There have been overlayed area codes in Maryland for a while now. It still only requires 10-digit dialing if you are local, 11 if long distance (toll call). The extra digits really aren't that big a deal. We've had 10-digit dialing for local calls for several years. I guess since we're in the FCC's backyard, we're the guniea pig for their new schemes.
IITRI took the job because respectable institutions wouldn't give the FBI a rubber stamp on their Orwellian program.
IITRI didn't rubber stamp it either. Read the report, and you'll see they found quite a number of problems with it. Their only real recommendation is that it is better to use Carnivore which CAN selectively filter than commercial packet sniffers which read everything.
Oh, and IITRI, due to politics or stupidity (or both), suggests making it even easier for pubescent net punks to get their hands on your e-mail.
Note that the article doesn't say Carnivore caused the problem directly. What caused the problem was the reinstallation of older software on the Earthlink system so that Carnivore could be used. If an ISP is forced to make such changes, then the claim could be made that the use of Carnivore caused the problem. However, the device itself was not the source of the problem. The older operating system software was.
I find nothing in that article to suggest that the FBI is planning to put Carnivore in every ISP. That is a fantasy of Mr. Cringley. In addition, his supposition that Carnivore could shut down the Internet is disproven by the use of the read-only tap and the fact that it can only handle up to a steady stream of 15Mbps recording to a Jaz drive or 60Mbps recording to a hard disk (facts taken from the report).
Even if 6000 Carnivore units could record all that traffic, who could possibly analyze it all in any reasonable period of time. Oh, I know, the FBI's allies at Ft. Meade will do it for them. Like they don't have enough data to deal with already from Echelon.:)
"It also says:
While IITRI did not perform an automated analysis to verify all code segments are executed and that no hidden ode exists, IITRI did verify manually that the driver API and DLL entry points provide only the functionality required to implement the features we observed.
This makes me trust their analaysis even more! The API doens't provide anything more than what is needed so that MUST be the way things work."
Well, convenient that the very next line of the report is not mentioned. It reads,
"Given that the advertised functionality provides ample capability to perform unauthorized surveillance, IITRI concluded there was little incentive to hide such capabilities in the code."
Why do that much analysis if it is obvious that it can collect everything anyway?
You are correct. It is a packet sniffer which has been set up to record only the packets which meet the filter criteria selected. That is why the recommendation was that Carnivore was better for the FBI to use than a regular packet sniffer like EtherPeek which captures everything. Note that the review pointed out a whole bunch of problems with Carnivore that should be corrected.
1) Not one of the groups critical of Carnivore bothered to submit a proposal to have the chance to review Carnivore.
2) Read the report. The verdict was not, "Carnivore is OK". The report says that it should be used in place of even worse tools such as EtherPeek. It also lists quite a number of problems with Carnivore, such as the total lack of accountability, bugs in the analysis software, and it's ability to collect everything (up to its storage limits) if set improperly.
3) The reviewers were not "handpicked". Eleven groups bid to win the contract, more could have done so. IITRI happened to be the winner.
4) I agree that the government has no right to be snooping without a warrant. That is exactly why the FBI must get a warrant before installing Carnivore, and the must remove it at the expiration of the warrant.
5) Whether or not Internet wiretaps (like Carnivore) are legal under the existing wiretap statutes is something I'll leave to the legal experts to figure out. That was not part of the task IITRI was given to review either. I will grant thought that technology often outpaces changes in the laws.
My guess would be that a Tech Editing department expanded the acronym without asking the tech folk what it meant. Then the draft report, remember it is a draft, got sent out without the techies having a chance to review it.
To quote from the report, "A case agent controlling the Carnivore collection computer
from an external computer must know the correct telephone number and have an appropriately-keyed
CSP device, PCAnywhere software, a valid user name and password, and the
Administrator password for the Carnivore collection box."
So, the hackers will need just a little bit more than a PCAnywhere hack.
Slashdot Mirror
I wonder what the next new name will be? NSA had to change Tessera to Fortezza because of trademark concerns. It looks like DCS1000 is already taken.
There have been overlayed area codes in Maryland for a while now. It still only requires 10-digit dialing if you are local, 11 if long distance (toll call). The extra digits really aren't that big a deal. We've had 10-digit dialing for local calls for several years. I guess since we're in the FCC's backyard, we're the guniea pig for their new schemes.
IITRI didn't rubber stamp it either. Read the report, and you'll see they found quite a number of problems with it. Their only real recommendation is that it is better to use Carnivore which CAN selectively filter than commercial packet sniffers which read everything.
Where in the report does it say that?
Note that the article doesn't say Carnivore caused the problem directly. What caused the problem was the reinstallation of older software on the Earthlink system so that Carnivore could be used. If an ISP is forced to make such changes, then the claim could be made that the use of Carnivore caused the problem. However, the device itself was not the source of the problem. The older operating system software was.
I find nothing in that article to suggest that the FBI is planning to put Carnivore in every ISP. That is a fantasy of Mr. Cringley. In addition, his supposition that Carnivore could shut down the Internet is disproven by the use of the read-only tap and the fact that it can only handle up to a steady stream of 15Mbps recording to a Jaz drive or 60Mbps recording to a hard disk (facts taken from the report).
Even if 6000 Carnivore units could record all that traffic, who could possibly analyze it all in any reasonable period of time. Oh, I know, the FBI's allies at Ft. Meade will do it for them. Like they don't have enough data to deal with already from Echelon. :)
Well, convenient that the very next line of the report is not mentioned. It reads,
"Given that the advertised functionality provides ample capability to perform unauthorized surveillance, IITRI concluded there was little incentive to hide such capabilities in the code."
Why do that much analysis if it is obvious that it can collect everything anyway?
You are correct. It is a packet sniffer which has been set up to record only the packets which meet the filter criteria selected. That is why the recommendation was that Carnivore was better for the FBI to use than a regular packet sniffer like EtherPeek which captures everything. Note that the review pointed out a whole bunch of problems with Carnivore that should be corrected.
Several facts to point out regarding your post.
1) Not one of the groups critical of Carnivore bothered to submit a proposal to have the chance to review Carnivore.
2) Read the report. The verdict was not, "Carnivore is OK". The report says that it should be used in place of even worse tools such as EtherPeek. It also lists quite a number of problems with Carnivore, such as the total lack of accountability, bugs in the analysis software, and it's ability to collect everything (up to its storage limits) if set improperly.
3) The reviewers were not "handpicked". Eleven groups bid to win the contract, more could have done so. IITRI happened to be the winner.
4) I agree that the government has no right to be snooping without a warrant. That is exactly why the FBI must get a warrant before installing Carnivore, and the must remove it at the expiration of the warrant.
5) Whether or not Internet wiretaps (like Carnivore) are legal under the existing wiretap statutes is something I'll leave to the legal experts to figure out. That was not part of the task IITRI was given to review either. I will grant thought that technology often outpaces changes in the laws.
My guess would be that a Tech Editing department expanded the acronym without asking the tech folk what it meant. Then the draft report, remember it is a draft, got sent out without the techies having a chance to review it.
To quote from the report, "A case agent controlling the Carnivore collection computer from an external computer must know the correct telephone number and have an appropriately-keyed CSP device, PCAnywhere software, a valid user name and password, and the Administrator password for the Carnivore collection box." So, the hackers will need just a little bit more than a PCAnywhere hack.