Earthlink Refuses To Install Carnivore 316
A reader wrote in with story on C|Net that Earthlink has said that it will *not* install Carnivore, the FBI mail snoop program. Earthlink has said that it will cause disruptions to their customers, and thus refuses to install it. I'd say that's valid. Cringley has a story where he suggests that Carnivore is really about giving the government the power to shut down the Internet.
Now I feel better (Score:4)
Boy! I hope she gets Al Gore to help her out... She'll probably need it and since he invented the internet, I'm sure he can help her understand how it works.
---
Actually... (Score:4)
This might not last (Score:5)
Promiscuous mode at the colo center (Score:3)
Lesser of two evils? (Score:5)
Remember, the RIAA and MPAA are both carrying out their little crusades in the name of 'business' reasons.
Earthlink. (Score:2)
Re:Now I feel better (Score:2)
Maybe they can use it to recover all that "lost" White House e-mail....
/.
Whoa (Score:5)
I think it's great that the FBI is using Carnivore, though. I mean, what better way to promote the usage of newer, secure protocols such as IPsec, Secure Shell, SCP, and privacy suites such as Pretty Good Privacy? And what better way, I ask you, to promote the retirement of older, flaky, insecure protocols like telnet and FTP?
Well, something will eventually make people switch. Might as well be the Feds.
Still, I think Earthlink is justified in denying the FBI the ability to shut off their service at random. That's just too much power, plain and simple. I hope they take this to court and win.
Earthlink (Score:2)
You'll install it, you have no choice. But I doubt you'll be nearly as brazen in the announcement that it was installed as you were in your announcement that it would not be.
Accuse me of having little faith, but I believe that until we rearchitecture the network to utterly defeat measures like this (transparent crypto?) the government will continue to use its machinery to coerce and manipulate the key internet players. Witness the "NSA key" in Windows 95/98/NT/W2K. Note how long until we found out about Echelon. Read how cryptography.. essentially a collection of mathematical formulas.. is classified as "munitions". The CDA, the DMCA, and a plethora of riders to innocent-sounding bills that we probably still haven't become public knowledge.
Someday, someone is going to need to devise a technical solution to these political problems. This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press. Literally, with the click of a mouse button, we can go public with thousands of pages of information, blow the lids off back-office politics, and empower the average citizen to take back their democracy and demand their rights. This is why of all the new laws being passed, it is against "computer crime" (civil disobedience by another name) is being targetted with the most extreme forms of retribution our legal system has to offer. $300k fines? 10 years in jail? These are punishments that most people conviced of felony manslaughter don't get.
Good luck Earthlink.. but this ain't how you're going to beat them. If you want to beat them, adopt IPv6, and give your customers end-to-end encryption. Then.. go ahead and let them install omnivore. A boat load of good it'll do them then!
Corporate Ethics? (Score:4)
I must say, I'm impressed.
Most corporations don't often show much in the way of morality or ethics, and you can't really expect them too. Any publicly held company has to report to their shareholders, and if they start taking moral stands at the risk of stock value, they can get hit with due dilligence lawsuits from their shareholders. Most companies that espouse morals and principles do it as part of a corporate image, which in turn drives profits. (i.e. Microsoft exists to innovate and make computers better, Apple is brought to you by Einstein, because they think different)
So it's very rare the companies have the metaphorical balls to do shit like this. I don't know much about Earthlink, but they have my respect now.
I hope they don't get raped by the gov for this.
Cringely has missed the point here. (Score:3)
The issue is the lack of independent inspection of what is in this Carnivore box. The ISP only has the FBI's word that it is not doing any improper snooping. Who knows what else it might be scanning for.
Reno has promised to check things out, but even granting her good intentions she is at the mercy of reports prepared by her underlings.
If such boxes are to be built and installed then the software they run should be open to inspection and the precise description of the files to be snooped should be part of the warrant. (I take it these things do need a warrant....)
Paul.
The Cringley Article (Score:5)
Why would they want to do that? There's no real reason that I can think of, unless they want to destroy the U.S. economy in one fell stroke.
Instead, I suggest that they're using Carnivore as the thin edge of a very big wedge. Sure, they could sniff email traffic without a big black box. But by using a box, they get access to ISP premises every time they get a wiretap order.
With big ISPs, they'll probably be installing those things several times a year. Eventually they'll be able to say "hey, why don't you just let us leave this thing plugged in?".
Then, rather than having to go and plug in their big black box every time they get a wiretap order, they'll have the boxes all plugged in all the time.
And that's when we'll find out that those boxes can do stateful packet inspection if asked. Next thing you know, they'll be able to physically prevent you from seeing "unauthorized" data on offshore servers. Kiss that data-haven goodbye.
. . . but then again, I'm feeling paranoid today.
Wait a second... (Score:2)
Doesn't it bother anyone that Earthlink is doing this because of customer disruption rather than privacy concerns?
Encrypt your email -- screw the FBI.
--
god given right (Score:5)
On a day to day basis, I think most of us forget that the internet evolved out of a government program and not through open-source advocacy.
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion. No, they can not block you from sending or receiving, but they can look if they have substantial evidence. And yes, there are laws to make sure that they aren't looking unless they have substantial reason to be looking.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
so instead of whining about your god given right to snoop-free internet access, actively protect yourself by encrypting your emails if your privacy is so important to you.
Re:Lesser of two evils? (Score:2)
Re:Sprint FBI (Score:2)
Somebody has to, and they're in a better position than most.
/.
Haiku (Score:2)
Then e-mail came. Smile, people,
You're on camera!
They're going to add pgp users to a list! (Score:3)
I found this quote on cnet's article about the aclu's objection especially telling "Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company's customers, with the 'assurance' that the FBI will record only conversations of the specified target," read the letter. "This 'trust us, we are the government' approach is the antithesis of the procedures required under our wiretapping laws."
Or the FBI could... (Score:2)
Show up at every ISP with a SWAT team and shut off the power.
Cut the big pipes that carry traffic up and down the east coast (or cross-country... hey, it wouldn't bring the internet down, but it would slow it up considerably.)
Face it, the US government has the resources and manpower to do just about whatever it wants to the US portion of the Internet. Problem is, NONE OF THOSE OPTIONS WOULD BE LEGAL! And neither would using the Carnivore's to cut off a legitimate ISP. I can't believe a court would allow that under anythign but the most severe circumstances. As the Microsoft case has shown, most federal judges (even those like Jackson with little technical expertise) are pretty bright guys. They can catch on to the issues quickly and see what's truly important.
So relax. I mean it. Life's too short...
I wonder if the FBI is reading MY mail? (Score:3)
the reason it would be too interruptive... (Score:2)
Every single day it's "Find Out About Anyone Fast!" or "Find [Out] About (Anyone) Fast!"
You can't even add rules to outlook fast enough to keep up with it all. It'd be a full-time job.
Hmmm... There's already talk about CPO, Chief Privacy Officer, how about a CSO - Chief Spam Officer... Somebody who sets the spam rules for an entire corporation...
What's with the "Officer" anyway? We're not in the military...
Re:Promiscuous mode at the colo center (Score:3)
Besides, if the FBI dropped a computer on a switch and told them the ISP it was going into promiscuous mode, and there ain't a damned thing you can do about it because we're the FBI, then I suspect they wouldn't shut the system down. Meaning that in a sense, Cringley is right: they don't have to locate the machine right next to the router as traffic comes into the ISP facility; they can locate the box just about anywhere and as long as there isn't a packet filter at the switch, the box could theoretically get every packet.
I do disagree with Cringley that the FBI wants the power to shut the Internet down. I suspect the FBI wants to place their machine right on the router as traffic comes in because they're too dumb to realize that they don't have to do this.
Re:Sad but true (Score:2)
How hard is it to route traffic around the 'Carnivore' box -- um...two clicks of an RJ-45 cable. Remember what happened when radio stations were knocked out in WWII by the Germans?
--
Re:Earthlink is Wrong (Score:2)
Many of you are missing the point... (Score:5)
Cringeley is right to be concerned about the CPOF implications of having FBI-controlled boxen sitting at the edges of American ISPs, though. Think about this in the context of the Internet Gambling Ban [slashdot.org] headed down the pike. Or the Drug information censorship act [slashdot.org] (aka, "Methamphetamine Anti-Proliferation Act", now buried in a bankruptcy-reform bill in conference). Sure the courts will probably strike down the prior-restraint provisions of the latter, but imagine a bill that doesn't address the publishing, but merely gives the FBI authority to "kill-file" a certain class of sites at the ISP level, without actually restricting the right to publish per se.
Having consulted on a computer crime case for the FDLE, I've seen the "us-against-them" mentality inside the investigative law enforcement community first hand. "Them" doesn't mean just "criminals" either - from the LE perspective, there are only 3 types of people in the world: cops, convicts, and suspects. That the FBI (with their sterling history since the days of J. Edgar) would be on the leading-edge of such surveillance/enforcement techniques is wholly unsurprising to me.
-Isaac
Re:Corporate Ethics? (Score:2)
This is not about ethics. This is about increasing stock value. In 5 easy steps.
1) take popular stance against "th' Govnmint"
2) see geeks rally behind you, often transferring accounts to your service
3) reap the rewards of y*10^8 geeks who think you're a better company, more concerned with privacy than investor relations
4) Quitely kowtow when "th' Govnmint" says "we really mean it"
5) in a limited - distribution, boring-by-design press release, state that the requirements have been met.
Re:god given right (Score:5)
On a day to day basis, I think most of us forget that the internet evolved out of a government program and not through open-source advocacy.
I fail to see how these two statements are mutually exclusive. Or are you forgetting that little blurb about Of the People, by the People, and for the People? It really pushes my buttons when someone basically says, "It was developed by the government, so consider yourself LUCKY you can use it."
My tax dollars (okay, not many of those, as I was only born in 1974. But the tax dollars of my parents) went into creating this technical terror, and I will be damned if the DOJ takes the attitude of "we built it, so we can listen in"
Re:Good! (Score:2)
This poses a few interesting questions, even for those of us outside the US. It is quite possible (and in some cases quite likely) for my email to be routed via the US on it's way from my UK based ISP to some other (non US) ISP (for obvious reasons the UK-US links are generally bigger and better than UK-somewhere else). Now, if the FBI 'accidentally' snoop my message to (say) someone in Australia, what happens? A US agency has (illegally?) snooped on email between two non-US citizens, both located outside the USA. Surely that's a matter for governmental concern (US and otherwise).
Suppose my mail is to a friend elsewhere in Europe, this would surely contravene European privacy laws. Where does the legislation end? Is it purely a case of where (all) the intermediate servers are, or on the end points of the communication?
it must be psychic (Score:2)
Wow, why don't they just go after these foul pesky identified 'criminals' if they know where their e-mail is coming from!?
Hey, does this mean I should stop uploading MP3s onto Usenet?
Pope
Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
Cringley's lost it... (Score:2)
Every ISP I've ever seen, been in, or worked at used (at the very least) layer 2 switches to isolate colo'd servers. Some would even go as far as layer 3 switching and subnetting. How on earth does Cringley think that any colo'd server could sniff an entire ISP's network?
I used to think that Cringley had at least a modicum of clue, but now I wonder. In an earlier part of his column, he suggests that every router could be set up to re-direct E-mail to the FBI with 'just a few lines' of configuration in the router. What a bunch of crap! Filtering E-mail requires access to the application layer, not the network layer as most ISP's routers would look at. And to suggest that such a scheme would inflict no penalty on teh routers is just ludicrous. Jumping from layer 3 routing to layer 7 routing would be a serious hit, especially on a GB level router.
sigh.... Unfortunately, I suppose there are people in this world that are ignorant enough to write stuff like that, let alone buy it.
Re:god given right (Score:2)
Relevance?
And yes, the FBI also has the right to be able to intercept both your phone calls and your emails if you are under suspicion. No, they can not block you from sending or receiving, but they can look if they have substantial evidence.
Legitimate search warrants are limited to some specific item of suspicion -- open-ended fishing expeditions are illegal.
Carnivore circumvents this limitation by sweeping all traffic. With the ISP and other parties "out of the loop" of data gathering, there is no way to limit the FBI's surveillance to the scope of the warrant.
And yes, there are laws to make sure that they aren't looking unless they have substantial reason to be looking.
Many of them have broken those laws (COINTELPRO, etc). How many of the perps did time at Club Fed (much less the don't-bend-over-for-the-soap real prisons where they belong)?
/.
Re:Earthlink (Score:3)
Ringer? You don't mean wringer, do you?
BTW that's a good use for collecting all the info on everybody you can -- when the need arises you can always lean on them (aka blackmail).
until we rearchitecture the network to utterly defeat measures like this (transparent crypto?)
You cannot. A TCP/IP network is a "dumb" network and does nothing for security. Besides, you can always sniff at the router, provided you have access.
Crypto solves this problem, but it has nothing to do with network architecture.
Someday, someone is going to need to devise a technical solution to these political problems.
Sorry. Technical solutions to political problems are very, very rare. After all, that's why they are political problems and not technical. Technology may open new ways to solve social and political problems, but it does not solve them by itself.
empower the average citizen to take back their democracy and demand their rights.
Meaningless blabber. What does "take back democracy" mean? Demand which rights? The right to sue anytime something bad happens to you? One of the problems with the Western public is that is is very happy to surrender rights for entitlements.
give your customers end-to-end encryption.
An ISP cannot "give" encryption to customers. Crypto lives at the ends of the link and the ISP only has control over the link itself. You can advise people to use crypto, but you cannot force them to use it (hint: most people consider crypto to be too much of a hassle).
Kaa
Re:Promiscuous mode at the colo center (Score:2)
-russ
Co-Lo Sniffing (Score:2)
Re:Promiscuous mode at the colo center (Score:4)
Re:Cringely has missed the point here. (Score:2)
Re:Promiscuous mode at the colo center (Score:3)
Ahem. Go to the l0pht site and look at their tool called Anti-Sniff.
Maybe then you would want to reconsider your position.
Kaa
Re:Lesser of two evils? (Score:5)
Um, it's called civil disobedience, a basic responsibility of any free people. And a citizen cannot "usurp" power from a democratic government, by definition, because supposedly all government power belongs to the governed to begin with and is merely loaned to the government to promote common good, defense and stuff. So your concern might better be stated in the reverse: the government usurping a business' rights to free association and enterprise, as well as citizens' rights to freedom from unlawful search and seizure, in order to support dubious efforts to combat possibly nonexistent crime.
Re:Hmmm......... Paranoia? (Score:2)
-russ
It's All about the taxes..... (Score:2)
Right now the internet is out of control in the minds of the govt. It is the one thing that they haven't figured out how to tax. So, they put these boxes in the major areas, track you and figure out what you are buying, where you are coming from and then they can apply the appropiate tax to you. Govt gets its money and you get to be tracked and watched like a bad TV series. Nice eh?
I may be off but I may be right....and that's the scary thing.
constitutional rights and legislated priveleges (Score:4)
I get so tired of people using the word "right" when they mean privelege.
The FBI doesn't have any "rights" whatsoever, constitutional or otherwise. They have priveleges, vast priveleges extended to them by congress and upheld by courts who are more concerned with expediency than they are the constitution, much less individual civil liberties.
These priveleges include wiretapping. However, if the various government agencies continue to abuse these priveleges, congress or the courts could pass a law, or make a ruling, to place additional limits on that privelege, or revoke it entirely.
Not that either institution is likely to display such courage, but they could if they so chose.
and while they have the right to look, users also have the right to encrypt their email to prevent this.
Again, we have the privelege of being able to use encryption to prevent snooping.
We desperately need a constitutional amendment guaranteeing us a right to privacy, including encryption and control of our data.
Our forfathers took the right to privacy to be a given, and only really anticipated one possible abuse of it, which they explicitly disallowed in the constitution. Had they taken the subject up more generally this wouldn't be a problem, but alas, they considered privacy in large part to be a given and didn't explicitly write it into the constitution as a right. While they could extrapolate many threats to our democracy, they never dreamed of the kinds of intrusions into our private lives we now take for granted, and are no doubt spinning in their graves as I type this. As a result, a right we all perceive ourselves is woefully missing from our most fundamental law, with the kind of auful results we read about here on slashdot nearly every week.
Alas, I am about as optomistic about congress and the states enacting a constitutional amendment to protect our privacy as I am about NASA getting a reasonable level of funding. The chances in both cases are unfortunately nil.
Lucky it wasn't smaller ISP (Score:4)
A head systems admin at a major University once warned me about crossing the FBI. It's a very quick way of going out of business. He made it very clear that the FBI is aware of the economics of ISP's. If you're down for more then a few minutes you'll start to lose customers. ISPs that go against the feds find out pretty quickly that all they have to do is confiscate all your equiptment as evidence. Maybe after a year or so you'll get your stuff back.
I can picture the feds in front of the judge now: "Well your honor, we wanted to place a monitor on the network but they would not allow us to. The only recourse we have is to take the computers and examine the hard drives."
Bam, Feds come knocking on your door, they leave with a bunch of computers, next week all your customers are gone and you've got bills to pay.
Re:Promiscuous mode at the colo center (Score:2)
No, Cringley is not right. It all depends on the way the ISP is set up, but theoretically if you are on a network segment delineated by a switch, you will not see packets on other network segments beyond that switch. I doubt very much that any ISP larger than a very small one has network where from one non-router location you could sniff all traffic. After all that's why the switches were invented.
Kaa
Re:Wait a second... (Score:2)
It's one thing for Toysmart to violate your 4th Ammendment rights, but when the FBI does it -- all hell breaks loose and people actually get punished for it. Or at least, that's how it's supposed to work.
--
Re:Earthlink (Score:2)
Don't believe me? Ask yourself how the United States manages (more or less) to govern workably across a linear distance of 3000 miles. The States could never have remained an integrated political and culture whole without advances such as telegraphy and the railroads ... ancient empires of comparable size were considerably less stable and considerably more decentralized.
I don't know who to be more pissed at... (Score:2)
I just love how law enforcement feels how they can invade the privacy of everyone because there are only a few people who are causing the problems.
This is just plain lunacy, pure and simple.
Re:Sprint FBI (Score:2)
Well, duh; most people look out for their own interests first. The trick is finding enough common ground to work with.
For instance, I don't think that software companies lobbied against Clipper, crypto export regs, etc because they care about my privacy. They did it because the government's policies interfered with their ability to make money. That doesn't change the fact that the lobbying work was beneficial.
There isn't all that much common ground here (Earthlink's objection is stated to be technical, not political), but it does have the beneficial effect of making things a bit more difficult for the government.
/.
Re:Cringley's lost it... (Score:4)
Filtering E-mail requires access to the application layer...
Bzzzzt. Incorrect. Thanks for playing.
All email is transmitted from place to place using the well-known SMTP port (port 25). All a router has to do is forward any packets with that destination port (incoming OR outgoing) in their header to the original destination and the FBI's destination, where the individual packets can be put back together into the complete email using all the other fun stuff in the various packet headers. It's like making a copy of every email that gets sent to or from that network. Of course, there really wouldn't be any way for a simple router to know WHO those emails are for; they're not capable of, say, doing a "grep" operation on the actual contents of the data of the packets to find the "To: " field of the email. This of course would mean that every email that goes through that network would end up in the FBI's evil little hands. EVERY EMAIL. Similarly, if they were to forward ports 20 and 21, every FTP packet could be forwarded to the FBI as well as its actual destination. For port 23, every byte of every telnet session. For port 80, every bit of a webpage. You get the idea. And what else is in every TCP/IP packet? Yep; the destination IP address. So the FBI could also know precisely what machine was on the receiving end of every packet, too... isn't that great?
Now, there's no guarantee that these Carnivore boxes wouldn't do the same thing, of course, but if they only forward emails from/to a particular address (because they DO have access to the Application layer), that would be much better than having to set a router to forward ALL emails to the FBI's minions. Not that I'm saying Carnivore isn't evil... it quite clearly is. "I'm from the government; I'm here to help" isn't one of the All-Time Greatest Lies for nothing, you know.
Unfortunately, I suppose there are people in this world that are ignorant enough to write stuff like that, let alone buy it.
...and other people who, having only part of the knowledge required to accurately pass judgement on someone, are ignorant enough to dispute it. Know your facts before speaking...
"The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."
Even worse than that... (Score:3)
That said, Carnivore is a horrible idea. If the telco can restrict snooping access to particular lines by selecting only the ones used by the persons under investigation, that's fine. Using an undocumented, un-accountable black box to snoop everything going through an ISP is not acceptable; it's tantamount to letting the cops snoop everything on an entire phone exchange because of a single suspect using it.
Amusing thought: How secure are the Carnivore boxen, and how much egg would the FBI have on its face if someone successfully hacked them? If the FBI isn't having nightmares over this possibility, they're not smart enough to be running something like Carnivore.
--
Re:Call me ignorant, but... (Score:2)
Or search google.com for pgp
then try ipsec (which is a bit more complicated) and a few others.
Everyone and their mother should own a copy of PGP, otherwise your just unAmerican (hehe)
Re: (Score:2)
Re:Good! (Score:2)
- Although it's possible that your packets may route through the US, they probably won't go near a US box (which is where it looks like carnivore should be posted). The only reason for foreign to foreign email to end up on a US box would be if the US box was a secondary MX for the destination. foreign to foreign packets should get filtered out for security+volume reasons long before they get to local-only servers.
- That having been said, if the email gets 'accidently' intercepted by the FBI, there may not be a whole lot you could do. Although it's the CIA that normally does spying on foreigners, my understanding is that the CIA is specifically prohibited from spying on Yanks, but there is no such restriction against the FBI snooping around foreigners.
IANAL (My sister's a lawyer, but she doesn't talk to me).It gets worst because (Imigration based) precedents seem to indicate that constitutional rights only apply to people legally in the states. (or something like that). This may mean that, as a foreigner, your rights may be less than US residents would expect.
Why does slashdot butcher headlines? (Score:3)
Although the article does not state as much, it implies that Carnivore will be installed at Earthlink as soon as the bugs are worked out.
-p.
Re:Whoa (Score:2)
Ok, That's all fine and good for some people, geeks, hardcore internet users,
Re:god given right (Score:2)
Like it or not, the internet is a global phenomenon, and a public resource. Yep, that's right, a public resource. Or should be anyway. Perhaps it's not "fair" to those who originally invested in it, but that's tough. When things become public commodities, control goes to the public. This is why it is ok to insanely raise prices in your little store, but illegal to gouge commodities and form monopolistic partnerships. Some people have the misconception that societies have to be "fair". Wrong. Societies exist for themselves, not the individual. Which is why copyright and patents EXPIRE, and become public domain. They are not god given rights, they are only "priveleges" donated to an individual for a limited time by the greater society. Don't like it? Tough. Move to China.
Re:Now I feel better (Score:2)
A Reason (Score:2)
Can you say "Chain of Custody?"
Evidence in criminal investigations is precious stuff. Plenty of cases have been lost by prosecutors when defense attorneys pointed out that the evidence being used against their client *might* not be kosher. Documents could have been altered. Drugs switched. DNA evidence botched. Or any of a zillion other scenarios.
Because of this, law enforcement agencies try their best to enforce an airtight chain of custody on any evidence they acquire. You work in the lab and need to re-test those drugs? The property clerk has to sign off that he let the drugs out of his hands and into the hands of an authorized person. The lab tech has to sign their life away that they now possess the evidence and will handle it in accordance with the law. And there better not be even ten minutes when that evidence is out of the control of a sworn law enforcement officer! That's all it takes to get a case thrown out.
In the case of wiretaps, what's the FBI to do? If they know that evidence may come into existence in the future (which is why they set up the wiretap in the first place), they must make sure that they establish custody of the evidence as soon as possible and never let it out of their hands. Serving a court order on an ISP that says "Hey, would you guys please keep track of this person's email for us? We'll be back to pick it up later." just won't cut it. Any defense attorney worth his salt will point out that email (or whatever) logs *could* have been altered by the ISP employees. In such a scenario, then, the law enforcement officers in the case *cannot* certify that such alteration did not occur because they were not in custody of the evidence at all times.
Defendant goes free. Slam dunk for the defense.
So what's the FBI to do? If 'net taps are legal, how on earth can they be carried out without breaking the chain of custody of the evidence?
Any genius here wanna answer that one?
Personally, I think we need to just make sure that the data gathered is rendered meaningless through ubiquitous encryption. But till that happens and law enforcement agencies give up on the whole concept of 'net taps, I don't see what else they can do *but* try to install boxes that only they control.
Earthlink and the FBI part II (Score:2)
So that means FBI agents can get Earthlink for their personal ISP at a reduced rate....hmmm
My God it's happened! (Score:5)
In a shock development, noted Karma whore Signal "Siggy" 11 has become a troll! Perhaps demoralised by the constant pressure of the fatwa or "trollslap" launched by his enemies, he released a post full of trollworthy statements. In one post, he combined:
- The incorrect technical statement: Witness the "NSA key" in Windows 95/98/NT/W2K
- The moronic political view: Someday, someone is going to need to devise a technical solution to these political problems
- The ludicrous hyperbole: This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press.
- Another maddeningly silly technical statement: until we rearchitecture the network to utterly defeat measures like this (transparent crypto?)
Clearly, Siggy's move into trolling will put pressure on the established slashdot trolls to compete. In a CNN [don-knotts.com] inteview, streetlawyer [slashdot.org], speaking for the notorious inchfan [slasdhot.org] troll collective said Rob Malda was unavailable for comment.Re:Utter karma whoring drivel (Score:2)
çéLxÕÑætPÑä-£í8JöJ)Ê$ikÙb*SQË ©J2ÆZôñ)ä®×ýÜÀéqÚ:å}DecTÊ@ryptKèÑ6M~f£ÿ ékmeOjDöif*Û0youÄÀúÛcan£ÿ7çd õÊÓÅ3¼Üóßê£>rè15ìðgVÂÌÕòÝÇF|ä¾õÖN_ë=õó|)kæøiY5ôãv) hÄ øÊ*e+Úõî
Crack that.
Political problems have political solutions.
Yes, and they also have technical problems. Problem: intellectual property rights are overtaking personal rights. Solution: distributed filesharing system, aka Napster/GNUella.
Nobody cares about what you say or do, because people have more important things to think about than whether you can download MP3s for free or not.
The fact that online websites like slashdot continue to grow in popularity would seem to dispute that claim.
It's because of the vast damage that hackers can do with their illegal backdoor penetrations of other people's sites.
I don't see any world markets collapsing, companies going out of business, or people dying as a result of hacker activity. Sure, they boast that they could do that, but if you believe everything you read you get what you deserve. In truth, hackers cause headaches for business and government. Nothing more. Y2K nuts predicted hackers would go and destroy the world. Hrrmm.. I'm still here. Then they predicted they would go breaking into the 911 and emergency system and shut it down. Gee, why would they do that? Unsuprisingly, they didn't.
In supporting evidence of hackers (not crackers) spirit of exploration instead of damage, you'll note most breakins occur to educational instutitions, not commercial. This may be because they are curious about the system(s) they use every day. Go read "Hackers, heroes of the computer revolution" by Steven Levy. Another resource is to consult Appendix B of the Hacker Dictionary - here [tuxedo.org]
No, hackers aren't dangerous because of what they do, they are dangerous because of what they know. THIS is why these laws are being passed. Thus far, the only big numbers damages from "hackers" have been over-inflated prices of "stolen proprietary information" and macro viruses which, quite frankly, is not hacker activity.
For all of six weeks until the FBI cracks it.
What confidence you have in the FBI! They must be able to do what thousands of academic professors dedicated to cracking these codes could not!
Re:constitutional rights and legislated priveleges (Score:2)
Hate to be anal, but not all our forfathers cared much about the common man. If you look at what really went on there were the federalist and the anti-federalist. Most of the federalist would have loved it if the central government could have such powers. An a few of the anti-federalist also would have loved it if the individual states had such powers
Re:Call me ignorant, but... (Score:2)
Encrypted filesystems (real or virtual) are great stuff, but so is the ability to access the same encrypted filesystem from different OS's.
Re:god given right (Score:2)
Sure. "Freedom of speech" carries only as far as your unaugmented voice, and "freedom of the press" doesn't apply to anything but an actual machine which presses ink onto paper with dies.
And yes, there are laws to make sure that they aren't looking unless they have substantial reason to be looking.
Specifically, unless they have a court order permitting them to do so. Swell. Only problem is, there's not much difference between an unenforcable law and a bunch of words on a napkin. How will anyone know what they're doing?
and while they have the right to look, users also have the right to encrypt their email to prevent this. so instead of whining about your god given right to snoop-free internet access, actively protect yourself by encrypting your emails if your privacy is so important to you.
Riiight... so I take it that when you forget to lock a door or a window to your house, it's your fault if I come in and look through your stuff?
Re:constitutional rights and legislated priveleges (Score:4)
No, actually, that one's a right; Freedom of Speech.
Nowhere does our Constitution guarantee "freedom of speech, but only in English". We have an absolute right for that speech to be gobbledigook, or to merely seem like gobbledigook until the proper key is applied.
We desperately need a constitutional amendment guaranteeing us a right to privacy, including encryption and control of our data.
We just need for the US government to choose to sign the Universal Declaration of Human Rights [un.org] and recognize it as a treaty; it would then override the Constitution itself per Article VI [emory.edu].
--
Re:god given right (Score:2)
no, I'm not exactly happy about this entire thing, but with those checks put in place, i think the FBI should proceed with this technology.
and yes, I do feel that if this technology interferes with the service it should not be allowed. however, if it does not, there is no reason why it should not be put in place.
Re:Call me ignorant, but... (Score:2)
Microsoft has chosen to make it difficult for you to use this standard, but free tools exist to allow it. You could carry them on a 2nd disk.
Said files could be encrypted with PGP or any other tool; you'd probably want to carry that on a disk too, since privacy-enhancing tools aren't considered important by the OS manufacturers either.
There is no cross-platform encrypted filesystem that works on everything; your best bet would be to carry your files around in tar format, decrypt them on the local disk when you need them, and securely wipe them off the local disk when you're done with them.
BTW, the primary obstacles to such a filesystem are Microsoft and Apple.
--
It's time we do something about this. (Score:2)
What if authors said, NO I own the copyright to that book, you can't let people just borrow them for free. We would have no libaries and would no where close to where we are today.
The FBI is saying their intention is to watch crimals is BULLSHIT, the people that we allow to abuse their power are scared, becuase the internet is not something that they can have complete control over. A team will not work if one person tries to have complete control. We all must be willing to play on the same team, if this great country is to survive.
When this country was in it infanticy the main worry was a central government that was too strong and would not be a team player. Well people we are there. It is time we do something about. Use our power as the government and fix this problem. The government is not some big misterious being that we have have no control over. We are the government and it is time that we quit wineing about it and do something about it.
Re:Actually, freedom of speech is a god given righ (Score:2)
That depends upon who's doing the barring.
I assure you, if the government ordered ALL publishers to refuse to publish your book, that would be viewed as an unConstitutional violation of your freedom of speech and of the press.
If each and every single publisher decided seperately to refuse you, that's not a violation of your freedom, it's an indictment of your writing ability.
--
Re:Cringely has missed the point here. (Score:2)
Not finding the evidence you need? Or just want to stir things up a bit and see what develops? Heck, just program Carnivore to change some wording in the next e-mail....
Everybody understands the principle of the basic wiretap. This is much more insidious, particularly seeing as it's a closed box. (Remember the old "Mission: Impossible" series where they'd tap into the phone lines and a voice artist would pretend to be the other party so that they could inject false information? Can you prove Carnivore can't/doesn't do this at the email level?
Re:It's time we do something about this. (Score:2)
Re:Promiscuous mode at the colo center (Score:3)
But that's beside the point. Most switches (and I've worked with everything from linksucks to 3com to smc to hp to cisco to foundry to extreme, and most inbetween too) don't give a rat's hind quarters if you're in promiscuous mode. I can't think of a recent switch that does. You can look at all the ARP broadcasts you like but they won't just start funneling the whole backplane to your port. Not unless you're doing something really evil to shut down the filter.
What you generally need, and I've set up security sniffers for large, flat networks, is what they call a monitoring port. A monitoring port is just a port that essentially gets cc:'d all the traffic going through one other port on the switch.
Now, most low-end managed switches, like 3Com (ugh, what cruft), support one monitoring port at a time. In this sort of situation, you need a topology where you're funneling all your data through a particular port, or you need many, many sniffers, because switching loops are bad juju. There are ways to set this up that don't suck very much, but they all go to crap when your utilization creeps past 40% or so.
Mid-range managed switches, like Cisco switches, generally support multiple monitoring ports. This makes it a lot easier on your overall network topology, but you need many sniffers, or many ports on your sniffer.
Of course, ALL of this presumes that your link is ethernet. 100mbps ethernet isn't a particularly fat pipe for the internal backbone of even a mid-size isp. ethernet isn't what you'd call an adaptive technology, it starts to suck when you're using only 1/3rd of it's capacity. Which quickly means that you end up buying big core routers, and having several separate ethernet segments. You start to have a topology that just doesn't lend itself to off the shelf sniffing hardware.
Yeah, there's gigabit ethernet. But in my network admin days, had a spook shown up and told me that he wanted me to dedicate a gbps port as a monitoring port for my whole pipe, I'd have told him that either he can show me a court order or warrant or he can cram his sniffer where the sun doesn't shine. Those ports are *Expensive*.
Other technologies used for high speed backbone links - fiberchannel, sonnet, etc, really aren't all that easy to sniff with off the shelf hardware.
What I'm betting is the fbi said "We have a consumer-grade ethernet port on our sniffer and it has to be able to see allll the traffic on your isp, so you have to funnel every last link on your whole network onto a wire that acheives 14 megabytes per second on paper but rarely in reality more than maybe half that, so that we can protect you from crime"
And earthlink probably put forth their best effort to implement it merely so that they could document how bad the idea is.
Re:Corporate Ethics? (Score:2)
My guess as to why Earthlink is willing to do this is that they looked at what Carnivore does and realized that it went beyond what the law mandated. If it does goes beyond what is allowed, I think that they know that the FBI isn't going to push the issue too much.
The performance issue may just be an excuse for them to refuse or it may really be the reason why they're balking. It's kinda hard to get inside their head on that aspect of the issue.
--------------
Then there is the paranoid interpretation:
This is a smokescreen. They're working with the FBI. Carnivore is in place and already eating. They're announcing the rejection of carnivore because they're hoping that the criminal element will flock to their service where the FBI can do a promiscuous snoop of EVERYBODY's email (with a pleasant concentration of 'interesting' traffic).
Be paranoid. Be Very paranoid.
BTW: IANAL (My sister is a lawyer but she doesn't talk to me).
Tapping at the wrong place (Score:2)
Afterall when they get a warrant to tap someone's phone they don't go to the Central Office and tap every line hoping they can pick up some of the person's conversations by listening for keywords. Instead they tap the line that feeds that person's home/business line(s). I don't see any reason why they can't do internet wiretaps in the same way. I can't be any more work to "decode" a modem signal or other data transmission than it is to search literally gigs of information per second. In fact in the long term it's probably easier and would take less computing power. So why can't they just tap the lines of the person they want to listen to.
Just like with a tradional wiretap if the suspect being watched uses a phone at some strangers house chances are the feds won't be able to listen in. But so what that's a limitiation they've had to live with for years in order to protect our privacy since we do still live in a country which believes in the presumption of innocence.
The only explanation I can come up with is that this is a thinly veiled attempt by the FBI to try and take away more of our constutional rights without going through the proper channels. It's happened before so I see no reason it can't be happening now.
While I'm no fan of Reno I seriously hope she managed to prove she deserves her job by putting a stop to this nonsense now and pointing out that there's no reason tradional wiretapping measures can't be used for this purpose.
Re:Go Earthlink! (Score:2)
There was only enough email to keep an FBI staff of 3 busy reading through messages. We just put the FBI on our cc: and it worked on the honor's system. Sometimes the FBI would reply back if they liked what they read.
Nowadays, all you young hoodlums can't do anything honest, and we need all kinds of expensive fancy equipement to keep tabs on who's doing whats.
BAGH!
Re:Over importance (Score:2)
Re:Can some-one... (Score:2)
Re:Lucky it wasn't smaller ISP (Score:2)
The odd thing about Steve Jackson Games was the not only was the Secret Service watching them, but the FBI had agents working there on an unrelated case.
devil's advocate (Score:3)
The FBI's stated mission is to protect U.S. citizens from foreign and domestic enemies by investigating violations of federal law. That is really and truly what they try do to, and for the most part people join the FBI to protect and to serve. And if you are trying to defend the U.S. against its enemies, you you need to be able to find them. And to be able to find them, you need to update your surveillance techniques. And if the criminal activity is happening or being coordinated on-line, then the investigation and surveillance has to happen there.
So the FBI starts advocating things like Clipper chips and Carnivore and starts lobbying for laws that require digital telephone switches have an evesdropping port built right in, and things like that. Can these tools be used to spy on criminals? Darn tootin'. They are fantastic for that. The problem is, though, that these tools can be misused as well.
As a civil libertarian, I believe that the U.S. Constitution serves primarily to limit governmental power. It does this because its framers recognized that government power is abusable in such a way that its abuse is not just possible, but inevitable. So we do indeed need to be wary when the FBI wants to put a full-blown sniffer in front of every ISP's switch. We all take it as a given that this powerful spying tool would eventually be turned against peacable citizens.
But what is the FBI's current intention for Carnivore? I suspect that in addition to its stated (albeit redundant) purpose as an Internet wiretapping tool, it is designed as a weapon against cyberterrorism; specifically, it is used to identify and terminate distributed denial-of-service attacks.
We all saw what happened a few months ago when the DDoS attacks happened against CNN [cnn.com] and other high-profile sites. We all saw the havoc it wreaked and how hard it was to track down the perpetrators. But with Carnivore installed in front of the switch, the FBI could watch an attack develop real-time and terminate it immediately: First, they get sample packets from CNN. Then they broadcast a message to all Carnivore boxes to copy and block any packet going to CNN that matches the attack profile. Once the attack is contained, they swoop in with search warrants and arrest everybody who sent an attack packet.
So that's what they are trying to do. Cringely was only partially correct: the FBI's goal is not to shut down the Internet; it is to defend the entire Internet at one time.
Unfortunately, though, we can't let them do this, because as soon as the tool is in place, the RIAA will start pressuring the government to start actively patroling for MP3s, and the whole Carnivore matrix will become the web in which our freedom was finally ensnared.
On the other hand, I would like to see a Carnivore-type system put in place by an industry consortium. It still strikes me as the best way to defend against DDoS.
--
How about... (Score:2)
How about making the FBI do a little legwork and tap at the customer's end, not the entire ISP network. Sniff that broadband connection or listen to the phone lines (contrary to popular belief, modems *ARE* tappable - there are special-purpose boxes to listen to and reconstruct bidirectional traffic from a traditional analog phone tap). Don't tap the entire ISP with a black box. There are other ways to gather wiretap intel; what makes me suspicious is that the FBI chose the "tap everyone and sort later" model, to say nothing of the suspicious nature of a "black box" with full access to an ISP's network traffic.
-Isaac
Re:I wonder if the FBI is reading MY mail? (Score:2)
The official URL is void of any useful information, however Google turned up an excellent page [uwaterloo.ca] on the CSE
So what if the FBI "shuts the internet down"? (Score:2)
Re:The Cringley Article (Score:2)
disable then net, but only that these boxes could act as a switch. I
understood that as meaning they could do their own routing/filtering,
which is much finer grained (and less panic inducing) that the on/off
switch for the whole internet that people seem to be jumping to.
Re:Cringley's lost it... (Score:2)
Any source or destination port on the network in question can be monitored, whether it's sendmail or exchange or SSH (though that'd probably be useless to monitor) or gopher or irc or Grandma Blattenzweig's Happy Fun Mail Exchange Protocol (GBHFMEP) Server. And yes, I'm sure the FBI would include Exchange ports in their snoopery... since there are plenty of companies out there ignorant enough to use it instead of sendmail just because it has calendars in it or some shit...
"The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."
Re:Earthlink (Score:2)
As an aside, according to http://www-chaos.umd.edu/history/imp erial.html [umd.edu], the unification of China into the currently-recognizable entity occured around 221 BC, so that empire lasted for "only" 2100 years. :)
The same source goes on to say "The collapse of the Han dynasty was followed by nearly four centuries of rule by warlords." The Han collapsed around 200 AD, so this dark period runs until around 600 AD. The Chinese Empire is down to, at best, 1300 years of continuous rule. But lo, "Misrule, court intrigues, economic exploitation, and popular rebellions weakened the empire, making it possible for northern invaders to terminate the dynasty in 907. The next half-century saw the fragmentation of China into five northern dynasties and ten southern kingdoms... But in 960 a new power, Song (960-1279), reunified most of China Proper." So the Chinese Empire has only about 1000 years.
In fact, if you look into the history of the Chinese Empire, you find many turnovers and wholesale replacements of the ruling peoples and structures, including foreign dominantion at least twice. I believe the myth of a super-stable Chinese Empire placidly ruling for thousands of years is just that --- a myth.
Cringely is so full of it ... (Score:2)
The list of criminals, of course! There's probably no due process (e.g., there might be suspects there). They're trying to protect the list! Sure, the ISPs could run some sniffer code simply enough
Which I'm sure all would agree is not a Good Thing.
As for the boxes having the potential of being switches, of shutting down the Internet, what a load of hooey! All the ISP has to do is unplug the damned thing.
I'd be concerned about privacy issues, yes, like who authorizes the names on the lists. Are the judges with the court orders in fact informed? Can anyone check on them? If the FBI has a pet judge, can ANYONE's name get on that list?
That's what the issue is. Ignore that Cringely idiot. He may have good points at time, but he can be dumb as a brick too.
Shutting down who's internet?? (Score:4)
And I won't even touch how completely ridiculous the idea is in the first place ... well okay I will. Why in the WORLD would the FBI try to shut down internet connectivity for the US? And why would they need these boxes to do it? If they don't have the legal right to do so, ISPs and their well-payed laywers wouldn't let it happen (guess what, ISP technicians can unhook the Carnivore box and go about their business). If somehow the FBI did initiate some digital martial law where they had the right to do this, why would they need the boxes? They could just walk into the ISP with their nice shiny guns and start unplugging ATM cables.
These Weekly World News /. news bits are great fun, but please don't take them seriously.
You know what to do with the HELLO.
Re:it actually is wierdly legal (Score:2)
The War Powers Act is already in effect: the US has been in a State of Emergency for most of a century.
I'm not totally clear on the details, because this is one of the favorite topics of the conspiracy nutjobs, along with the FEMA Secret Government, black helicopters, UN-run concentration camps, Y2K and the New World Order, and these people tend to GET VERY WORKED UP about it and USE LOTS OF SCARE-CAPITALS!! So it's hard to dig the actual facts out of the noise.
If I remember correctly, the way it works is, Lincoln created the War Powers Act (or maybe the Trading With The Enemy Act?) to declare martial law and wage war against the South. At the end of the civil war, it was terminated, but FDR invoked it again during the depression, in order to, I think, nationalize the banking system? Something like that, I think it had something to do with seizing control of privately owned banks and creating the Federal Reserve. So then it turns out that the act was never officially suspended, which means that every action of the President since 1933 is technically approved, by default, without any checks and balances from the other two branches, and the Constitution is, technically, suspended.
Of course, this situation has only rarely been taken advantage of -- as far as one can usually tell, the Constitution is still obeyed. It has been taken advantage of a few times, though, I think by Nixon and Clinton when running some private war or another, but I don't remember the details there. (Only Congress has the power to declare war, but presidents have a habit of going to war without asking We The People first.) I'm not sure where the Japanese-American internment camps fit in to the picture, but they might also have been possible because of this same act.
This one is somewhat less shrill that most, but it's very long and hard to follow: http://www.afcomm.com/afc/report.html [afcomm.com]
The Constitution of the United States isn't perfect, but it's a lot better than what we have today.
----------------------------
Oh by the way: http://www.freedomforum.org/newsstand/reports/sofa /foreword.asp [freedomforum.org]
I hate it here.
Re:god given right (Score:2)
YES! If someone fails to take the proper precautions, then he/she has no one to blame but him/herself when things go wrong. That's the way the world works...
Legally, no, and in fact that's why we have laws: to keep everything from devolving into a simple power struggle. Where I live, if I enter your house via unlocked window and search your effects without your permission, I am criminally liable.
Naturally, though, we should take precautions to protect our privacy. Like keeping these silly boxes off our networks.
Re:Whoa (Score:2)
telnet: Warning: -x ignored, no ENCRYPT support.
Trying 9.53.200.182...
Promiscuity isn't enough (Score:2)
Some ISPs might put all their mail servers on one big fast Ethernet so everything routes there, which makes it easier to do centralized management and some security, but traffic that isn't going to those mail servers doesn't go to that segment. This means that if you dial in to ISP A, and use your web client to access a web server at ISP B, or your POP client to access a mail server at ISP C, or your email sender to send mail to an SMTP server at ISP D, you're probably not going through ISP A's POP server Ethernet, you're just going through the LAN connections that get you to the routers going to those other ISPs. If it's all in one building, the carnivores might hang a bunch of promiscuous taps on every segment there and go into some big hacked multiprocessor router-thing, but anything less won't cut it.
Re:Call me ignorant, but... (Score:2)
What does that have to do with the fact that they don't *INCLUDE* any such filesystems with their OSes?
Or the fact that their documented interfaces are wildly different than those used by the majority of other OSes, making it a real PITA to code for them?
It's not BS, and I know it.
Fact: Microsoft could choose to work with the Unix world to support a standard.
Fact: They choose not to.
Fact: They change their own interfaces so often that not even the Microsoft-world encrypted filesystems (such as SFS) can keep up.
If you really want encrypted access to your files from Microsoft, Apple, and Unix, you basically have one choice:
NFS over secure tunnels. SSH is probably good enough, IPSEC is better. There are other options, but they're even more expensive.
I didn't make it that way, it just is.
If it wasn't, there'd BE a cheap cross-platform standard, because so many people want one. Microsoft would NEVER package such a standard, however, because it goes against their strategy of trying to get people to switch their whole networks to NT.
If you could access your encrypted Unix filesystems from NT clients with out-of-the-box, supported-by-Microsoft tools, you'd have less impetus to switch those servers to NT, and Microsoft would never allow that.
That's why they don't support standards worth a flip, it's why they try to break Samba every couple of service packs, and it's even why their telnet client sucks big green donkey dicks.
--
Re:Earthlink (Score:2)
The US did not remain integrated. There was a big and bloody civil war which started because communication between the seat of power in the north and the southern states was so limited. The south, rightly, claimed the north was ignoring its needs on many issues.
By the end of the war, telegraphy was starting to become widespread. The telegraph and introduction of a standard railroad guage in the US did more to heal the rift between the north and south than any politician's hollow promises.
The same holds true for the British Empire. It achieved its glory days before there was sufficient communication to sustain it. So it collapsed because the needs of each far-off colonial outpost couldn't be met in a timely manner by England. Much of the blame for lack of communication, navigation, economics and other things rests squarely on the shoulders of a very corrupt societal structure. There was a good movie on the search for longitude which highlighted this recently.
Is that off topic enough for a friday night?
the AC
Re:constitutional rights and legislated priveleges (Score:2)
Serves me right for dropping out of pre-law before we got to that.
--
Re:Cringely has missed the point here. (Score:2)
Yes, it is. Which is why the orriginal carnivore announcement made it clear that warrents are required. The warrent is required to read the email of that person who is being intercepted.
I cannot get behind the idea that it is an invasion of anyone's privacy for a machine to "sniff" a packet and determine if they want to save it or not. If you are worried about it sniffing beyond its warrent deal with that! Lets talk third party authentification of the programming, inability of the FBI to change the programming from off site, things that matter! But if there is a warrent for the person being sniffed, I really doubt that the law will be struck down based on other people just getting their packets sniffed by a machine that then keeps no records of the examination.
Its like saying that if I listen to a police band radio, I'm also invading the privacy of cell phone users, because my equipment is theoretically recieving them, even if I'm not listening. I don't think anyone outside of the hardcore geek/privacy minority will see a legitamate invasion, and privacy advocates would be better off demanding protocols to prevent non-warrented sniffing.
-Kahuna Burger
Re:Call me ignorant, but... (Score:2)
Or the fact that their documented interfaces are wildly different than those used by the majority of other OSes, making it a real PITA to code for them?
---
I've got news for you - in terms of marketshare, they are the majority of OSes.
By your logic. Unix/Linux should conform to the market leader. Didn't think so.
Don't blame the platform leaders if someone else doesn't develop a new file system. I don't know so much about Microsoft, but Apple hasn't significantly changed the manner in which you can access the filesystem. There have been a few file-system wide encryption tools out there already.
Hell, recent versions of MacOS include basic encryption features already - built into the OS.
- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])
Re:Err, check the last bit of the article (Score:2)
the article as I downloaded it, which struck me as a strange ending
for the artice... http error I guess.
Do we know the design of these boxes? For surveillance it is enough
to send the packets to the box, which does nothing to affect the
performance of the routers.
Technical aspects of Carnivore (Score:2)
The article suggested to me that there were technical issues (as opposed to legal or political ones) that influenced Earthlink to deny Carnivore. Perhaps it is the case that if the technical issues are resolved, they might allow Carnivore in.
Unlike many thousands of smaller ISPs, Earthlink is a 5-9's kind of operation. They have architectured their network to ensure a minimum of downtime. I've been a subscriber for a few months and have experienced no outages (aside from the IRC server being attacked, but that's not really in the 5-9's realm). Building a network like that is no easy task. You have to make it so that NO single failure can bring it down. No... you have to make it so that you can have one each of everything fail and it still be fully functional.
I've designed a couple of smaller networks like this, and there are a lot of technical issues involved. If Carnivore were to be in them to be able to monitor the network, and assuming it was just operating in sniff mode (which is all it should need to do) it would still have to have multiple connections at multiple switches, and almost certainly multiple boxes all over the place. Deploying something like Carnivore while also NOT disrupting the network would be a major project.
There is also the issue of how to get a sniffing tap into the network in the first place. In a small network I recently designed, it would have to tap into 4 different switches to be able to capture everything. My design at least did have switches, most of which can set up port 0 as promiscuous (though if it has a bandwidth lower than the whole switch, you lose packets). Earthlink is way larger than what I built, and has so many points of presence and so many points of exit, that I would imagine that Carnivore would have to be deployed in perhaps as many as 100 instances, each of which having perhaps approaching 100 fiber connections. That kind of scale may well not even be practical (aside from the fact that the ISP is probably already using the promiscuous port for other purposes).
There are other approaches that reduce the scale, such as policy routing port 25 through different paths. But even then you have to have first a point where port 25 is diverted from, and then a point where port 25 can be re-injected without being re-diverted again, and that forces an architecture with more hops than most ISPs have (an architecture that also doesn't scale to 5-9's very well, either).
I suspect Carnivore has technical limitations when you consider the scale of some of the networks like Earthlink/Mindspring/Netcom and others like AOL. Then what about all of those smaller ISPs. If the big ISPs let Carnivore in, many people will shift to the smaller ISPs (not necessarily because they have something to hide, either) so it would end up having to be deployed nearly everywhere (though maybe it can be done at the upstream backbone).
I just don't see it being that simple to do. Anyone else have any more technical details on this black box?
Re:Lesser of two evils? (Score:2)
That's great, except that businesses are not citizens and have no rights to free association, enterprise, or anything else. Business is allowed to do exactly what the citizens of the nation allow them to do, and the usual instrument of the people's will is the government.
That being said, if there was a way for individuals to be civilly disobedient (see .sig) I would be all for it.
Re:Call me ignorant, but... (Score:2)
But creating cleartext copies on the disk is a huge flaw, one might as well just not bother encrypting in the first place.
Consider: PGP Disk lets me create, say, a 100 MB file on a FAT filesystem which it'll then mount as a virtual disk. I can see the file if I mount the partition under Linux, what's needed is something that'll understand the loopback filesystem embedded in it so I can mount it. (For that matter, PGP Disk makes a Mac version too, supposedly -- can the Mac version read the Windows version? Everything below the hooks into the OS to make the contents of the file look like a filesystem could/should be common to all platforms, that's just whatever format the author chooses. But is such a cross-platform package available? (For that matter, is there open source available for mounting a file as a filesystem on Windows and Mac, encrypted or not? From there it's a simple step to encrypt the thing.)
(Of course, the truly paranoid will re-wire their drive controllers and make personal patches to the OS as well as using strong encryption, for the same reason that crypt(3) perturbs the DES algorithm: it makes it tougher for the folks that might have hardware solutions.)
Re:FBI point of view on their website (Score:2)
The FBI blurb did not describe the technical issues that are the reason why Earthlink did not allow Carnivore. If it is truly a plain sniffer, how could there be technical issues? The answer is there are such issues, such as determining where to sniff. Maybe the FBI wants the ISP to re-arrange the network so all traffic goes through a single switch where they connect to?