery rhyme line, "four and twenty
black birds baked in a pie". Revelation 5:14 (in the King
James Version of the Christian Bible) reads, "And the four
beasts said 'A-Men.' And the four and twenty elders fell down
and worshipped him that liveth for ever and ever." (Travis
Spurley 2/15/99) And in Midnight's_Children, Salman
Rushdie wrote, "Inevitably, a number of these children failed
to survive. Malnutrition, disease and the misfortunes of
everyday life had accounted for no less than four hundred and
twenty of them by the time I became conscious of their
existence; although it is possible to hypothesize that these
deaths, too, had their purpose, since 420 has been, since time
immemorial, the number associated with fraud, deception and
trickery." (Comet 2/14/98) Comet's "best guess is that this
refers to something in Indian mythology or numerology, since
the book is set in India and frequently involves Indian history,
culture, and religion. Given the high interest in Eastern
religion among the phish/dead community, this seems a likely
origin of 420's current significance."
Temporal Significance: "Hands on analog clock at 4:20 look
like position of doobie dangling from mouth" "Larry in
Tuscan" and Alex Mack 5/19/99). Disruptive students are out
of detention and safetly away from school by 4:20, also
rumored to be "the time that you should dose to be peaking
when the Dead went on stage" Hart. "The Waldos" were a
group of teens back in the 70's that lived in San Rafael, CA.
420 was the way they talked about pot in front of teachers,
non-smoking family members etc. Also it was the time of day
they could just go relax, and get baked." ("PhunkCellar")
Jamaicans purportedly "worked till 4 then walked home then
lit up. They would talk 420 like our parents talked about after
5. That's when partying began" "Larry in Tuscan"). Albert (not
Abbie) Hofmann supposedly first encountered LSD at 4:20
p.m. on 4/19/1943 (Bart Coleman citing Storming Heaven by
Jay Stevens, recommended by Mickey Hart in Planet Drum).
Surrealist painter Miro was born April 20, 1893. And
www.filmspeed.com says the propoganda film Reefer
Madness has a copyright date of April 20, 1936 (i.e. 4/20).
(Patrick Woolford)
Misc: Could be that it comes from hydroponics, the practice
of cultivating plants in water often used by indoor marijuana
cultivators, since 4 is used for H on a calculator (420/H20).
(Nick Lowe 3/30/00) The number 80 (eight) is "quatre vingt"
(pronounced "cah-truh vahn"), meaning "four (times} twenty".
Dan Nijjar 1/27/00 (No connection yet between the number
80 and pot. A quarter pound is roughly 120 grams, rounding
quarter-ounces to 7.5.) The titanic was supposed to arrive
4/20/1912. (Thanks to RB.) Perhaps the heavy use of vt420
terminals in the Berkeley area is to blame? (BTW, 420 in
binary code is 110100100.)
Ubiquitous?
Now there's a 420 Pale Ale. One of the late-97/early-98 "Got
Milk" ads featured a character eating cookies without milk and
then passing a sign that reads "Next Rest Area 420 miles" (as Ross
Bruning). Reportedly, all of the clocks in the movie Pulp Fiction
are stuck on 4:20. Shirts with the number 420 on the red-and-blue
interstate highway shield (Interstate 420?) have show up on the
sitcom Will and Grace (Paul Risenhoover 5/14/99) and in several
videos. UPS' labelling software has a "420 postal code" legend for
next-day/2-day deliveries (which is how Phish tickets are sent).
(Jack Lebowitz 10/3/98) MTV's 1997 Viewer's Choice Award (for
the MTV Video Awards) was decided by calls to
1-800-420-4MTV. And by May of 1998, the number was
appearing in so many ads (eg Copenhagen 5/14/98 Rolling Stone
p54, Corvette p55 5/98 Car & Driver) that its presence is
presumed to be intentional. Many songs are around 4 minutes 20
seconds long (since many songs fall between 2:30 and 5:30),
including for example Pink Floyd's "A Great Day for Freedom" (on
The Division Bell, 1994), the Foo Fighters' "My Hero", and
"Smokin'" from Boston's first album. "There have also been some
420 references on The Simpsons. In the re-run episode aired on
April 20th, 1999 at a special time (probably in honor of those
college students staying in the holiday spirit
Flanders that Barney's birthday is April 20th. Also, the jackpot sign
in one part of the casino says $420,000. There are a couple less
concrete ones, but these two have to be legit, especially since they
decided to air THAT particular episode on 4/20/99." (Submitted by
Matt Meehan 4/21/99) And (as of Fall '99) the 60 free minutes that
Working Assets Long Distance offers, at the 7 cents per minute
rate, is $4.20 free. There's even a band named 420, and another
names . In the first fifteen pages of Karel Capek's novel War with
the Newts, a man diving under wonder stayed down for four
minutes and twenty seconds. Grant Garstka 1/6/00 At the
suggested retail price ($3.96) and Michigan (6%) sales tax, a deck
of Uno cards costs $4.20. Nic Boris 4:20 marks the first downbeat
of the drums in Led Zeppelin's epic "Stairway to Heaven." (Dan
Harris) The bill authorizing force after the World Trade Center
attacks of 9/11/01 passed 420 to 1, and news reports in following
months noted many times that there are (or were then, anyway) 420
airports in the U.S. Allan Morris And don't forget that Adolf Hitler
was born on April 20, macabely "celebrated" (or at least
referenced) via the Columbine High School shootings.
Phish-related Occurances
Whatever the origin, the number appears frequently... For the
summer 1997 tour, TicketMaster service charges were $4.20. In
the Fall 1997 Doniac Schvice Dry Goods section, a limited edition
Pollack poster printed on 100% hemp is order number 420P. The
Great Went was 420 miles from Boston (former home of Phish).
The official logo includes 4 gills and 20 bubbles ("Gringo"
11/12/98). As of 6/15/97, including covers and originals, Phish
had performed a total of 420 songs (thought its 486 by 4/24/98).
(David Steinberg). Lawnboy is 420megs of memory. Patrick
Walker Phish's The Vibration of Life underlies a whirling loop
with Seven Beats per second (which makes 420 beats per minute.)
Trey has used the altered line "woke up at 4:20" in "Makisupa
Policeman", which also often indirectly celebrates 420ing, e.g. by
mention of goo balls. One of the funniest shirts around takes light
jabs at both the 4:20 phenomenon and the rumored evolution
(collapse?) of the Phish.Net (especially rec.music.phish) from
being Gamehendge to Flamehendge, and beyond. The first day of
the Great Went started at 4:20 (with Makisupa Policeman. (The
second day started late, at 4:37.) Noah Cole The first single from
Slip Stitch and Pass was played on WBCN 10/14/97 at 4:20 pm.
An uproar at 12/31/96 can be heard on tape during the 2001, in
response to an enormous digital clock (which was counting down
to midnight) reaching 11:55:40 and reading "-4:20". (Yoda)
During the 9-12-00 2001, Trey hits the first riff right at 4:20 into
the intro jam. (Cal 2/25/01) Some mail order tickets for the 1997
New Year's run were in section 420. The first Mass Pike toll
leaving Oswego was $4.20. (Camille Heath ) And the standard
shipping for The Phish Companion through Amazon was
originally $4.20.
420 Shows: Phish performed on April 20 in 1989, 1990, 1991,
1993, and 1994. The first day of the Great Went started at 4:20,
although that was called a soundcheck by Trey after three songs.
The Jazzfest Harry Hood 4-26-96 started at about 4:20 reported by
Trevor. At Big Cypress, "David Bowie" was playing at 4:20 a.m.
And the one event during the "hiatus" (10/8/00 - ?) featuring all
four members - for Jason Colton's wedding - was 12/1/01, 420
from: http://www.phish.net/faq/n420.html:
Connotative Use/Meaning
420 is a phreak's (and not just a hippie's) favorite number for a
variety of reasons, or maybe for no reason at all, but colloquially
the number says pot -- "let's smoke pot", or "someone's smoking
pot", or "gee, i really like pot", or "time to smoke pot", either by
time (4:20 a.m. or p.m.), date (April 20th), or otherwise (e.g. State
Route 420). April 20th at 4:20 is marked by annual events in
Mount Tamalpais, CA (an informal gathering); Marin Conty, CA
(the 420 Hemp Fest); Ann Arbor, MI (the Hash Bash); and
Washington, D.C. (buildup towards the July 4th Smoke-In).
Original Source(s)
Conventional wisdom: The most common tale is that 420 is the
police radio code or criminal code (and therefore the police "call")
in certain part(s) of California (e.g. in Los Angeles or San
Francisco) for having spotted someone consuming cannabis
publicly, i.e. "pot smoking in progress"; that local cannabis users
picked up on the code and began celebrating the number temporally
(esp. 4:20 a.m., 4:20 p.m., and April 20); that the number became
nationally popularized in the late 1980s and, more ferverently, in
the early- to mid-1990s; and is colloquially applied to a variety of
relaxed and/or inspired contexts, including not only pot
consumption but also a "good time" more generally (in contrast to
the drug war surrounding).
Conventions are legends: 420 is not police radio code for
anything, anywhere. Checks of criminal codes (including those of
the City of San Francisco, the City of Los Angeles, Los Angeles
County, the State of California, and the federal penal code) suggest
that the origin is neither Californian nor federal (the two best
guesses). For instance, California Penal Code 420 defines as a
misdemeanor the hindrance of use ("obstructing entry") of public
lands, and California Family Code 420 defines what constitutes a
wedding ceremony (Marco). One state does come close: "The
Illinois Department of Revenue classifies the Alcoholic Liquor Act
under Part 420, and the Cannabis and Controlled Substances Tax
Act are next, under Part 428." (RB 5/19/99)
True story?: "According to Steven Hager, editor of High Times,
the term 420 originated at San Rafael High School, in 1971,
among a group of about a dozen pot-smoking wiseacres who
called themselves the Waldos. The term 420 was shorthand for the
time of day the group would meet, at the campus statue of Louis
Pasteur, to smoke pot. ``Waldo Steve,'' a member of the group who
now owns a business in San Francisco, says the Waldos would
salute each other in the school hallway and say ``420 Louis!'' The
term was one of many invented by the group, but it was the one
that caught on. ``It was just a joke, but it came to mean all kinds of
things, like `Do you have any?' or `Do I look stoned?' '' he said.
``Parents and teachers wouldn't know what we were talking about.''
The term took root, and flourished, and spread beyond San Rafael
with the assistance of the Grateful Dead and their dedicated cohort
of pot-smoking fans. The Waldos decided to assert their claim to
the history of the term after decades of watching it spread, mutate
and be appropriated by commercial interests. The Waldos contacted
Hager, and presented him with evidence of 420's history, primarily
a collection of postmarked letters from the early '70s with lots of
mention of 420. They also started a Web site, waldo420.com. ``We
have proof, we were the first,'' Waldo Steve said. ``I mean, it's not
like we wrote a book or invented anything. We just came up with a
phrase. But it's kind of an honor that this emanated from San
Rafael.''" Maria Alicia Gaura for the San Francisco Chronicle,
4/20/00 p. A19; and thanks to Noah Cole for the submission
Alternate explanations
There are a variety of other explanations, all much more interesting
than "police code", and many plausible. Some are more likely uses
of the 420/hemp connection rather than sources of it, such as the
score for the football game in Fast Times at Ridgement High,
42-0.
Known Myths: It isn't police code (see above). There are 315
chemicals in marijuana, not 420. And although tea time in
Amsterdam is rumored to be 4:20, it is actually 5:30 (Gerhard
den Hollander).
Sixties Songs: For instance, Bob Dylan's famous "Rainy Day
Women #12 and 35" is a possible reference, or source --
12x35=420. And Stephen Stills wrote (and Crosby Stills Nash
& Young performed) a song "4+20" (first recorded 7/16/69,
released on Deja Vu 3/11/70) about an 84-year-old
poverty-stricken man who started and finished with nothing.
(Thanks to Sherry Keel 12/6/98.) Dylan aslo mentions "4 and
20 windows" in "The Balland of Frankie Lee and Judas Priest"
(on John Wesley Harding).
Older Verse: But 420 in poetry is older than that - Greg
Keller notes the old nursery rhyme line, "four and twenty
black birds baked in a pie". Revelation 5:14 (in the King
James Version of the Christian Bible) reads, "And the four
beasts said 'A-Men.' And the four and twenty elders fell down
and worshipped him that liveth for ever and ever." (Travis
Spurley 2/15/99) And in Midnight's_Children, Salman
Rushdie wrote, "Inevitably, a number of these children failed
to survive. Malnutrition, disease and the misfortunes of
everyday life had accounted for no less than four hundred and
twenty of them by the time I became conscious of their
existence; although it is possible to hypothesize that these
deaths, too, had their purpose, since 420 has been, since time
immemorial, the number associated with fraud, deception and
trickery." (Comet 2/14/98) Comet's "best guess is that this
refers to something in Indian mythology or numerology, since
the book is set in India and frequently involves Indian history,
culture, and religion. Given the high interest in Eastern
religion among the phish/dead community, this seems a likely
origin of 420's current significance."
Temporal Significance: "Hands on analog clock at 4:20 look
like position of doobie dangling from mouth" "Larry in
Tuscan" and Alex Mack 5/19/99). Disruptive students are out
of detention and safetly away from school by 4:20, also
rumored to be "the time that you should dose to be peaking
when the Dead went on stage" Hart. "The Waldos" were a
group of teens back in the 70's that lived in San Rafael, CA.
420 was the way they talked about pot in front of teachers,
non-smoking family members etc. Also it was the time of day
they could just go relax, and get baked." ("PhunkCellar")
Jamaicans purportedly "worked till 4 then walked home then
lit up. They would talk 420 like our parents talked about after
5. That's when partying began" "Larry in Tuscan"). Albert (not
Abbie) Hofmann supposedly first encountered LSD at 4:20
p.m. on 4/19/1943 (Bart Coleman citing Storming Heaven by
Jay Stevens, recommended by Mickey Hart in Planet Drum).
Surrealist painter Miro was born April 20, 1893. And
www.filmspeed.com says the propoganda film Reefer
Madness has a copyright date of April 20, 1936 (i.e. 4/20).
(Patrick Woolford)
Misc: Could be that it comes from hydroponics, the practice
of cultivating plants in water often used by indoor marijuana
cultivators, since 4 is used for H on a calculator (420/H20).
(Nick Lowe 3/30/00) The number 80 (eight) is "quatre vingt"
(pronounced "cah-truh vahn"), meaning "four (times} twenty".
Dan Nijjar 1/27/00 (No connection yet between the number
80 and pot. A quarter pound is roughly 120 grams, rounding
quarter-ounces to 7.5.) The titanic was supposed to arrive
4/20/1912. (Thanks to RB.) Perhaps the heavy use of vt420
terminals in the Berkeley area is to blame? (BTW, 420 in
binary code is 110100100.)
Ubiquitous?
Now there's a 420 Pale Ale. One of the late-97/early-98 "Got
Milk" ads featured a character eating cookies without milk and
then passing a sign that reads "Next Rest Area 420 miles" (as Ross
Bruning). Reportedly, all of the clocks in the movie Pulp Fiction
are stuck on 4:20. Shirts with the number 420 on the red-and-blue
interstate highway shield (Interstate 420?) have show up on the
sitcom Will and Grace (Paul Risenhoover 5/14/99) and in several
videos. UPS' labelling software has a "420 postal code" legend for
next-day/2-day deliveries (which is how Phish tickets are sent).
(Jack Lebowitz 10/3/98) MTV's 1997 Viewer's Choice Award (for
the MTV Video Awards) was decided by calls to
1-800-420-4MTV. And by May of 1998, the number was
appearing in so many ads (eg Copenhagen 5/14/98 Rolling Stone
p54, Corvette p55 5/98 Car & Driver) that its presence is
presumed to be intentional. Many songs are around 4 minutes 20
seconds long (since many songs fall between 2:30 and 5:30),
including for example Pink Floyd's "A Great Day for Freedom" (on
The Division Bell, 1994), the Foo Fighters' "My Hero", and
"Smokin'" from Boston's first album. "There have also been some
420 references on The Simpsons. In the re-run episode aired on
April 20th, 1999 at a special time (probably in honor of those
college students staying in the holiday spirit
Flanders that Barney's birthday is April 20th. Also, the jackpot sign
in one part of the casino says $420,000. There are a couple less
concrete ones, but these two have to be legit, especially since they
decided to air THAT particular episode on 4/20/99." (Submitted by
Matt Meehan 4/21/99) And (as of Fall '99) the 60 free minutes that
Working Assets Long Distance offers, at the 7 cents per minute
rate, is $4.20 free. There's even a band named 420, and another
names . In the first fifteen pages of Karel Capek's novel War with
the Newts, a man diving under wonder stayed down for four
minutes and twenty seconds. Grant Garstka 1/6/00 At the
suggested retail price ($3.96) and Michigan (6%) sales tax, a deck
of Uno cards costs $4.20. Nic Boris 4:20 marks the first downbeat
of the drums in Led Zeppelin's epic "Stairway to Heaven." (Dan
Harris) The bill authorizing force after the World Trade Center
attacks of 9/11/01 passed 420 to 1, and news reports in following
months noted many times that there are (or were then, anyway) 420
airports in the U.S. Allan Morris And don't forget that Adolf Hitler
was born on April 20, macabely "celebrated" (or at least
referenced) via the Columbine High School shootings.
Phish-related Occurances
Whatever the origin, the number appears frequently... For the
summer 1997 tour, TicketMaster service charges were $4.20. In
the Fall 1997 Doniac Schvice Dry Goods section, a limited edition
Pollack poster printed on 100% hemp is order number 420P. The
Great Went was 420 miles from Boston (former home of Phish).
The official logo includes 4 gills and 20 bubbles ("Gringo"
11/12/98). As of 6/15/97, including covers and originals, Phish
had performed a total of 420 songs (thought its 486 by 4/24/98).
(David Steinberg). Lawnboy is 420megs of memory. Patrick
Walker Phish's The Vibration of Life underlies a whirling loop
with Seven Beats per second (which makes 420 beats per minute.)
Trey has used the altered line "woke up at 4:20" in "Makisupa
Policeman", which also often indirectly celebrates 420ing, e.g. by
mention of goo balls. One of the funniest shirts around takes light
jabs at both the 4:20 phenomenon and the rumored evolution
(collapse?) of the Phish.Net (especially rec.music.phish) from
being Gamehendge to Flamehendge, and beyond. The first day of
the Great Went started at 4:20 (with Makisupa Policeman. (The
second day started late, at 4:37.) Noah Cole The first single from
Slip Stitch and Pass was played on WBCN 10/14/97 at 4:20 pm.
An uproar at 12/31/96 can be heard on tape during the 2001, in
response to an enormous digital clock (which was counting down
to midnight) reaching 11:55:40 and reading "-4:20". (Yoda)
During the 9-12-00 2001, Trey hits the first riff right at 4:20 into
the intro jam. (Cal 2/25/01) Some mail order tickets for the 1997
New Year's run were in section 420. The first Mass Pike toll
leaving Oswego was $4.20. (Camille Heath ) And the standard
shipping for The Phish Companion through Amazon was
originally $4.20.
420 Shows: Phish performed on April 20 in 1989, 1990, 1991,
1993, and 1994. The first day of the Great Went started at 4:20,
although that was called a soundcheck by Trey after three songs.
The Jazzfest Harry Hood 4-26-96 started at about 4:20 reported by
Trevor. At Big Cypress, "David Bowie" was playing at 4:20 a.m.
And the one event during the "hiatus" (10/8/00 - ?) featuring all
four members - for Jason Colton's wedding - was 12/1/01, 420
days after the hiatus began. (Todd Pascoe)days after the hiatus began.
(Todd Pascoe)
-- Carnivore is an app that can be installed on an ISP's servers to monitor certain data on its network, e.g. email (headers or content), web traffic, etc.
/. would have at their disposal the tools do this type of monitoring on their networks.)
-- Carnivore was so-named because it is configurable so that only data meeting certain criteria are collected (e.g. mail messages with a certain sender, packets with a certain destination IP address). That feature differentiates Carnivore from "Omnivore" which "ate" everything.
-- Carnivore was developed for, and is used for, conducting monitoring where the ISP involved does not have the capability of conducting this type of monitoring itself. The big ISPs already have the capability of doing this type of monitoring. (And certainly most of the sysadmins on
-- Contrary to what some other posts above suggested, monitoring content (as opposed to just traffic/addressing data) in real-time (as opposed to stored/archived stuff) takes more than just a subpoena. There's a very high threshold the govt. has to meet -- pretty much the same standard that has to be met if the govt. wants to do a (voice) wiretap.
A phone tap requires a court order. Carnivore does not. That's the important difference.
No personal vendetta is required; law enforcement officials may have the purest of intentions while stepping on my rights, but that doesn't justify them.
If we trust law enforcement to make these decisions, we give up on the whole idea of judicial oversight---the cops become accountable to no one.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
My guess is that the FBI will probably hate the idea, but the RIAA will love this thing. This is what they've been pushing for in the SSSCA or CBTBKJWhatever. Encrypted data that can only be accessed through special hardware? Any attempt to tamper with it destroys the data. Anyone worried yet? Oh, but Patrick Leahy headed that off at the pass, right? Wait till after the elections boys.
..a more interesting headline to see would've been:
"Innsmouth student invents a Cthulhu leash"
(Sorry, perhaps I should've got more sleep last night?)
Privacy? It's overrated. Terrorist? People with too much time on their hands anyway. But whether it works or not, Carnivore would make for a really mean Quake/UT server... Sorry, I just had to say it ^__^
a ck,target or whatever else trips Carni to dance.
On a side note, it seems incredibly easy for an organization to spoof carnivore by simply lighting off an email/ftp campaign with a bunch of bots; all the files containing the key words bomb,terrorism,nuclear,WTC,biological,anthrax,att
You need a FREE iPod Nano
I don't know if this applies in this case, but the paper Extracting a 3DES key from an IBM 4758 shows that the IBM4578 isn't as unbreakable as you might suppose. Remember, certifications don't always apply in all situations.
I fail to understand why this system is all that much better? This box records everything! Yes, each "conversation" is stored encrypted, and supposedly the FBI needs a court order to get the keys. Carnivore on the other hand looks at everything, but only records those things relevant to the court order, as determined by the settings entered into Carnivore. Yes, there is a chance it could be set up wrong, and that was the subject of the many recommendations IITRI made to improve the product. However the stuff that is not recorded by Carnivore can never be recovered, by definition of not being recorded in the first place. There is no opportunity to go back to court to ask for more keys. It has either been recorded or not.
While I am not a big fan of Carnivore, I fail to see how this system protects us any better.
Why is everyone so paranoid about Carnivore? I don't get it. They need a warrant to use it, and they can't use anything that's not in the warrant against you. Same rules as phone tapping. Why not have a big uproar about phone tapping? Granted, phone taps don't collect everything and sniff through it, but the end-result is the same.
Being a, more or less, law abiding citizen, I have no issues with it at all. I might be a little concerned if I were dealing drugs over the internet, or performing some similar crime, but really, come on. You think the FBI is really concerned with how your day has been? That you just got an 'A' on your exam? Or that you hate your boss?
Sorry, but I think everyone blows this stuff way out of proportion. When I see carnivore being abused, then I'll be concerned, but until then, I'm willing to give them the benefit of the doubt.
The FBI can deploy carnivore whenever and wherever but if I (as a private citizen) deployed a device that could tap the government's email I would be tried for treason.
This sort of reminds me of the phrase, "would you use that language in front of your Grandmother?"
If the Fed's cannot say "fsck yeh" then they should not be able to deploy carnivore without a specific court order. More so, additional "intelligence" (we all know email is full of intelligent thought) that is gathered, but not specifically relevent to the court order, should be termed as illegal search if it is collected and analyzed.
Key escrow is something that can and will be compromised. And because it is a technology that can and will infiltrated everything, it will allow complete access to your privacy by anyone who wants it.
Who said anything about key escrow?
I'd imagine this sort of system would use public key technology. The Carnivore boxes would not be able to decrypt the stuff it encrypts. There's nothing to compromise.
The private key needed to decode it would be kept in a secure location. As long as RSA doesn't have some fatal flaw, i'm confident the key won't be compromised.
The problem with the Clipper Chip was that it would allow the government a way to read messages that we had encrypted. Carnivote doesn't do that. It's purpose is to allow the government to read message that we were too stupid or lazy to encrypt.
--
Mod up a post Rob doesn't like and you'll never mod again
Why aren't be putting our collective weight behind FreeS/WAN?
Prevent email address forgery. Publish SPF records for y
How's the P2P public/private key-pair encrypted IP-over-IP internet thing going? You know, the one that runs under the mainstream one? Let's see them monitor that!
The "review" itself amounts to a "nothing to see here, nothing to worry about" statement that the FBI wanted to hear beforehand. The FBI shopped around for instutioons that would sign on to this favorable statement about Carnivore.
Some were approached who realized that this "review" process was a sham (MIT), and refused to sign on to such a bogus process. Ask Jeff Schiller about this (he runs MIT's networks and invented Kerberos).
Let's look at it this way. If I have to go to a judge to request a tap, spelling out why I need it, then it's a serious thing. If I don't have to, then it's a casual thing - so the possibilities of misuse become that much greater.
...
...
Let's say someone is misusing it. If they have to knowingly decieve a judge in order to get their tap, then if they are caught it's obvious to all. If they don't have to get prior approval, it can be blown off with "oh that's the wrong address, sorry" without any easy way of proving that it is not the case. And as it's a casual thing, generate a load of taps - the "oh that shouldn't have been there" excuse becomes all the more plausable
Everyone accepts that misuse is always likely to occur (human nature). That's why you should have a set of checks and balances to disuade people from casual misuse.
But it's all smoke. The constitution (4th amnd.) says that your right of "privacy" should only be disturbed if authorised by a judge. If the government/authorities want to change that, then they need a new amendment (nothing less will do). Anything less is "not the american way". What's the point in having a constitution (contyract between people and government) if it's not followed by the government?
I've always understood that you are innocent until proven "a criminal". It's not that criminal's can't find out if they are under surveilance, it's *anyone*, criminal or otherwise can't find out. Who decides if it's a just cause -oit used to be a judge
since they never leave the card (at least if Iliev has written the program correctly...)
The SCO lawsuit makes me wish my company were in Utah. We need a new building.
You've obviously never dealt with one of John Ashcroft's Storm Troopers. Unfortunately, this Jedi Mind trick just won't work... they will just get a sopena for "any and all information relating to ". And they will submit thousands of these... for every person in your local area.
Headline: Rich colledge kid pulls obvious idea out of his ass.
Copy: A student who has nothing better to do with his time then beg his daddy to get him in wired because he the keen idea to "encrypt all the data". He says came up with this one day after reading about people being able to somehow encrypt emails so that the feds couldnt get at them.
"designed to destroy itself if it detects an intrusion attempt. " - sounds like something out of Mission Impossible - but seriously won't the FBI just cite something like "national security" or some other phrase to get what they want when they haven't got a valid case?
Video Game cheats, hints a
The difference between this and the Clipper chip was that the clipper chip was going to be backed by a law that required ALL encryption in the US (personal, corperate, government, whatever...) be done under key escrow. It made it illegal to use any encryption that did not support key escrow and you had to get your keys from a federal agency (so they could insure that they had a key in escrow). The Clipper proposal took encryption out of the hands of the common man (no PGP or anything else, only government sanctioned encryption)
The Dartmouth proposal is key escrow, but not as wide ranged as the Clipper proposal. This proposal does not state that you can't use PGP( or ROT-13 or some other encryption technology) for personal reasons, or that you can't create a private encrypted (VPN) digital voice channel between you and your friend (or partner in crime).
The proposal is that if ISPs are forced to provide a standard mechanism for government agencies to snoop transmissions (ala CALEA for telco) then make the mechanism encrypt the data in a way that forces a process to be followed (even if a portion of that process is illegal, such as stealing escrowed keys)
Currently the data is available with no auditing at all. Anyone who has the capability (agencies) can force there way into an ISP and take the info, even threaten the ISP to remain silent that the event even occured. With technology of this nature, the event could be logged and audited later (even reporting which key was used so it could be invalidated)
This proposal needs lots of peer review; however it's not the Clipper Chip revisited.
=Shreak
PGP/GPG encryption is pretty seemless using the Enigmail package. Instead of "send" you push "Encrypt+signed send". Encrypted mail you get is automatically decrypted when view it. No fuss, no muss.
All you have to do is get your friends on the public key system.
I think everyone should be using this. Everyone.
I'm no crook. But, e-mail monitoring isn't any different than having a Gov. agent attached to your person so they can monitor everything you do or say. Just because e-mail monitoring is not obvious just doesn't make it right.
The code for this "alternative" carnivore is public at http://www.cs.dartmouth.edu/~pkilab/code/vault.tar . z
;-)
Let's take a look at it:
~$ tar xfz vault.tar.gz
~$ cd vault
~/vault$ grep goto `find -name *.c` | wc -l
163
Aaaaaargh !!!
-------------------------------------------------
Programming is good for health
First of all, the FBI gets a warrant for the DATA. If the ISP is unable to get the DATA themselves, the FBI can then insist that they install the Carnivore box. On the other hand, courts have ruled that if the ISP can indeed get the data, then Carnivore isn't needed.
Second of all, the reason the FBI created Carnivore was because existing tools could not get the data. This encryption device is based upon existing tools, and therefore does not help get the data at all. For example, if the warrant requires the ISP to deliver copies of the suspect's e-mail, this device cannot do it.
Third, people persist in believing that Carnivore is a keyword search engine like the rumored Echelon. This is false: no judge would grant a court order allowing the FBI the ability to search for keywords. (This encryption device is based upon a keyword search engine). A typical court order would be one that allows the FBI to get all e-mail to/from a named e-mail account. Another example would be a lesser court order allowing the FBI to record the e-mail addresses to/from the specified account, but not the contents.
I have written a Carnivore engine that has previously been written up in /. It, and a Carnivore FAQ, is at: http://www.robertgraham.com/altivore/.
Also, if the program will destroy itself and all the data it controls, can a beginning hacker get in to wipe the data?
Spotted the conflict of interest yet? Q.E.D.
Govt. mathematicians getting into it implies they can crack the encryption algorighms used (that's what mathematicians do...). The card's hardware supports 168-bit Triple-DES, and I don't really believe anyone can break that today. If you're really paranoid, and speed is not an issue, you can implement whatever algorithm you like inside the card, via software. > can a beginning hacker get in to wipe the data? No - you don't understand the intrusion protection. The data is zeroized on attempts to PHYSICALLY attack the card, meaning you're trying to drill/etch/etc. into the secure module, attack it via temperature, radiation, voltage manipulation, etc. Hackers would be attacking via the input and output datastreams, and those are intended to be well-enough designed - if not, the card wouldn't know about a protocol hole to alert it that it should zeroize.
Simply take them to their logical end.
The fact that Carnivore exists, in any form, indicates that the government wants access to all your communications, to know exactly what it is you're saying and hearing.
False logic
You're only real options are either not to say or do or listen to anything the government might find objectionable, or encrypt all your communications.
False dichotomy.
I'm sorry if I haven't offended anyone
The problem people have with Carnivore is they don't want their private conversations logged by the FBI. Well, make them public. Keep Carnivore logging everything and make the logs publicly available to all. People will change their behaviour, either by using encryption or using another medium for private messages. Problem solved.
I'm sorry if I haven't offended anyone
From the bill itself:
(a) SHORT TITLE- This Act may be cited as the `Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001'.
"USA PATRIOT" is an acronym, and a misnomer at that. Lowercasing it only hides this fact, the proper name is capitalized.
comment copied from here
my $0.02 - saying 'patriot act' makes people think that it's for the good of the country, and they'd be unpatriotic to go against it.
As noted in slashdot some time back the chip has been cracked.
http://www.cl.cam.ac.uk/~rnc1/descrack/
> LSD was discovered in the 1930's in Switzerland. Unless the Berkeley you are referring to is NOT the University of California.
YM 1941, by Albert Hofmann, a chemist in the employ of Sandoz Pharmaceuticals. Fun fact #1: He was actually looking for obstetric medicines based on the ergot fungus, and accidentally ingested a quarter milligram or so on one of them. When the acid kicked in on his bike ride home, he thought he'd poisoned himself and was going to die soon.
Fun fact #2: Unix as near as I can tell was spawned at Bell Labs in New Jersey, and not Berkeley at all. Blame this guy.
And was Steve Vai actually from Berkeley, California? I didn't know that, and his official site didn't illuminate much on that. Seems to me he might have gone to the Berklee School of Music, which is actually in Massachusetts somewhere iirc.
Oh yeah, fun fact #3: I nicked my sig from some guy's post on alt.folklore.computers 'cause I thought it was funnier than it was accurate.
Click here if you just like to click on shit.
You, sir, are as clueless on Slashdot as you are on mailing lists.
You fucking retard.
>...but seriously won't the FBI just cite >something like "national security" or some other > phrase to get what they want when they haven't > got a valid case? --- No, the 4758 is carefully designed so that no one - even the designers - can get into it if properly set up. One of the design principles of a good security product is that knowledgeable insiders - including the engineers who designed it, or the programmers who wrote the software - should be unable to break in.
Wow! I've NEVER heard that quote before!!