Dartmouth Student Invents A Carnivore Leash

timdorr writes: "Looks like a student at Dartmouth wants to turn Carnivore into a much more resonable tool according to this Wired article. I'd personally feel a lot less invaded if I knew the system was in place and in this form. Hopefully the government takes notice becuase Carnivore still seems like quite a loophole for our government to exploit."

unfortunately, it will provide no protection at al

[Syre]

This is an excellent approach! I am really thrilled to see someone coming up with a solution that allows the government all legitimate use while providing the tools to prevent overstepping. And partially funded by the justice department too!

The big problem with this is that even if it's implemented, since under the Patriot Act judges need not sign off on subpoenas, the FBI et al would still be able to get all they keys they want and still access all the data.

For this device to be useful, unfortunately, the law must be changed to require judicial oversight... and the judges must be trustworthy!

Get some perspective

Anyone who thinks Carnivore is a ferocious animal right now, please step into the hallway for your I.Q. test.
Everyone else knows that after 9/11 so many people made calls, emails, HAM traffic to the tune of 'terrorist' this, 'Cell' that, that Carnivore must have sustained a complete mental(server) breakdown. Put your thoughts to things of more importance (Israel/Palistineans, Coke vs Pepsi). The chance that something the FBI/CIA built outside of a national coding symposium would be so utterly, absolutely crashed from the traffic of keywords that it doesn't bear looking at. I'm not trying to point you in the direction of unilateral oversight and say it's OK, I'm just saying that 'right now' there are more important things to look at than a system more crashed and confused, that it probably thinks its an Atari 2600 with a buggy version of Combat loaded up

Encrypt your mail...

[u01000101]

I'd personally feel a lot less invaded if I knew the system was in place and in this form.

I'll personally continue to encrypt my emails - as many as possible of course.
Routine use of encryption (like for the one-liners) defeats to some extent traffic analysys.

The recent improvements in factoring (look here and here) don't affect 1536- or 2048-bit keys (or larger). For the time being, public-key encryption is the best means of protecting your e-mail privacy. Don't rely on some guys' kindness - with a little effort you can be sure your nosy admin/ parent/ spouse/ street cop won't "accidentally" read your stuff.

http://www.gnupg.org

Re:Encrypt your mail...

[u01000101]

most websites only support 128bit encryption for online transaction, which can be broken in a matter of days

No, AC, you got it wrong: 128bit *symmetric* encryption is very strong - comparable to 1024-1536 bit public-key (or assymetric) encryption.

If you're feeling like a good read, try "Handbook of Applied Cryptography" - do a google search, it downloadable for free.

Re:hmmm

[digitalunity]

These Orwellian news stories are becoming more frequent. They are beginning to scare me. Average American citizens believe that because they've done nothing wrong that this invasion of privacy does not affect them. That's what eastern europeans thought before WWII. Think about this: So, you have some unfounded trust in your current government. You think that the invasion of privacy will only lead to greater safety. This is laid on the premise that the current government is the only one to ever lay hands on the sensitive information. Can you say now that you trust any future governments to use the information for the greater good?

Can you trust all new administrations to do only good? McCarthy is a prime example of what happens when you let paranoia feed on patriotism. What if in the future a fascist(in the true sense) governemnt controls america. What will you do then? By this time, you've already been catalogued and filed and triplicated in every possible way; you gave up your right to privacy years ago.

Round two: A computer cracker or a corporate spy thieves the database for their own personal gain. You, and all 249 million of your neighbors are now in the hands of the highest bidding corporation or marketing firm. What are you gonna do? Nothing. You don't have any rights. You gave them away already.

Although the right to electronic privacy is not in the constitution for obvious reasons, the true intent of the bill of rights is obvious. The Bush Legislation Regime is feeding on our own fear of the enemy(whoever that is) to take away our rights. Everything from Carnivore to the SSSCA(or whatever new derivative is in the works) to the USA Patriot Act, our rights are being eroded away one law at a time. Americans are like frogs, they'll sit in their apathetic zombie worlds letting their rights vaporize while calmly waiting for the water to boil.

I may be a elitist prick; but the apathy, disillusionment, and ignorance surrounding me makes me want to vomit.

Re:great...

[NoNeeeed]

Why do people have so much of a problem with the authorities monitoring e-mail, yet don't get up in arms about straight phone tapping? The right of the police to tap your phone is no different from their right to search your home, search you or indeed put you in prison. The same goes for reading your e-mail.

Each of these powers is granted so that they can fight crime. I don't have a problem with the police having any of these powers, as long as they are restricted, i.e. you need a warrent to search someones house, or tap their phone, so you should need one to read their e-mail. I have a problem with echelon and 'fishing-trips', and the police abusing their power of search and arrest. But then thats why we have rules. Its up to us/our representatives/the judges to make sure that the police obay those rules. This is why so many cases get thrown out of court on 'technicalities', because someone broke the rules.

On the whole this is pretty well inforced in britain, for example ALL interviews with the police, MUST be taped, and there has to be a witness, (unlike in the US where recording is only reccommended. That said we do have the rather dubious RIP bill but that still requires a warrent.

So basically, if you are against (restricted, needs a warrent etc) tapping of your e-mails, you should be against the (warrented) search of properties and the (warrrented) tapping of phones.

The internet is no different from any other communications medium. If you really think that it is, or has ever been some utopian paradise of free speech somehow seperate from the real world and real world laws, where anything is allowed, then you need to get out and about a bit more.

The Internet is just another communications network, no different from any other. It is not special, just more advanced. Using the internet is no different from using a phone, or fax. You are not special, it is not special. Grow up and stop seeing the world from such a narrow viewpoint (I can't beleive I just said that on /.)

Paul

Re:unfortunately, it will provide no protection at

[u01000101]

For this device to be useful, unfortunately, the law must be changed to require judicial oversight... and the judges must be trustworthy!

[ I said this before, but I like to repeat myself :) ]
Current public-key encryption (gnupg, pgp) is strong enough to keep you safe from "casual" prying eyes - like your spouse, children, parents, syadmin, boss, street cops, even the fbi. Maybe they *can* crack it (i mean the feds), but they won't go to that without strong reasons and probably more thinking.

What really pisses me off if this "casual" attitude to authorities snooping my personal communication; I'm sure that if the cia, nsa, kgb, mafia, big corporations or who knows else - want to read my email, they will. But I'm also sure that by using gpg, none of the small big-brothers will get their kicks.

Why all the pro-"Clipper Chip" type arguments???

[BitMan]

I think people need a history lesson on all the arguments surrounding the Clipper chip. Remember, the problem isn't always government (although that's definitely part of it), but the inability of government to effectively protect the information from third parties that will abuse it. Key escrow is something that can and will be compromised. And because it is a technology that can and will infiltrated everything, it will allow complete access to your privacy by anyone who wants it. Again, it's the Clipper chip all over again!

Need I revisit the the classic boofernery of the Social Security Number? Outlawed by the government for use outside of its specific creation, it is now used by everyone. And it is extremely easy to obtain, let alone steal! Now the government wants to introduce a national ID, something that is "more controlled" than the SSN. But it too will be easy to obtain and steal in no time as well. Only now, with a national ID, more people will put more of that so-called "faith" it in, so good Americans will have a tougher time proving someone has stolen their identity when it does happen (and it will). And if Microsoft gets Passport behind an "eID," God help us!

Combine this with the CBDTPA/SSSCA, and there's plenty to worry about. The CBDTPA/SSSCA is exactly a pro-Clipper chip mentality! Only it isn't the FBI asking for it, but "Big Media." Heck, I'm surprised no one in "Big Media" is selling the CBDTPA/SSSCA to the government as an "unified solution" for "guaranting copyrights, privacy and law-enforcement" all in one shabang!

Now this researcher has got "all the answers." His solution? Implement an encrypted recording and storage system with key escrow for access. How original! How many times are we going to go in the same damn circle on this???