Slashdot Mirror
Why Did The FBI Retire Carnivore?
We posted earlier this week that the FBI has officially dropped Carnivore, its "privacy respecting" eavesdropping program. Now reader Throtex writes "Professor Orin Kerr at the George Washington University Law School, a member of the Volokh Conspiracy discusses why Carnivore came to be in the first place and why it really was terminated (about two years ago). Essentially, the media (as usual) got a bit carried away with a non-story: Carnivore was designed to protect your rights from being invaded while sniffing only suspect data. Carnivore was dropped because, as of two years ago, the available tools met the necessary privacy standards, as Prof. Kerr noted in his article about the PATRIOT Act published at the time."
I would be more concerned about things like ECHELON anyway.
Speaking of ECHELON, maybe the reason people get so carried away with conspiracy theories is that our government is so bloody set against telling its own people what it does. AFAIK, even though a couple of European countries on the ECHELON project have admitted their membership, the U.S. government continues to deny such a thing even exists.
If this were a truly free country, we wouldn't have a government that's so hellbent on keeping things a secret. You can talk about the practical reasons behind keeping things secret to protect our interests and the people involved in the operations, but that doesn't change the fact that it makes the country non-free in the actual sense, and it gives people a very good reason to be jittery about snooping projects.
When the government is known to clam up and hide things, how can you ever be sure it's telling you the truth about its projects and that they really do what they're saying they do?
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Because of tcpdump?
Seriously, if the FBI had the resources and access to the right people, why couldn't they build Carnivore out of open-source material and not resort to "commercially available" products?
Put another way: With modern hardware being dirt cheap and OSS getting better and better, what would it take to build a system that comes close (or even surpasses) what Carnivore had to offer?
....the next version came out. A new Linux kernel comes out, and you upgrade, right? I guess Carnivore 98(TM) is going off support.
I blame PETA.
No, no, NO!!
I read it on SLASHDOT!! The Gubmint wants to read my e-mail! It's part of their Total Information Awareness plot to put me in JAIL! They want to label me a TERRORIST and send me to GITMO!!
Don't tell me it's not true! It's on the INTERNET for crying out loud!
"Ask not what your country can do for you." --John F. Kennedy
When I stop using a system it is usually because I have something better.
The government has actually contracted with the makers of such programs as: ........
-Gator
-CoolWebSearch
-ISTbar
-and Internet Optimizer
You're rejoicing that the FBI retired Carnivore. What Carnivore allowed was the collection of information, then the decryption and analysis of that data with a court order. They retired it because USA PATRIOT allows them to just collect it the good old fashioned way...no encryption, no court order. Whomever, whenever they want. The difference is that now they can look for suspicious activity via eavesdropping instead of first having a suspicion and confirming it via eavesdropping. You are celebrating that the FBI has thrown away their lock picks and not realizing that Congress has removed all your doors.
Public use of any portable music system is a virtually guaranteed indicator of sociopathic tendencies. -- Zoso
As someone currenly job hunting in the DC/Baltimore area, I am amazed by the number of programming jobs that require security clearances. If you have a security clearace and took a couple java classes in college, government contractors will shower you with job offers. The requisite for getting a job on these projects, therefor, is not being a talented programmer, it is having a clearance that says you aren't a spy.
The result, I'm convinced, is that they hire a lot of sub-standard programmers, who create poorly designed products at great expense. And if the product doesn't work, well, thats another $100 million of taxpayer money down the drain.
These outfits need to either figure out a way to use better programmers who don't have security clearances, or figure out how to get good programmers cleared without a 2 year delay. Until that happens, a lot of substandard coders will contiue to write failed applications on the taxpayer dollar.
SpyDock: Scientific Python in a Docker container
If you don't encrypt your email and web traffic, you have no "reasonable expectation" of privacy. Apparently, "addressing information" - that is, packet headers - are not a part of confidential communications, and as such, it does not represent an invasion of privacy to read them.
While I understand his argument that PATRIOT merely made pre-existing wiretap laws apply to the internet, this fact alone doesn't make the existing laws right. For example, just knowing who called who when, even without revealing the details of content, does significantly invade one's privacy. In these times when someone can be detained simply because they "may have knowledge of a criminal act", divulging the websites a person visits is still too dangerous. Someone concerned about the rise of radical Islam could easily be detained as a "potential terrorist" simply because they did some independent research on Islam using the internet. Even scanning addressing information alone is too much power for a government in which the mere declaration that one is an "enemy combatant" can be used to arbitrarily deny one's civil liberties.
The society for a thought-free internet welcomes you.
They retired it because it ran on NT4.0 ....
*narf!*
We retired Carnivore so we could bring in Omnivore. Never would we use the Patriot Act for frivolously putting airplane-taggers in prison, or anything else that could be considered stupid and a waste of government funds/money or abusive to the general population.
We just came out with Omnivore, essentially Carnivore II. It's made-up of a massive Xbox cluster (that's what we get when we contract it to Microsoft) and has every major exchange hooked into it. It's also the reason people seem to be fascinated with Area 51. Please note that all those old Russion MIGs and freaky green, glowing lights were just cover (the green lights were Das Blinkinlights while we were experimenting with BeOS).
Please note that Carnivore II is currently intercepting the nude photos that your GF is sending you and FBI agents are probably posting them up in the office right now. Also, it is more than capable of intercepting every e-mail with the word terrorist, seeing as how the Bush Administration would rather that you use the words "Men Of Extreme Evil" so as not to let them win by even acknowleging their presence on Earth. So if you even use the word "terror," we will come after you in your sleep and put you in GITO forever, then you will need to put up with endlessly being forced to dance in front of the other "Men Of Extreme Evil." Thank you for your understanding in this matter. We apologize for any confusion. Remember, Uncle Sam is just trying to decide what's best for YOU!
Silence is golden... and duct tape is silver.
he FBI performed only eight Internet wiretaps in fiscal 2003 and five in fiscal 2002; none used the software initially called Carnivore and later renamed the DCS-1000, according to FBI documents submitted to Senate and House oversight committees. The FBI, which once said Carnivore was "far better" than commercial products, said previously it had used the technology about 25 times between 1998 and 2000.
Carnivor was not a system designed to watch Internet traffic 24/7/365 and flag stuff that looked like potential usefull data on random people. It was used to monitor people who were already under investigation.
I don't hear many people cry foul over a regular telephone wiretap, which is done for the same reasons under the same circumstances - they wiretap telephones of people who are already under investigation (I realize that Eschelon is different, but Eschelon is not a telephone wiretap on a suspect's phone. Its a wiretap on all communications, or so some people claim).
And the Patriot Act does require a court order to do most things. Its just that its not the courts that we think about. Its a secret court. There have been articles on the very subject.
I don't believe that the FBI simply randomly picks people to monitor and do searches of houses at random, etc. There is some "oversight", although to most of us, that "oversight" is secret (yes, that can lead to abuse).
- it tightens government control of research in general
- it shifts focus away from 'obscure' languages and promotes isolationism and (ironically) thereby supports cultural imperialism
- likewise, it diverts effort away from tools that might be useful in translation
- it diverts from work that could in principle radically improve text compression ratios (which is mathematically more important for secrecy than improved crypto algorithms, though this is rarely pointed out)
- it helps refocus academia on providing short term benefits to military, intelligence and industrial applications and away from its own programme of building abstract and enabling knowledge.
(At the risk of antagonising the community here I should also point out that Carnivore and its successors probably share with slashdot a huge problem that is widely perceived as a feature: that it actively reinforces its user community's notions of relevance. Surfacy, automated filtering is of course even more likely than human moderation to classify material by its rhetorical style than its actual content. In politics, indeed in support of any culture or subculture, this is perhaps a wonderful thing; in intelligence, a two edged sword of the worst kind - one that may explain how a number of things manage to slip under the radar.) But I can only leave you to judge.The whole thing eventually comes down to security through obscurity - a somewhat dangerous philosophy.
The British followed such a philosophy for years, not even admitting that MI5 and MI6 existed. Eventually, they realised that this offered zero additional protection. Those who were a threat already knew they existed and had probably infiltrated both, so the only ones being kept in the dark were the voters/taxpayers. They abandoned the cloak of secrecy and even published the name of the head of MI6. The world didn't explode, civilization didn't collapse, and people carried on pretty much as normal.
In the case of Echelon, stating whether or not it exists wouldn't seriously hurt US national security. Those with secrets to hide are likely to already use a wide range of evasion and encryption techniques. Knowing that Echelon is out there, without knowing the details of how it works, wouldn't provide any information they wouldn't already be assuming to be true.
What it does do is make it possible to correct any flaws in the system, as it currently exists. it wouldn't require anyone to say what those flaws were, or how the system works, but it would allow them to bill for fixing things.
Carnivore, by all accounts, was superceded by commercial tools. Why? Did the FBI sack all of its software engineers, the day after the product went into service? Probably not. The official figures suggest that the product saw a steady decline in usefulness, which suggests that there was little or no maintenance or development. This likely started when the project was classified, as the available data suggests it had reached terminal decline by the time it was admitted to.
There was absolutely nothing preventing the FBI from keeping Carnivore up-to-date. If they started ahead of everyone else, they should have remained ahead of everyone else. In fact, if they had programmers so good that they COULD start ahead of those who'd been working on the problem for some time, they should have INCREASED the gap between themselves and commercial vendors.
They didn't. Well, you can hardly hire a contractor to fix an unacknowledged bug in a system you won't admit exists. The more secret you make these things, the harder it gets to get the bug reports from the users to the programmers.
The problem with GOTS software (or hardware) is that there is an unstated assumption that problems will fix themselves if you bury them deep enough. That is why Carnivore became outdated, not some magical advancement by the commercial sector.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
VeriSign's NetDiscovery service provides telecom network operators, cable operators, and Internet service providers with a streamlined service to help meet requirements for assisting government agencies with lawful interception and subpoena requests for subscriber records. Net Discovery is the premier turnkey service for provisioning, access, delivery, and collection of call information from operators to law enforcement agencies (LEAs).
Verisign does this for telephony by using (or abusing) their control of Signalling System 7., the routing network for telephony. When a wiretap request comes in, they change the SS7 routing data to route calls to/from the phone of interest to their call monitoring center, from which the call is then routed outward again. To the telephone network, this looks like call forwarding. This approach requires no additional hardware at the wireline carrier; it's done through the existing SS7 infrastructure. (Incidentally, this should increase latency, depending on how far you are from Northern Virginia. But they may have remote monitoring centers by now to cut that down.)
Verisign also offers wiretapping services for mobile phones, and cable-based VoIP.
Efforts are underway to integrate NetDiscovery capability into future Cisco routers.
Verisign takes the carrier or ISP completely out of the loop. "Authorized Government agencies" can submit their wiretapping request to Verisign, where they are "reviewed by a paralegal" and then implemented. There's no need for the carrier or ISP to even be aware of the wiretap.
So that's why there's no need for Carnivore any more.
Verisign - your full service wiretapping solution provider.