Vinton Cerf Says Carnivore Source Best Left Closed 186
ljrittle writes: "Vinton Cerf might be the
rubber stamp that the FBI was trying to find. The
ACM article says that according to Vinton, Carnivore
``does not pose a threat to innocent computer users'
privacy'' and that [we] mere Internet users need not
see code." This is nearly as reassuring as the Justice Department's decision to change the name of Carnivore, as pointed out by observant reader Ripped_Edge. Walks like a duck, talks like a duck ...
Re:I can't believe it (Score:1)
Re:Yeah, we're stupid. (Score:1)
Also, I can understand, from a security standpoint, that some code may not be made freely available in order to provide greater security for the program that the code is for. I don't necessarily agree with it, but I can understand it.
Now, given that Carnivore can be accessed from outside secure facilities, it would be a bad idea not to make this as secure as possible. While I don't automatically trust the FBI with what they are doing or where they are going with this whole data collection scheme, I would prefer to see it be as secure as possible, to avoid the possibility that some hacker geek can get into the system easily.
Finally, I have to agree with a previous article [slashdot.org] and position on Slashdot: Information does not want to be free; people want information to be free. Frankly, until society is free of people who would act irresponsibly with information, I prefer it if not all information is free.
Kierthos
Re:Missing the point (Score:1)
Without non-government oversite, how do we know that...?
Agents who violate the law in the name of the law are a problem. But the larger issue is derived from the argument that ISPs would cooperate with legal surveillance, but would baulk at illegal, warrantless operations. The history of cold-war NSA/CIA operations shows that carriers willingly engage in and cooperate with known illegal operations against the people.
FBI operations at Waco, Texas are a good case in point. Using a modified cellular phone, agents stripped the digital ID number from a cellphone used by David Koresh. This revealed the cellular service provider who allowed an illegal wiretap to be installed at the cell-site. Keep in mind that the cellular provider has to prostitute himself to the FCC to get a license to operate. And the FBI is part of the same government as the FCC. So despite the inner workings of Carnivore, it is the nature of licensees to violate the law for continued operations and profits that we need concern ourselves. Scripturally, the love of money is the root of all evil. This absolute was established some 1700 years before the telegraph.
More details on FBI/FCC and other government criminal operations in violation of the Communications Act are at Research on Criminal Government. [mindspring.com]
Re:Innocent Need Not Fear? (Score:1)
Welcome, fellow Charlottesvillian!
They bring in a few dozen people a year. You know who they bring in? Black kids. This was the plan, as stated by former Police Chief Wolford (forced out of his job a few years ago) before City Council before the law passed. White kids make up a very small percentage of those snagged. As Wolford said, "those kids from Garrett Square [public housing development] are the troublemakers."
To be honest, I find that much worse than the constitutionality of it. You raise a good point, which we used in our lawsuit:
They ordinance has been very carefully constructed so that basically anyone who knows how to say the words "first amendment" can go merrily about their way without harassment. I know this was not the case with the original incarnation of the ordinance proposed, but it is true of the version finally passed.
That's absolutely the case. Essentially, anybody with enough education (middle-class and up) is OK, but people less educated (poor, lower-class) get snagged. I don't know if you remember, but I printed up and sold (for the cost of printing) hundreds of "I'm Exercising My First Amendment Rights" t-shirts [curfew.org]. Simply wearing this t-shirt exempted kids. I wish I could have given more away to poor kids, but I didn't have the money to do that myself.
I guess it's not too late -- there's still a curfew. I may even have a few of them left...
-Waldo
-------------------
Oh, don't you just love tham? (Score:2)
Here's my challenge to the FBI. You trumpet so loudly that the innocent have nothing to hide (an unconstitutional assertion on which to base this system, by the way, since it implies presumption of guilt until innocence is proven). Very well; prove that you really believe this. If Carnivore, or whatever else you may call it, really is such an innocent system, then don't hide it. Let us see the source. After all, if it really only does what you say it will, then there's nothing to worry about, no? And who knows; maybe there are security bugs that you don't see yet; surely you'd want people in positions to help you fix the bugs to see them, wouldn't you?
----------
Depends on which dead white guys... (Score:1)
Re:Vinton Cerf's bio: (Score:1)
Hey, as fortune(6) told me this morning when I logged in:
Re:Innocent Need Not Fear? (Score:2)
Re:Not just see the source (Score:2)
I agree... (Score:1)
If you think you know what the hell is going on you're probably full of shit. -- Robert Anton Wilson
Re:Oooh yeah...let's trust the government. (Score:1)
Indeed.
While Carnivore itself isn't likely to ruin my life (because I don't use email for anything interesting), the "your crime will be tattooed on your hard drive/TCP logs; all we have to do is read it and lock you up" attitude behind it could.
If you looked at a list of my HTTP requests for the last week or so, you'd find me to have visited sites by/about serial killers and rapists, borderline child pornographers and NAMBLA types, fake-ass 31337 hax0rs, and computer security experts. Now why would I be doing that if I'm not planning to, say, stalk and kill some 13yo hotties by IRCing them up, getting their IPs, cracking their mommies' b0x0rs, hex-dumping their Passport binaries in search of an address, etc.? It looks like that's what I've got in mind, right? Better keep an eye on me.
The thing is, all I'm doing is trying to learn how these highly specialized "creeps" talkÑtheir speech patterns, jargon, cant, the frequency with which they end their sentences with prepositions, their favored emoticons, etc.Ñso I can write a character who's easily mistaken by readers for today's favorite boogie/bogeymen (hackers and child predators), because he talks the talk. [Is that ironic?]
Explaining an as-yet-unwritten section of a complex "avant-garde" book to the FBI would not be fun. For all their alleged smarts, they have a hard time with this artsy crap, and all I have now is potentially damning notes and web archives. Not that they'd ask me anyway. They'd just question my neighbors about the lurking predator on the block, ask them what suspicious behavior the skinny [drugs?] Jewish [conspiracy?] guy [penis?] with the shaved head [a Nazi Jew? is he schizophrenic?] down the street has been up toÑthings like being up all night sitting in front of his computer [writing], drinking [coffee], with his hand in his lap [broken right wrist]Ñand let them ruin my life. Certainly been done before.
Point: FBInet bad, Freenet good. It's not only criminals who think so.
And VINTCERF's name looks like an acronym for a CIA plot to assassinate Castro [winky smiley].
Re:Yeah, we're stupid. (Score:1)
that theyre paying is going to. (this is true in
any democratic government)
i am not american but i am very concerned, my
systems are directly connected to an American
backbone for Internet access. you may ask "so
what about it". this greatly affect OUR policies
etc, we might have a very strict privacy policy
here but when emails are routed through our
backbones, that policy might go down the drain.
in the industry peer review is the best procedure
to find bugs. if crackers want a "crack" at it
its best that several other persons have checked
the code, and maybe found some flaws, and have
corrected it.
remember, a democratic government "is by the
people, and for the people". i think this is
mentioned on the oath the President takes.
(whatever)
yorosiku,
sessya.
i trust no one.
Re:Vinton Cerf's bio: (Score:1)
Well, he *did* work at DARPA. (Score:1)
His opinion may be a little bit biased.
Just a thought.
Re:Vinton Cerf's bio: (Score:1)
Vinton Cerf Says Carnivore Source Best Left Closed (Score:1)
At this point, even his technical opinions can be considered suspect, I'd wonder what his political agenda was in the context of figuring out what should be taken seriously in anything he says for the rest of his life, assuming I bothered to read what he's got to say.
The good news... the rest of us can bet against any technical initiatives he's involved in for the rest of his career, with the exception of IPv6 if he has anything to do with that. (however, if he is involved with it, it's our responsibility to check it for ugly surprises, but it would be anyway)
When I say bet, I mean taking the short side of any stock in any company he's involved in.
Re: Mod this UP (Score:1)
Re:Different Interpretations? (Score:1)
Cerf, who recently traveled to the FBI's Quantico, Va., campus to review Carnivore, said that scenario would not only raise even more personal privacy issues but also might end up corrupting the evidence. "I have a feeling," he said, "that the ISP geeks would be less familiar with restraints than the FBI gentlemen."
Fuck me with a chainsaw if that ain't a denouncement of the BOFH and everything it stands for.
A responsible admin is always less of a BOFH with equipment in the workplace than equipment which they wholly own themselves...but not that much more so. No, Vinton is dismayed at the uncouth, ungentlemanly behavior of system administrators who are accustomed to steamrolling over everything in their path. All well and good, but BOFHness can be used for ill as well as good, we all know that. No, I side with the bastards because it is the proper attitude; it is right and proper to defend oneself from attack. The police have no obligation to protect anyone, and I trust a BOFH future more than any police state.
Re:Not just see the source (Score:2)
Only when it's the exception. If ski masks and bulletproof vests were the latest high fashion items they wouldn't stick out...
Re:Innocent Need Not Fear? (Score:1)
Minors *are* full citizens -- see Tinker vs. Des Moines [bc.edu]. The ruling stated "First Amendment rights are available...students...Students in school as well as out of school are 'persons' under our Constitution. They are possessed of fundamental rights which the State must respect, just as they themselves must respect their obligations to the State."
That pretty well settles it for me. Where's James Tyre when you need him?
-Waldo
-------------------
Criminal Evidence on FBI/FCC (Score:1)
Re:Not just see the source (Score:2)
Tell that to the Branch Davidians. The ones who aren't crunchy bits now.
I'm no militia-man, but the FBI has a lousy record of abusing their power, even when the director isn't a closet transvestite being blackmailed by the mob like J.Edgar Hoover was.
Do we really think Martin Luther King needed survellance? John Lennon? What people are saying here is yes, we trust them to a point because to some extent all their normal searches etc. happen in meatspace and there is physical evidence or photos of their survellance attempts, for instance of the demonstrators in Philly during the GOP. That's the whole problem - from now on there won't be any record except what's in Carnivore, and we know that'll be whitewashed beforehand if anyone actually gets to the point of trying to subpoena those logs.
And yes, I'm sure they might have actually stopped some bad people with the system already. The question is do you allow blanket searches on the entire 280M populace to catch 20 drug dealers and 10 pedophiles?
Re:An interesting quote... (Score:2)
Maybe it's just my distrust of government agencies (especially alphabet ones) after the entire information gathering thing up here in Canada, but does anyone else find this just a little hard to believe?
Kerr is simply emulating his (ultimate) boss -- it all depends on what the meaning of "snoop" is.
In their own minds, the COINTELPRO people weren't "snooping"; they were "monitoring a threat to national security" or such such thing.
/.
Chain of Trust; Open Source Skepticism (Score:1)
Whether or not to believe this report (please don't laugh until I'm done, folks) depends on how much you believe the individual links in the chain (see also 'fuzzy logic'). Fortunately, this chain only has three links:
1) The Federal Bureau of Investigation: the government agency whose job it is, essentially, to spy on Americans. They do this to go after anyone planning the violent overthrow of the government or especially heinous crimes against the citizens, like mass murder, child pornography, willful drug use, copyright violations, etc.
If they give away their secrets, they lose their effectiveness. People learn how their measures work, and sidestep them in order to get away with things. And in this case, we have to consider their source code one of those secrets.
However, they want to be trusted. So they want someone to come forth and Bless This Carnivore -- (carnivore? animal? beast? The Beast? Revelations? No wonder they're changing the name! Sorry folks, couldn't help myself, got carried away there) -- so that everyone can feel safe on the Internet.
So they have two choices:
1a) Find an expert who can both comprehend the source code, verify that it does what they claim it does, and stay quiet about the details, or
1b) Lie through their teeth, provide false source code, and/or coerce the scientist of their choice to give it the thumbs up or he'll be shipped off to whatever constitutes Siberia in the United States (probably Nebraska).
2) Vinton Cerf, First Lemming, stepped forward and was counted, looked over the source code he was handed, and filed his report.
Even though he may be a suit and a corporate shill, he wants to be trusted too. If he goes along with the government too closely on this, and it is revealed later that Carnivore is indeed Opening Everybody's Mail, then he's just shot whatever credibility he had in the foot. With a Howitzer.
He also has to agree to the government's terms in order to review the Carnivore Code, and I bet they made him sign "The NDA On Steroids." (Like most non-disclosure agreements, but this one is backed by government lawyers on taxpayer money.) And in this case, it would make sense for the government to do that: this legally binds him from revealing the source code and giving away government secrets.
Given that he wants to be trusted, I would expect him to scream bloody blue blazes to every media agency in the world if the FBI turned a less-than-glowing report into an endorsement.
Unless, of course, The NDA On Steroids prevents that. If the government can keep him from talking about the source code, I bet they can keep him from revealing any details in the report too. Including the fact that his copy of the report and the FBI's published copy of the report don't jive.
If Vinton Cerf has a lawyer, and he read that clause, he'd probably do what I'd do: advise his client that signing that document would shaft him up to the sternum. Or not; that depends how much you trust Cerf's lawyer, but that's another screed. By the way: the NDA, if t exists as such, might be something available through the Freedom of Information Act... someone might want to look that up too.
So, do you trust Vinton Cerf? He's either:
2a) A scientist who reviewed the Carnivore code handed to him and honestly reported on it,
2b) A suit who wouldn't know C++ from FORTH, and handed in a report that makes him look credible. For the moment, never mind the possibility that he was duped by legal wranglings in the NDA. You'll see how that factors in just a moment.
Do you choose to trust the Vinton Cerf Carnivore report?
Where:
P(x) is the probability of a given event between 0 and 1,
1a=the government is telling the truth,
1b=the government is lying,
2a=Vinton Cert knows what he's talking about,
2b=Vinton Cert doesn't know what he's talking about, and
t=The report is correct,
Then:
P(t)=P(1a)*P(2a).
It doesn't matter which you trusted less... regardless, I bet you got a low number. So did I.
Sometimes I wonder if we're a little too cynical. But then I think about what it is we're being cynical about, and I have to wait until the gorge stops churning before I worry about it again.
Yeah, we're stupid. (Score:1)
Yeah, we're stupid. we're dumb.
Is'nt this obstruction of the right to free information?
Re:I can't believe it (Score:2)
Name Changes (Score:2)
--
Re:What is the new name for CArnivore going to be? (Score:1)
Re:Innocent Need Not Fear? (Score:1)
Though curfew cases are usually pushed as first-amendment issues, they really are more about the fourth. It may be years until we get clear guidance on youth rights. Organizations like Peacefire and ASFAR are helping push the envelope, so maybe we'll get something sooner. Who knows?
-Waldo
-------------------
Re:Yeah, we're stupid. (Score:1)
I personally like the bit about how "lawful web users have nothing to fear", or something to that effect.
-saintalex
Observe, reason, and experiment.
The solution: don't use Windows (Score:1)
Really though, I don't see why, if it's just a packet sniffer that offloads the data to removable storage, there's such a hub-bub about it. But, I'm also thinking that, if they would bother to write software that's already out there in abundance, it must do more than just packet sniffing on a network that the computer is on.
Chris Hagar
Re:Innocent Need Not Fear? (Score:1)
That's great. On one hand you say this kid is a jerk for abusing the court system and local cops, on the other you acknowledge the possibility of being railroaded as a personal vendetta by same.
So, are you an Anonymous Coward or an Anonymous Cop? Let me tell you, if you've never been harassed by cops as a kid you must have missed a bunch of kid-hood. Or maybe you're one of those people who had a kid and completely forgot what it's like to BE one.
Personally, when I hear curfew I hear Iron Curtain. It's just a means of control and a way to get away with stopping anyone they want. After all, they don't know your age until they've stopped you, right? By then they can sniff around and find some other excuse to harass you if you're the wrong color or economic class.
I have plenty of respect for cops; I have friends who are cops. But that doesn't prevent their buddies from terrorizing me anytime they want. I've been stopped for doing 2 miles UNDER the speed limit, just because it was quota night, and after all if you're drunk you might drive slowly. Yeah, and if you know a cop car is sitting there with the radar on you might drive slowly too!
Cop: Why were you driving under the speed limit?
Me: Because last time I drove OVER the speed limit you gave me a ticket!
Cop: So why'd you put your brakes on at the top of the hill?
Me: So I didn't get air going over it!
Then I was a wise-guy. It's not a far step from there to obstructing a police officer and a night in jail. Just for not "keeping your mouth shut".
I don't know about you, but I often use my brakes going down a hill. But he had some OTHER idea that I was trying to avoid him or something. By slowing down. Logic is not their strong point and the indivdual's civil rights are often quite beside the point.
Re:Yeah, we're stupid. (Score:2)
I just lost a lot of the respect I had for Vint Cerf...
-- Fester
Double Standards and Distrust (Score:1)
The Federal Government, wants us to allow them to look at our email, but, they lose the email of White House staffers?
Their software will intellegently seperate your mail from mine, but in the Whitehouse, their systems couldn't respond properly to an issued subpeona?
Sure, I trust the. NOT.
Vinton Cerf's bio: (Score:4)
Nothing to do with Carnivore (Score:1)
If anyone with half a brain wrote network monitoring software it would be very flexible. You could change a little config file and go from something none invasive to something that grabs everything.
So, I think it depends more on who is using the software and what methods of oversite exist.
Where's the exact quotes? (Score:2)
Of course, it isn't that far removed from the co creator of the Web saying everyone should have a license to surf the Web [slashdot.org] (yeah, apparently this is not a new opinion for him).
Re:Vinton Cerf's bio: (Score:2)
Re:Not just see the source (Score:2)
I suppose some people are worried that the FBI would leave a secret back-door in there, but I seriously doubt it--they have little to gain from doing so (can get unauthorized data without a warrant... If the FBI wants a warrant, they can get one), but much to loose (someone else could exploit it, the public could discover it and demand Carnivore be shut down, someone in the agency could use it as blackmail, foriegn governments could spy on the US).
What is the new name for CArnivore going to be? (Score:5)
I suppose that they want something that sounds less threatening then "carnivore"
How about... Sharing our Feelings
Re:The spirit is good, the letter is ugly (Score:2)
The spirit of carnivore is good, the idea that they can target one potential criminal, and read all email pertaining to him in an attempt to arrest him is great. The FBI needs somthing like that.
The FBI has always relied on covert surveillance. Carnivore is not exactly new or ground-breaking. But one has to wonder at how effective ANY system of this sort would be against technically-adept individuals. How many people who want to evade surveillance would email in plain text? Strong cryptography is frightening to the government precisely because they don't (yet) have a way to stop it. It seems to me that anyone who wished to evade detection could do so -- but I'm no expert in these matters.
The Freenet [freenetproject.org] mailing lists [sourceforge.net] have interesting discussions on these topics, mainly because Freenet's design goals include anonymity and untraceability.
The letter though, says only the FBI gets a good look at the code, and they can impliment it anywhere, anytime, on anybody, without any notice.
I don't think that's strictly speaking true. Mostly, police surveillance in this country requires some strong indication of wrong-doing. The Fourth Amendment provides for protection against "unreasonable searches and seizures." I don't have any specifics regarding Carnivore but I would assume (hope) that monitoring everyone all the time would constitute an unreasonable search or seizure.
It is not in the government's best interest to open source it -- even though it may be in ours.
That was a mistake from the start, their PR department is getting spanked by the public...
Yes, a PR nightmare, assuming anyone is listening. I haven't seen it on network television lately.
I'm sure ISP's wouldn't mind adapting the software as a government-provided-spam-blocker, we spend enough money as it is trying spam email cases as it is.
I don't know about spam-blocker, but as for voluntary ISP participation... It seems unlikely to me that ISP's would volunteer to be the bad guy unless it was in their best interest, ie, to avoid lawsuits or prosecution. Customers certainly wouldn't appreciate it. We get annoyed when our ISP's try to throttle bandwidth, never mind about them volunteering to spy on us and rat us out to the gov't.
Seriously, don't give in on the language (Score:5)
So for the benefit of the justice department, here are, some suggestions for nicer sounding names and of course names that obfuscate the intended purpose of the device.
* The Datastream Tickler
* Electro-Bad Guy Nabberometer
* The Anti-Evil Communication Filtration Device
* The eBloodhound safety system
* The TCP/IP En-Route Packet-Routing Intermediatary Device Monitor Analyzer System
* The Justice Box
* The Nothing-To-Worry-About System
* The Fluffy Bunny Machine
* The Enigma Trapped In A Riddle Machine
* The J. Edger Hoover Memorial Email Sniffer
It would also help if they painted the box red white and blue and put silver stars on it too. Then I'd be less likely to be concerned about potential abuses.
Thanks
W
-------------------
Re:Why do you have expectations on Cerf's opinion? (Score:2)
If I had mod points (and hadn't already commented to this thread), I'd mark that "Insightful".
This is a classic example of exploiting people with the wrong type of expertise to cast a patina of credibility. It reminds me of the distinguised scientists who endorsed Uri Geller's spoon-bending -- however knowledgeable they may have been in their fields, they were clueless when it came to sleight-of-hand and distraction.
/.
Re:Innocent Need Not Fear? (Score:2)
Re:Missing the point (Score:2)
cellular service provider who allowed an illegal wiretap to be installed at the cell-site.
Certainly, corperate oversight won't work since corperations are too easily threatened by the government. It's individuals in the corperations who pose a threat to widespread illegal operations by law enforcement. That comes into play if the FBI has to have the ISP's admins direct a particular users traffic to an otherwise isolated sniffer such as carnivore.
In that scenerio, surely if the FBI had all traffic, or even a large percentage of traffic diverted, the admins would know it. Sooner or later, one of them would tell the world (possably involving getting drunk at a convention, possably not).
It's not good enough, but it does at least prevent routine large scale violations.
Re:Oh, don't you just love tham? (Score:2)
It's so sad that the FBI isn't satisfied with fair, lawful means of doing their job (which is, mind you, law enforcement, not crime prevention).
Actually, the purpose of the FBI is, as the name indicates, investigation. When there are credible allegations that federal laws have been broken, the FBI serves as the detective.
Ostensibly, they only investigate evidence that has been cleared by a federal judge. Whether Carnivore really can do that is what the review is meant to determine. Whenever there's private material that belongs to multiple parties (such as a hard disk at an ISP), it's important that some attempt is made to distinguish ownership of various different bits of data.
I repeat, we don't know if Carnivore does what the Justice Department and FBI say it does. Congress has adopted the right attitude that they should be worried if the FBI says 'Just trust us.'
However, in Carnivore's defense, if it really does do what it says, i.e., scan From: or To: to weed out all the irrelevant materials that have no bearing on the suspect, isn't that better than having a human scanning the emails?
Surely a human investigator would be less impartial about his or her task than a bit of software?
"I was scanning for Joe's drug trafficking, but here's this email I ran across that discusses DeCSS, boss. Ask the judge for a court order, and we can 'find' this tomorrow."
Meaningless PR for Shrink-Wrap-Security Salesmen (Score:2)
The only interesting aspect of "Altivore" is that it showcases the level of competance in the developers Network ICE hires. Here's a hint, kids, packet header fields are under the control of attackers, and they don't have to be self- consistant. Length fields are unsigned. Negative signed numbers make big-ass unsigned numbers...
And when the TCP header length can be longer than the entire packet length, maybe the equation "len = header - packetlength" isn't a great idea.
Its amusing to see a vendor that doesn't seem to know how to sanity check a pointer dereference complain about other vendors taking sequencing "shortcuts". Maybe an interesting "contribution" to the body of GPL software would be actual TCP reassembly code --- but given the sub-Phrack quality of this example, I think the only advantage a competant tech would get out of access to that code is a heads-up warning about the general lack of quality-control at closed, proprietary commercial software houses.
Re:Innocent Need Not Fear? (Score:2)
Bothering somebody isn't required. Playing loud music isn't required. Simply taking a walk, sitting outside and watching shooting stars, or walking to the 7-11 to get a Slurpee -- all illegal under youth curfew laws.
There are lots of violations of liberties, and battles against all of them are important. I've chosen youth curfews as a cause. The First Amendment guarantees Americans the right to freely assemble. Curfew laws take that away.
Your suggestion that this particular battle is "wasted" is offensive, at best. At worst, your belief that my anger is portable, and can simply be carted to some other offensive law, is ludicrous.
-Waldo
-------------------
The Panopticon (Score:5)
The Panopticon was a prison concept developed in the late 18th century. In the Panopticon prisoners were placed in individual cells arranged in a circle around a central tower. Prisoners could be observed at any time by a gaurd in the tower, but, because the tower had shuttered windows, they did not know when they were being watched or who may be watching.
Carnivore is the tower, we are all the prisoners.
We will never be allowed to see how the program works, because it may not be doing anything at all. It is not about catching criminals. The object is to take away the sense of anonymity, so that we know that we can be identified, and to create parnoia that we may watched at any time. The target is not criminals, but the general population. The effect is that it suppresses any radical ideas, creates complacence and conformity.
I need to go, the Thought Police will be at my door any moment...
Re:Vinton Cerf's bio: (Score:2)
Re:Vinton Cerf Says Carnivore Source Best Left Clo (Score:2)
Yep, just becuase he expressed an opinion that differed from your own, he's thrown away all that he's accomplished over his career.
When I say bet, I mean taking the short side of any stock in any company he's involved in
Great, go ahead and short a bunch of MCIWorldcom. Post your brokerage statement on the web. It will be amusing to see how much money you lose. If you make money, you can donate it to the FSF or the EFF or one of them folks.
Re:I can't believe it (Score:2)
Re:Not just see the source (Score:2)
You can send email to a lot of people on the net that you don't know; that web of contacts is one of the things they're looking for. So I sell race tickets to a guy in California, and he's a bad guy and again, I have to prove my innocence because I'm guilty by association. I agree they need a way to "tap" email to some extent; I just don't agree with the approach. They can get the logs now from the ISPs with a court order.
Re:Yeah, we're stupid. (Score:2)
- Main Entry:
- police state
Not necessarily just guys with guns. Reading my email without even telling me what you are doing, when, where, why and how it is happening, is an arbitrary exercise of power by police [FBI] and especially secret police [NSA].Function: noun
Date: 1865
: a political unit characterized by repressive governmental control of political, economic, and social life usually by an arbitrary exercise of power by police and especially secret police in place of regular operation of administrative and judicial organs of the government according to publicly known legal procedures
My point was, that at least the answers to these questions are covered by publicly known legal procedures, when it comes to tapping phones.
Thank you: your article supports my post :-)
cheers,
G
Re:Yeah, we're stupid. (Score:2)
-
What has made OpenBSD so successful is not the many eyes, but rather the FEW GOOD eyes.
Very good point. But remember that the OpenBSD guys took what was meant to be one of the most secure OSes, and gave it a damn good polish. Also, a lot of their job, was going through outstanding bug reports, that no one had got around to fixing. Would *BSD have been as secure as it was, to give them such a good foundation, without the hundreds more OSS programmers using/working on it for years? Would they have recieved the same quality of information in bug reports, if BSD users did not have the source code? Do you think Windows public beta test are really useful for anything more than guaging public opinion of the product?I'm not meaning to dismiss the work done by de Raadt et al, and know that I am not providing empirical facts. But I do not doubt that the coders in the public having the source helped the core development team.
How to audit Carnivore (Score:2)
- Get investigated by the FBI. This is not as difficult as it sounds, and to judge from the neo-Nazi rumblings coming from the DOJ about the "inherent power" of the government to monitor our communications, it'll probably just get easier as time goes by.
- Once you have reasonable confidence that the Carnivore parasitizing your ISP's network is following you, begin sending carefully prepared (and perhaps machine-generated) messages to and from a variety of email accounts, some bogus, some belonging to friends and relatives.
- This being done, wait until you're no longer under investigation by the FBI. (How to accomplish that is left as an exercise to the reader.) Use the Privacy Act to get a copy of your dossier and all the email Carnivore captured. Using this -- if your test data set was well prepared -- you should be able to deduce quite a bit about the behavior of Carnivore.
Of course, this entails some personal risk, but liberty usually does.Alternatively, if you think your local Carnivore is monitoring something it shouldn't, flood it with data and sit outside of your ISP's NOC and see how often the MIBs come to change the tapes.
Resistance to tyrants is obedience to God.--Thomas Jefferson
--
You heard it here first. (Score:2)
But did you know that without his help, Vinton Cerf never would have invented TCP/IP?*
Yeah. I guess I'll vote for Nader, then.
(*Helpful hint for ACs and moderators: read the link!)
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Walks like a duck, talks like a duck ... (Score:2)
hehe, sorry, couldn't resist...
--
Re:I can't believe it (Score:2)
Re:Not just see the source (Score:2)
Re:carnivore == wiretaps (Score:2)
Also there is a distinct likelyhood of such snooping meaning filling jails with petty criminals and political prisoners. Thus making it appear that a good job of law enforcement is being done. Whilst largly ignoring major league crooks.
The FBI, under Hoover, did exactly this.
Re:It doesn't matter what you care about (Score:2)
(Many former Federal employees are still on-call as needed; I once met a HS girlfriend's "retired" father at a job fair, behind the CIA recruiting table; a former coworker who was a "retired" SEAL regularly disappeared from work,... for several months.)
The point is that government "Of the People, By the People, and For the People" is at stake here.
This is why we have Open Meetings laws (and the Judiciary enforces these when they're flouted). As a parallel, it seems that what we need now are Open Source laws. Strong ones, with teeth.
Any citizen should be allowed to read the source code of any/every government information system, without barriers, fees, or harrassment. This is simply an extension of existing practices that laws, court decisions, and government rules and regulations must be published for all to see.
Since government IT systems actually _implement_ regulations, it seems not only fair but even imperative that the public should have access to review the logic actually used by government entities, i.e., the rules coded in their software systems. The IRS quickly comes to mind, here....
If such laws had been in place several years ago, the California DMV might have thought twice about _selling_ information from their databases of licensed drivers to commercial interests. They got their hands slapped for that one, but not before they'd already done it for quite a while. People had to _infer_ that they were doing that.
Government source should be open for all to view.
The choice of Vincent Cerf (Score:2)
Who chose this guy? Oh wait, it's the folks who want Carnivore to get accepted, isn't it.
Shouldn't the people (and yes it should be people) who examine Carnivore be chosen by the people Carnivore is meant to examine? (no taxation without representation! ;) I know I'd rather have hundreds of Open Sourcers examining it (even under NDA) than one guy chosen by them who used to work for DARPA, and thus obviously has the right attitude to be in the fed.
I wonder if I can find contact info for whoever's responsible... I doubt it, they're probably hiding like most people behind this sort of thing. (random question: why doesn't work in the preview? Soon I'll know if it works in the comments too, but whether it works or not, it's a bug.)
---
PFIR Statement (Score:3)
Re:Why do you have expectations on Cerf's opinion? (Score:2)
Did you bother to read the blurb above? It ends with 'This is nearly as reassuring as the Justice Department's decision to change the name of Carnivore...' I mean really, the WSJ headline I mentioned reads 'Web Guru Cerf Defends FBI's Use of Carnivore.' It goes on to claim Cerf is 'widely regarded as the the "father of the internet."'
Methinks you have misdirected your post against slashdot instead of against the mainstream press...
Jim
/. interview material? (Score:2)
/.-folks, get us an interview with him, please.
Re:I don't really care what Vint thinks about this (Score:2)
Maybe the refusal should be considered strong evidence that the system is not as robust as claimed (or that it enguages in activities not yet disclosed.)
Re:Yeah, we're stupid. (Score:2)
What the fuck?
What the hell is wrong with you people? if code is proprietary, then we may not distribute it without a license thats all There is no law anywhere that prohibits anyone from looking at something, (unless that something happens to portray minors in a sexual manner...)
carnivore == wiretaps (Score:4)
Re:Yeah, we're stupid. (Score:2)
This is simply saying that it uses "security by obscurity". Which isn't a good idea with something which is used for a long time or in a large organisation. Simply because sooner or later the informat will leak anyway.
Re:FBI's past history of benevolence (Score:2)
http://foad.fbi.gov [fooled.you]
fyi
--
Re:I don't really care what Vint thinks about this (Score:3)
Re:mitnick (Score:2)
I.E. the sort of approach which should be used against big business (or government departments) when they go off the rails...
He must be right!! (Score:3)
Not just see the source (Score:4)
I will not be sastified until every last Carnivore system is trashed and used for some other purpose.
He does make a point though... (Score:2)
I'm not attempting to trivialize his accomplishments in the computing field, but honestly I just don't see why his opinion matters in this case.
And by the way, since when is 12,000 a really low
----------------------------
But they can't change the name! (Score:3)
Jail webcam (Score:2)
Prisoners could be observed at any time by a gaurd in the tower, but, because the tower had shuttered windows, they did not know when they were being watched or who may be watching.
At least, Sheriff Joe Arpaio won't be able to claim a patent for putting his jail in a webcam [crime.com].
__
Re:Vinton Cerf's bio: (Score:2)
Re:You heard it here first. (Score:2)
Innocent Need Not Fear? (Score:2)
I was a plaintiff in Schleifer vs. City of Charlottesville [curfew.org] -- we sued our city over the youth curfew. What we heard over and over from the lawmakers and judges was "what would a law-abiding kid be doing outside after midnight?" The answer, of course, was "whatever the hell we see fit."
The innocent need not be concerned with their privacy? That's rich.
-Wadlo
-------------------
Missing the point (Score:5)
IMHO, the entire 'examination' is worthless and is designed to distract from the real problem with Carnivore.
For the sake of arguement, let's say for the sake of argument that unlike every other computer based system in history, it is hacker (and cracker) proof, and always does exactly what it's user wants it to do (no more, no less).
Further, let's assume that the source is released, and 100,000 respected experts are satisfied that the above is actually true.
The problem still remains: Without non government oversite, how do we know that the FBI isn't on a giant random fishing expedition? Sure, the warrant says JoeBlow@isp.net but how do we know that the perfectly authenticated FBI guy dodn't set it to scan for '.*@.*' with keyword filters instead? How do we know that the actual units being installed at ISPs have any internal resemblance to the one that was examined? Perhaps it has enough hard drives to actually hold '.*@.*' for several days.
In short, we don't need a detailed independant examination of Carnivore, We need a detailed independant examination of the FBI and DOJ.
Re:Innocent Need Not Fear? (Score:2)
Something which is only meaningful to citizens of a state which would never pass laws which are in violation of it's constitution, would never pass laws for purely political reasons, etc.
However by definition no-one lives in Utopia and even the most supposedly democratic democratic pass the above kinds of laws fairly often. (Indeed the US appears to be especially bad at passing laws due to political lobbying.)
Re:Grow up (Score:2)
However a big enough criminal organisation (especially if it started as a legitimate business) may well not be caught at all. e.g. Microsoft. Also IIRC at one time the biggest distributer of child pornography was some US law enforcment agency or other.
Flood 'em (Score:2)
Re:Yeah, we're stupid. (Score:5)
-
Well, it depends. Frankly, some code is proprietary, and as such, we cannot legally look at it.
I'm not asking for the source code to Windows. The FBI is not a private entity. It is meant to be there to serve the American public, and just saying, "it's our proprietary code, and we don't want to show you," isn't good enough. The American people paid for it. It is the American people's code.There are open protocols that the police have to follow if they want to tap your phone. Why? because this is not a police state. I have a right to ask what, when, where and how this may happen. Surely I have equal rights to know what is going on with carnivore. Was that FBI you said, or KGB? I couldn't quite hear.
-
We still can see what it does, and if we know what language it was written in, we can reverse-engineer it, but there will most likely be differences between that code and the original.
WTF? Are you a troll, or on crack?Are you suggesting people try to reverse engineer the carnivore communication protocols? Just how fast do you want a SWAT team on your ass? Please, don't try this at home kids, it would be a bad idea.
Or do you want to reverse engineer the carnivore program itself? If so, I recommend that an ouija-board will be more useful, than knowledge of what programming language it was written in. How, short of psychic powers, do you intend to calculate what a program that you never get to see running, which is running on a computer that you have no access to, and that you cannot directly communicate with (unless you happen to be a FBI agent), is up to?
-
Also, I can understand, from a security standpoint, that some code may not be made freely available in order to provide greater security for the program that the code is for. I don't necessarily agree with it, but I can understand it.
Ah - security through obscurity, that old favourite.Does the fact that Linux's source code is availably make it inherently more or less secure that Windows NT? Tough one to prove. But I would rather that carnivore was fully security auditted, OpenBSD-style. Many eyes. Shallow bugs.
Later, you go on to say, "I prefer it if not all information is free," well what if it comes down to this: making information about carnivore free, may make it less likely that your private emails are turned into freely available information. Saying, "I don't either to be free," may not be an option.
cheers,
G
Re:Why do you have expectations on Cerf's opinion? (Score:2)
I think the FBI wants the general public to think that his opinion matters, which is why it's important that it show up on slashdot.
Read the headline this way:
FBI finds 3rd grader who says Carnivore isn't that bad! General public rejoyces that their privacy is safe!
Better now?
I don't really care what Vint thinks about this. (Score:3)
I just think its very important that we seperate the technical innovation that some of these folks have been part of with their political or idealogical views.
From Article: Cerf also said that it would be a bad idea to force the FBI to reveal Carnivore's source code, as many of the system's critics have requested
Bad? Bad how? Does anyone have any other links that might have direct quotes? I don't see how releasing the source code 'would be bad' if the system is as robust as they claim.
Why not release the source code of the system? I mean, if it is really well designed and the authentication is so robust, what do they have to fear from full disclosure?
From Article: Carnivore's detractors had suggested that hackers may be able to gain access into the system.
Actually, for me the issue is more about the FBI themselves abusing this system than some future threat of a hacker takeover of it...
Re:Your .sig gives the answer: (Score:2)
--
Re:Not just see the source (Score:3)
Citizens are willing give up a certain right to privacy in order to be protected. However, things like Freenet are attempts to thwart Carnivore-like systems. It is unlikely that the Government will ever voluntarily give up what it considers to be its fundamental and unimpeachable right to conduct surveillance.
As far as Vinton Cerf goes: he worked for DARPA. He was a government employee. While I don't mean to imply that this somehow makes him untrustworthy, it does say something about his endorsement. I don't think it could be called an "independent endorsement" by any stretch.
I'd be interested to know what reasons he gives for not recommending open source. I suppose the only reasons that could really be justified are for "security" reasons. The government is all about secrecy -- why should they (or Cerf) say anything else now?
A few questions? (Score:2)
I have two cans and some string if I talk over it then do I have to allow the FBI to tap it?
Different Interpretations? (Score:3)
Vint Cerf, an Internet founding father who was selected to serve as an unbiased technical adviser on the Senate panel, was even harsher in his assessment of the suggestion that Carnivore be put in the hands of ISPs. The proposal "strikes me as alarming, quite frankly," he said.
Why do you have expectations on Cerf's opinion? (Score:5)
This isn't a rip on him - its a rip on slashdot for expecting him to say something momentous.
Its amusing how the readership of this site hangs on the words of Linus, Alan, ESR, Larry Wall, etc.
Make up your own mind folks, forget the celebrity worship.
The spirit is good, the letter is ugly (Score:2)
The spirit of carnivore is good, the idea that they can target one potential criminal, and read all email pertaining to him in an attempt to arrest him is great. The FBI needs somthing like that. The letter though, says only the FBI gets a good look at the code, and they can impliment it anywhere, anytime, on anybody, without any notice. I'm sure people speaking out against carnivore are on their list of people to watch, if nothing more than to test out carnivore. Which brings up the subject; is this carnivore version 2.0? How long have they been testing this program on the general public without informing us about the program? On the flip side, yes, everyone is fairly aware that the FBI and whatnot agencies have always been able to efficently monitor the people they want, but for them to blatently pointing out "yes, we're quite capable of reading all of your email, and yes we're not letting you see what kind of technology we're using, and we're going to keep it that way.". That was a mistake from the start, their PR department is getting spanked by the public, at the very least they could have predicted a reaction even half of this, and they probably could have released a basic skeletal (or even fake) version of carnivore? Either way, we're a government of the people, by the people; if the people are beginning to opensource many new software projects, it'd be nice to see the government at least attempt to follow with current trends and opensource the carnivore program. I'm sure ISP's wouldn't mind adapting the software as a government-provided-spam-blocker, we spend enough money as it is trying spam email cases as it is.
comments?
"Father of the internet".... (Score:2)
I've been brought up under the impression that Jon Postel, RW Stevens, and CmdrTaco made up the 3 men who concieved the internet (the baby)...
Re:What is the new name for CArnivore going to be? (Score:2)
Re:A few questions? (Score:2)
Which means that using the standard email protocols, you can encrypt the message itself to your heart's content, but you're still sending delievry information in the clear, which means Carnivore will still pick it up. It's akin to being able to look at envelopes that are spitted out through the post office system, and plucking out the ones that have the address you are interested in. But in the case of email, it's generally a bit worse as most text is sent in the clear. (And no, I don't think that encryption for everyone is the answer -- it should not have to come to this, is the point).
[*] I suspect it has to be on routers (the last point before the packet is sent to the internet backbone) as opposed to on the mail server as 1) many ISPs have multiple mail servers, and 2) any person smart enough with a home box can easily bypass their ISP's mailserver if they don't rely on that email address, including either using their own box or a 'friendly' open relay box for smtp processing.
What does it matter? (Score:2)
Re:Lets sidestep carnivore ? (Score:2)
What the FBI would be interested in (presumably) is threats to national security, terrorists, virus writers, etc... (Yes, virus writers... the gov't doesn't take kindly to "malicious" code, be it for shutting down computer systems or decrypting DVD's...) For anything you personally consider sensitive and don't want the FBI peeking in on, you always have recourse to strong cryptography, though of course there are no perfect solutions.
FBI's past history of benevolence (Score:5)
If you wanna get a better idea on what kind of intelligence info the FBI gathers, and the type of people it gathers it on, peep the FBI's Freedom of Information act site:
http://foia.fbi.gov/ [fbi.gov]
The site has reams of declassified FBI files on famous people like John Lennon, Lucille Ball, Jackie Robinson, Charles Lindbergh, Elvis Presley, John Steinbeck. They're all in PDF format, but at least that way you get to see the nifty black marks over the parts they didn't declassify.
--