If they have no dirty secrets to hide, they should willingly expose carnivores innards for review.
Old habits die hard. The government has a history of security-through-obscurity. They believe that they are well-enough equipped to design security systems and that by not letting the world know how they work, that improves security. Maybe true for the physical world, but definately not for a wired one.
The following is a repost from freenet-chat. Before we go attacking the FBI, it might be a good idea to look at their history.
--
What follows is an executive summary of Carnivore. The information
provided is accurate to the best of my ability. I am not responsible
for any omissions or factual errors.
--
First, it is called Carnivore. Second, "victim" is spelled "victim".
I will make a brief summary for those who have not heard of it.
Carnivore is a network of black boxes the FBI is planning on deploying
at all major ISPs to monitor e-mail traffic. One of the first major
ISPs to be asked to install it, Earthlink, refused on the grounds that
it was incompatible with their network infrastructure. Based on
information released, it is essentially a glorified packet sniffer
modified to capture e-mail communications.
The FBI claims that Carnivore is needed because criminals are
becoming more sophisticated and using e-mail to carry out criminal
activity. There is some precident to support this, as well as
evidence that the FBI may very well be justified in this. In many
cases since the early 80's phone logs have had a substantial impact
on forensics. The phone companies currently maintain logs on who
calls where for an indeterminate period of time, generally atleast
90 days. It makes sense to provide a network where this information
could be garnered online. The fact that e-mail is "plain text" and
requires no additional processing (unlike voice, which requires
someone to actually listen and transcribe the conversation), there
is a lower barrier to entry. Translated, it is cost effective.
Those are the justifications. Now, essentially the argument against
this boils down to one simple statement: Do you trust the government?
There is plenty of reason not to trust the government. There have
been a variety of high profile cases where the government spied on
citizens without a warrant or any judicial approval. In particular,
the handling of the Waco, TX and Ruby Ridge incidents come to mind
for the FBI. As a result, the FBI has been busily modifying judicial
procedures to allow them to tap without a warrant, as well as the
ability to use illegally obtained evidence. They have continually
been expanding their power base. Something which was illegal 5
years ago is now not only legal but approved by the majority of
citizens. Carnivore could be seen as part of a larger initiative
by the FBI to remove accountability for its actions and also to
treat the average citizen as the enemy until proven otherwise
(guilty until proven innocent). The current political atmosphere
the so-called "baby boomer" generation has engendered has further
fostered this attitude.
Other intelligence / law enforcement agencies have also been busily
adapting their organizations to take advantage of net-based technology.
Recently it was discovered the NSA had (and continues to) partner with
several countries including Great Britain, Franch, and Australia to form
a global monitoring network called Echelon. It is a more general
information gathering network than Carnivore and is more in-line with the
NSA's role in our government - handling signals intelligence (SIGINT).
I would request in advance that political discussion on this matter be
taken offline, as this issue has been hashed and rehashed on a variety
of websites, lists, and zines. Further information is available by
simply searching on Google (www.google.com).
--
Signal 11 -o- BOFH, boredengineers.com
All truth goes through three stages. First, it is ridiculed.
Then, it is violently opposed. Finally, it is accepted as self-evident.
Wimps! Don't these people know that in order to create the Black Hole Quantum Computer (see prev slashdot article) we'll need HEAT and LOTS OF IT? The way I see it, we'll ring the Laptop o Death with some P4's and seal it in styrofoam.. once it heats up to, what did they say - 1 billion kelvin? - then the damn thing implodes into a black hole and I get one helluva quake game.. for about 1.8 nanoseconds until the world is torn apart by the gravitational forces. But.. IMAGINE THE FRAMES PER SECOND YOU'D GET!
If I were a security firm charged with taking money from banks and transferring it to a safe location every evening, would it be sane for me to hire a bunch of convicted bank robbers to do it?
It is a rhetorical question, but one HNN felt that they had to bring up. No, life is not fair. Yes, some people are wrongly convicted. Yes, there is a stigma attached to computer "crime". Regardless, these are the rules you play by.
On the other hand, who better to hire than someone who has had real experience, as opposed to a paper cert? No wet-behind-the-ears MCSE is going to know how to craft security policy, how to do risk management, and how to do cost benefit analysis and everyone in the industry knows it.
It is a calculated risk every time you hire someone who has a criminal past. As a manager, it is your job to evaluate each person one by one and weigh the benefits. Most of the time if you're doing your job right, you'll find most people have had minor brushes with the law (reckless kids get drunk, smash mailboxes, etc), and computers are no different. We may be geeks, but many of us have a reckless streak - it's called being young. To outright deny these people a job is a failing on your part as a manager. Judge each person individually, and not as a group.
Hey, what happened to minaturization in the computer industry? At this rate, in 18 months, computers will weigh as much as a Ford Pinto and use more power than the ENIAC!
Slashdot readers were unsuprised when yet another linux article was released praising linux for advancing the {sticking it to the man|open source|gaming|applications|technology} industry. The FPI index (first post index) was up 4 points on the news, while linux stocks rallied 30,000 points. Industry analyst and resident karma whore Signal 11 was quoted as saying "DDDDDDDDDDDDDDDDDDDDDDDDDDDDD...." repeatedly, apparently as a result of falling asleep at the keyboard.
"In addition, you shall not use to the advantage of your personal enterprise any business information acquired on the job, at the Company."
This could be construed as a non-compete clause. In many states, these are unenforceable. You probably want to amend this to reference "trade secrets" and/or "business practices" instead. You can't tell me that as a web developer if I learn CSS or Javascript on the job I can't use that knowledge elsewhere. The whole point of employment is building your career and aquiring new skills. That statement is contrary to this basic principle of employment, and would be legally unenforceable, if not ethically questionable as well to request.
Now, using the same analogy, if as a web designer a company I worked for designed a new dynamic backend to deliver for, say, news content, and that backend contained alot of new ideas and features not found elsewhere in the industry and where knowledge of that (if aquired by competitors) would cause material harm to the company, then yes.. such knowledge should be protected. However that should be done in a seperate document and made explicitly clear to employees both at the time of employment, and at periodic intervals afterwords (if it is that important, you should take great pains to ensure everyone knows this - due diligence).
Yes, I know you don't mean this to be a legal document, but as a policy document for a company, it could be used in legal preceedings, however IANAL.
I can think of a reason why this might be. What if there is more than one black hole? Think about it - we can only observe things from essentially one angle - Earth. While we DO rotate around the sun and all that, our position doesn't change too much.
Who's to say there isn't a black hole behind this one (twin black holes rotating around each other.. Yum!) ?
That being said.. this is interesting because it may mean gravity's pull isn't directly proportional to the mass of an object. This would certainly add a wrinkle to special relativity (if you'll pardon the pun).
Geography-based is GOOD. The reason is that it greatly reduces the pissing contests between, say, Ford Electrical and Ford Motor Company both competing for www.ford.com. Now you can have www.ford.minneapolis.mn.us and www.ford.detroit.mi.us. The internet may be "transcending international borders" but it doesn't mean we have to throw a way a perfectly good organizational scheme merely to appease the pundits.
Okay, this is a replay to an uninformed post which is bordering on pointless, but let me clear some things up for you.
1) This article was intended as humor. Obviously for a humor-impaired person such as yourself the subtlety of this fact must have escaped you.
2) While this article does offer more hot air than previous posts, I still believe it is very funny. Obviously there are technical problems in compressing hot air, and we're working on them, but I still believe it is better than the use of cold-air in the post-modern 3rd wave era of bullsh*tting.
3)AMD has nothing to do with this article. For that matter, neither does Rambus, DDR SDRAM, the pope, or my left over bag of doritos chips.
4) It would take far less time if you would just start seeing things my way.
Sig11's RAM Guide -----------------
(Note: This article has been reformatted to fit your screen, and editted for slashdot-PCness)
Rambus - Evil standard put out by Intel. It's bad, really bad. You should never buy it no matter what. Why? Because Intel is an evil bad corporation that made lots of money. Buy AMD instead.. they, uhh.. made less money! Alternatively, buy the chips and drill holes in them to let out the evil spirits before use.
SDRAM DDR - Horray! Our savior! This type of RAM has none of the evil problems Rambus has (which, for space, we are choosing not to reproduce said list of problems), and they're made by a bunch of l335 d00ds fighting the evil Intel empire. Nevermind that they're produced overseas in sweatshops like Nike shoes and the people on the assembly line deal with chemicals that could take the paint off your car in 5 seconds flat... they are l335!
They don't realize what they're dealing with, do they? A traditionally decentralized group, computer geeks, have a modus operandi of operating under the radar screens of people like this. Infact, geeks usually only notice these kinds of people when they are specifically pointed out.
So you have this MASSIVE decentralized movement consisting of between 80 and 300 thousand people, depending on who's figures you go by, and they keep a low profile. Sure, you get a few lawsuits here, alittle press there, but considering the magnitude of what we are doing, it's suprising this hasn't been making the headlines for weeks on end - it's far bigger than the OJ Simpson trial, the Year 2000 New Year's Bash, or, well.. any event since the start of the millenium.
No, I think they're strutting around, being the pompous asses that they are, and they have no clue that they're opening the pandora's box of copyright issues - if there has ever been an organized attempt to take down corporations, this is it. Demonstrations in Seattle and the NAFTA protests before that pale in comparison to the damage a successful attack on IP would do in this country. And rather than taking us seriously, they're calling us a bunch of immature punk kids with a bent on going against the grain and who have a keyboard. That is not at all who they are dealing with. They are dealing with the Borg - a decentralized movement with no leaders, and a common cause. How the hell are they going to combat an idea? Imprison every developer in the world? Who will keep the e-commerce infrastructure going, or the "dot commies"?
Heh, it's the other way around guys, you're being a bunch of arrogant suits and you're about to get your ass handed back to you by a bunch of hippies who do nothing but convert caffeine into code all day. I'm going to love watching this..
From: Engineering Team (techgods@kremvax.org)
To: Admiral Xinablutznuk (phb@kremvax.org)
Subject: homing circuit
Date: 8, October, 1999
Hey, like, dude, we just, like, wanted to let you know that, uhh, there's a bug, well, a really small one, in the guidance system. If you, uhh, point the torpedo at yourself, it will, you know.. do it's thing...
Probably nothing though, we fixed it by putting a sign on the side of the launcher that says "Point this side towards enemy"..
From: Admiral Xinablutznuk (phb@kremvax.org)
To: Engineering Team (techgods@kremvax.org)
Subject: homing circuit
Date: 21, Jun, 2000
Das, are you thinkink we are stupid? Remove the sign, our sailors know this!
The legal system can't stop me from wandering down to radioshack and picking up a 1M resistor and a 741 opamp.... Christ, their security scheme could be bypassed for $2.50 in parts!!!!
encrypted signals to digital speakers so that the audio can't be captured over the USB bus.)
That's really a stupid idea because all one needs to do is hook a resistor up to the coil of the speaker and then judiciously oversample. You could do this without damaging the speaker. The RIAA claims they do this to prevent "digitally perfect" copies from being circulated on the 'net.. but as anyone who has listened to an MP3 can tell you, it's not perfect, it's "good enough". The quality from this hack would be higher than an mp3 encoding from the original (digital) source.
I guess I should be thankful though.. the copyright industry is too stupid to do it right..
This is far beyond the ten-second delay on live shows allowing for bleeping foul language.
It's not 10, it's 2. And not only that, how the hell do *you* *know* whether it is live or delayed 30 minutes? You don't... you have to take their word for it. Alot can happen in 30 minutes.. just wonder on down to the library and try to find out the weight of a Mr. John F. Kennedy's brain after he was shot.
Slashdot Mirror
Old habits die hard. The government has a history of security-through-obscurity. They believe that they are well-enough equipped to design security systems and that by not letting the world know how they work, that improves security. Maybe true for the physical world, but definately not for a wired one.
--
What follows is an executive summary of Carnivore. The information provided is accurate to the best of my ability. I am not responsible for any omissions or factual errors.
--
First, it is called Carnivore. Second, "victim" is spelled "victim". I will make a brief summary for those who have not heard of it. Carnivore is a network of black boxes the FBI is planning on deploying at all major ISPs to monitor e-mail traffic. One of the first major ISPs to be asked to install it, Earthlink, refused on the grounds that it was incompatible with their network infrastructure. Based on information released, it is essentially a glorified packet sniffer modified to capture e-mail communications.
The FBI claims that Carnivore is needed because criminals are becoming more sophisticated and using e-mail to carry out criminal activity. There is some precident to support this, as well as evidence that the FBI may very well be justified in this. In many cases since the early 80's phone logs have had a substantial impact on forensics. The phone companies currently maintain logs on who calls where for an indeterminate period of time, generally atleast 90 days. It makes sense to provide a network where this information could be garnered online. The fact that e-mail is "plain text" and requires no additional processing (unlike voice, which requires someone to actually listen and transcribe the conversation), there is a lower barrier to entry. Translated, it is cost effective.
Those are the justifications. Now, essentially the argument against this boils down to one simple statement: Do you trust the government? There is plenty of reason not to trust the government. There have been a variety of high profile cases where the government spied on citizens without a warrant or any judicial approval. In particular, the handling of the Waco, TX and Ruby Ridge incidents come to mind for the FBI. As a result, the FBI has been busily modifying judicial procedures to allow them to tap without a warrant, as well as the ability to use illegally obtained evidence. They have continually been expanding their power base. Something which was illegal 5 years ago is now not only legal but approved by the majority of citizens. Carnivore could be seen as part of a larger initiative by the FBI to remove accountability for its actions and also to treat the average citizen as the enemy until proven otherwise (guilty until proven innocent). The current political atmosphere the so-called "baby boomer" generation has engendered has further fostered this attitude.
Other intelligence / law enforcement agencies have also been busily adapting their organizations to take advantage of net-based technology. Recently it was discovered the NSA had (and continues to) partner with several countries including Great Britain, Franch, and Australia to form a global monitoring network called Echelon. It is a more general information gathering network than Carnivore and is more in-line with the NSA's role in our government - handling signals intelligence (SIGINT).
I would request in advance that political discussion on this matter be taken offline, as this issue has been hashed and rehashed on a variety of websites, lists, and zines. Further information is available by simply searching on Google (www.google.com).
--
Signal 11 -o- BOFH, boredengineers.com
All truth goes through three stages. First, it is ridiculed.
Then, it is violently opposed. Finally, it is accepted as self-evident.
Heh, I'd buy it just because my furnace is failing and Minnesota winters are damned cold.
~ Signal 11
It is a rhetorical question, but one HNN felt that they had to bring up. No, life is not fair. Yes, some people are wrongly convicted. Yes, there is a stigma attached to computer "crime". Regardless, these are the rules you play by.
On the other hand, who better to hire than someone who has had real experience, as opposed to a paper cert? No wet-behind-the-ears MCSE is going to know how to craft security policy, how to do risk management, and how to do cost benefit analysis and everyone in the industry knows it.
It is a calculated risk every time you hire someone who has a criminal past. As a manager, it is your job to evaluate each person one by one and weigh the benefits. Most of the time if you're doing your job right, you'll find most people have had minor brushes with the law (reckless kids get drunk, smash mailboxes, etc), and computers are no different. We may be geeks, but many of us have a reckless streak - it's called being young. To outright deny these people a job is a failing on your part as a manager. Judge each person individually, and not as a group.
Look buddy, any more revisionist history outa you and I'll (to quote) "break your head with many open source cds" (in all caps).
Well.. I guess that's progress...
Slashdot readers were unsuprised when yet another linux article was released praising linux for advancing the {sticking it to the man|open source|gaming|applications|technology} industry. The FPI index (first post index) was up 4 points on the news, while linux stocks rallied 30,000 points. Industry analyst and resident karma whore Signal 11 was quoted as saying "DDDDDDDDDDDDDDDDDDDDDDDDDDDDD...." repeatedly, apparently as a result of falling asleep at the keyboard.
Mmmm.. maybe because normal relativity doesn't like black holes very much?
This could be construed as a non-compete clause. In many states, these are unenforceable. You probably want to amend this to reference "trade secrets" and/or "business practices" instead. You can't tell me that as a web developer if I learn CSS or Javascript on the job I can't use that knowledge elsewhere. The whole point of employment is building your career and aquiring new skills. That statement is contrary to this basic principle of employment, and would be legally unenforceable, if not ethically questionable as well to request.
Now, using the same analogy, if as a web designer a company I worked for designed a new dynamic backend to deliver for, say, news content, and that backend contained alot of new ideas and features not found elsewhere in the industry and where knowledge of that (if aquired by competitors) would cause material harm to the company, then yes.. such knowledge should be protected. However that should be done in a seperate document and made explicitly clear to employees both at the time of employment, and at periodic intervals afterwords (if it is that important, you should take great pains to ensure everyone knows this - due diligence).
Yes, I know you don't mean this to be a legal document, but as a policy document for a company, it could be used in legal preceedings, however IANAL.
Who's to say there isn't a black hole behind this one (twin black holes rotating around each other.. Yum!) ?
That being said.. this is interesting because it may mean gravity's pull isn't directly proportional to the mass of an object. This would certainly add a wrinkle to special relativity (if you'll pardon the pun).
Geography-based is GOOD. The reason is that it greatly reduces the pissing contests between, say, Ford Electrical and Ford Motor Company both competing for www.ford.com. Now you can have www.ford.minneapolis.mn.us and www.ford.detroit.mi.us. The internet may be "transcending international borders" but it doesn't mean we have to throw a way a perfectly good organizational scheme merely to appease the pundits.
1) This article was intended as humor. Obviously for a humor-impaired person such as yourself the subtlety of this fact must have escaped you.
2) While this article does offer more hot air than previous posts, I still believe it is very funny. Obviously there are technical problems in compressing hot air, and we're working on them, but I still believe it is better than the use of cold-air in the post-modern 3rd wave era of bullsh*tting.
3)AMD has nothing to do with this article. For that matter, neither does Rambus, DDR SDRAM, the pope, or my left over bag of doritos chips.
4) It would take far less time if you would just start seeing things my way.
5) This is where the reader stopped.
-----------------
(Note: This article has been reformatted to fit your screen, and editted for slashdot-PCness)
Rambus - Evil standard put out by Intel. It's bad, really bad. You should never buy it no matter what. Why? Because Intel is an evil bad corporation that made lots of money. Buy AMD instead.. they, uhh.. made less money! Alternatively, buy the chips and drill holes in them to let out the evil spirits before use.
SDRAM DDR - Horray! Our savior! This type of RAM has none of the evil problems Rambus has (which, for space, we are choosing not to reproduce said list of problems), and they're made by a bunch of l335 d00ds fighting the evil Intel empire. Nevermind that they're produced overseas in sweatshops like Nike shoes and the people on the assembly line deal with chemicals that could take the paint off your car in 5 seconds flat... they are l335!
So you have this MASSIVE decentralized movement consisting of between 80 and 300 thousand people, depending on who's figures you go by, and they keep a low profile. Sure, you get a few lawsuits here, alittle press there, but considering the magnitude of what we are doing, it's suprising this hasn't been making the headlines for weeks on end - it's far bigger than the OJ Simpson trial, the Year 2000 New Year's Bash, or, well.. any event since the start of the millenium.
No, I think they're strutting around, being the pompous asses that they are, and they have no clue that they're opening the pandora's box of copyright issues - if there has ever been an organized attempt to take down corporations, this is it. Demonstrations in Seattle and the NAFTA protests before that pale in comparison to the damage a successful attack on IP would do in this country. And rather than taking us seriously, they're calling us a bunch of immature punk kids with a bent on going against the grain and who have a keyboard. That is not at all who they are dealing with. They are dealing with the Borg - a decentralized movement with no leaders, and a common cause. How the hell are they going to combat an idea? Imprison every developer in the world? Who will keep the e-commerce infrastructure going, or the "dot commies"?
Heh, it's the other way around guys, you're being a bunch of arrogant suits and you're about to get your ass handed back to you by a bunch of hippies who do nothing but convert caffeine into code all day. I'm going to love watching this..
I forgot to mention that /this/ is the reason for all major f*ckups - management. :)
To: Admiral Xinablutznuk (phb@kremvax.org)
Subject: homing circuit
Date: 8, October, 1999
Hey, like, dude, we just, like, wanted to let you know that, uhh, there's a bug, well, a really small one, in the guidance system. If you, uhh, point the torpedo at yourself, it will, you know.. do it's thing...
Probably nothing though, we fixed it by putting a sign on the side of the launcher that says "Point this side towards enemy"..
From: Admiral Xinablutznuk (phb@kremvax.org)
To: Engineering Team (techgods@kremvax.org)
Subject: homing circuit
Date: 21, Jun, 2000
Das, are you thinkink we are stupid? Remove the sign, our sailors know this!
TV uses a timing pulse. Just put a sync pulse on a particular frequency...
I was just trying to point out how cheap one could do it... there are radioshacks everywhere... but how many Fry's are there?
The legal system can't stop me from wandering down to radioshack and picking up a 1M resistor and a 741 opamp.... Christ, their security scheme could be bypassed for $2.50 in parts!!!!
That's really a stupid idea because all one needs to do is hook a resistor up to the coil of the speaker and then judiciously oversample. You could do this without damaging the speaker. The RIAA claims they do this to prevent "digitally perfect" copies from being circulated on the 'net.. but as anyone who has listened to an MP3 can tell you, it's not perfect, it's "good enough". The quality from this hack would be higher than an mp3 encoding from the original (digital) source.
I guess I should be thankful though.. the copyright industry is too stupid to do it right..
No, you idiot, I'm saying that you can't just make a convincing lie in a couple minutes... or seconds.. it takes time to fool people.
It's not 10, it's 2. And not only that, how the hell do *you* *know* whether it is live or delayed 30 minutes? You don't... you have to take their word for it. Alot can happen in 30 minutes.. just wonder on down to the library and try to find out the weight of a Mr. John F. Kennedy's brain after he was shot.
There isn't, it's only the frequency and energy level used that differentiates it...