Answers from Carnivore Reviewer Henry H. Perrit, Jr. 203
1) Ethical question
by Devolver42
Is it fair for an individual or group with clear political ties to a system to give that system a review? In other words, how can you be unbiased while still being politically tied to the situation?
Perritt:
Members of the review team do not have "clear political ties" to the Carnivore "system." I was last employed by the Federal Government 24 years ago in an Administration of the opposite party. Dean Krent was last employed by the Federal Government in the Reagan Administration, and has spent more time suing the Justice Department than he has working for it.
The notion that past federal employment or consulting with federal agencies, no matter how remote their connection to a particular program, disqualifies one from undertaking an independent review is preposterous. Certain expertise in technology and the functioning of government agencies is prerequisite to a competent review of Carnivore.
2) Is a whitewash inevitable?
by Jay Maynard
There's been a lot of comment on how the conditions the DoJ has put on the reviewers make a fair review impossible. Things like the right to edit before release, the right to veto participants, and the need to only use cleared personnel cast a cloud over the impartiality of the process. Many prestigious institutions were invited to submit proposals,and yet only two - yours and one other lesser-known - did. The backgrounds of the people atIIT and their past ties with the DoJ don't give any more reason to be comfortable.
How do those of us concerned about Carnivore's immense power for invasion of privacy have any reason to believe what you and your institution produce will be other than a whitewash designed to make Carnivore appear in the most favorable light?
Perritt:
Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States. It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.
The existence of limitations on personnel and on disclosure do not suggest a "whitewash."
It is very unusual for a federal agency to acquiesce in a third party review of an important system. Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."
3) Political or Technical Review?
by Anonymous Coward
Is the substance of this review to be political or technical?
To wit, is this review to determine if Carnivore performs actions that are within the scope of the law (political), or is it to define the complete potential of Carnvore (technical)?
Perritt:
The review will not be political in the sense that the term "politics" ordinarily is used. It will be technical in the sense that term is used in the RFP.
Because Carnivore is a tool, just as a hammer or a firearm is a tool, which conceivably could be used outside the limits permitted by law, the review appropriately will consider the operation of human, organizational, and judicial controls to limit Carnivore's use.
4) Your impressions.
by M-2
Can you give us your first impressions of the concept of the Carnivore concept when you initially heard about it?
Can you give us your initial feelings as to the legal standings under the Fourth Amendment that allows Carnivore to be used for the purposes stated, which it would appear technically violates the Electronic Communications Privacy Act?
What is your impression of the amount of interest the Internet community at large is taking in the entire Carnivore concept?
Do you feel there is too much paranoid fantasy going on, or do you feel there is some justification?
Perritt:
Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy. It is appropriate for the public to be concerned about how this balance is struck.
The Internet community appropriately has been concerned about technological developments that may affect the balance, including restrictions on encryption, development of new telecommunication systems that facilitate or hamper electronic eavesdropping and devices such as Carnivore.
In this respect, interest in Carnivore and a certain amount of controversy over it is healthy.
On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.
5) Who would Carnivore Really Affect?
by drenehtsral
In the end a system like carnivore will only work for a while, and only against fairly unintelligent users because end-to-end strong encryption is no longer compuationally infeasable. Joe Schmoe with the middle of the road prebuilt gateway could easily handle the processor load of encrypting all his e-mail with 2048 bit RSA (which is now freely available, and even exportable). Not only that, but even with existing (and reasonably near-term) quantum computers, we are not even near enough qbits to start tackling these cyphers, since they can't be broken down when being fed to a quantum computer.
So in short, is this whole thing just a moot point? Who would Carnivore really catch?
Perritt:
Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.
6) Are you willing to lose everything for your rights
by anticypher
If you found that carnivore did more than the FBI is claiming, would you stand up to their threats if you published your results to counter their "edited" report? Would you be willing to lose everything you have to stand up for the rights of Americans, your property, your retirement, your liberty, and your professional reputation? You would be vilified and persecuted by the FBI for your actions, even though you would win the admiration of liberty loving individuals all over America.
Or...
Would you shrug your shoulders, and knowing that some day the truth will out, say nothing if the FBI completely changed your report, and hope that when exposed your reputation is not too badly tarnished?
Perritt:
Neither the Justice Department nor the review team has any interest in a process that will not report conclusions of the review honestly and candidly.
I have seen no indication of any intent by the Justice Department to block the review team from expressing its views completely.
Given the level of interest in the Carnivore review, it is unlikely that an effort by the FBI to "completely change" the review team's report would succeed.
I am not willing to speculate as to what action I would take if inappropriate control is exercised.
7) Is this a real review?
by Apuleius
Jeff Schiller of MIT has declined to review Carnivore, saying that "what they want is a rubber stamp."
Obviously, you will say you intend to do a genuine review.
Why should anyone take your word over Schiller's?
Perritt:
I don't know how Mr. Schiller has any knowledge of what the Justice Department wants. I have been assured by senior officials at the Justice Department that a complete review, with honest conclusions freely expressed, is desired.
It may be that what Mr. Schiller wants is a soapbox, and I don't see why he should use a government-funded review for that purpose.
8) Carnivore vs. Sniffer vs. Altivore
by RobertGraham
I'm the author of Altivore and a long time sniffer user. The RFP was for a "technical" review to validate that Carnivore captures only the data allowed by the court order. Yet reading the resumes of the members of your team, I don't see anybody with sufficient techical experience in sniffing technologies.
Packet reassembly and state-based protocol analysis are critical to the minimization function. My believe is that Carnivore is essentially stateless, just like my own Altivore. I can create real-world scenarios where Altivore fails the minimization test. Sure, they occur less than 1% of the time; I don't know how that fits within the law. However, software can be written to meet minimization requirements 100% of the time (e.g. BlackICE does this for detecting cr/hacking).
My question is: will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data? Moreover, is there really somebody on your team that understands even what I'm talking about?
Perritt:
A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.
9) Comparing to wire-tapping laws
by VP
During the congressional hearing on Carnivore, the FBI stated that current wire-tapping laws are adequate for the use of Carnivore. Further more, they revealed that the uses so far of Carnivore had been according to the regulations of optaining a "pen-register" wire tap. Are you aware that (from what we know) technically Carnivore is much closer to the concept of trunk-tapping, as most, if not all the traffic at the ISP has to go through Carnivore? AFAIK, trunk-tapping is illegal - would you be of the opinion that Carnivore automatically falls under the same illegal category of wire-tapping?
Perritt:
Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment. It is far from clear that such limited acquisition of network packets at lower levels of the OSI stack constitutes interception under the law. Indeed, if appropriate filters are used in a sniffer or other network monitoring device, preventing human knowledge of material that is filtered out, there may be less threat to privacy interests than if human beings must review content in order to apply minimization requirements, as is commonplace with telephone wiretaps.
We will review whether Carnivore acquires information not permitted by law or in a manner prohibited by law.
10) Oversight of this interview
by Col. Klink (retired)
Are you free to answer questions posted here, or does the FBI review your answers first?
Perritt:
Neither the FBI nor any other government agency reviewed my answers to these questions.
too bad (Score:1)
Re:Damn moderators (Score:1)
if i may add my $.02,
Really, what happens when an ISP says, "No, we aren't going to violate our customers' privacy." Do they get hit with a "sure, we're investigating someone, and it's going to take an awful long time so we'll have to leave this box here indefinitely" warrant? Do they get pressured into accepting Carnivore installations in spite of the 4th amendment?
first of all you typically need a subpoena to do something like that. and i'm pretty sure a SP's legal department looks at them carefully. depending on the circumstances, subpoenas may get challenged, and it would go to a court to decide what happens next. it's not like they can just walk in and plug their gear in. knowing how several SP's POPs/DCs look like, it would probably almost always be a considerable engineering effort anyways.
working for a SP, just the simple thought of adding something like carnivore in the data path gives me goose bumps. and those have nothing to do with paranoia, dillusions or other relative sanities.
it's not clear to me how you aggregate the snooping by carnivore of traffic load-balanced and randomly shuffled over a variety of links. it would be interesting just to see racks and racks of carnivores and them desperately trying to aggregate the data and make sense out of it, WITHOUT affecting our customers.
heck, just for network management purposes such a task is a daunting challenge.
anyways, i'm rambling.
Huh? (Score:1)
The Answers.... (Score:1)
Yes.
Question 2. You will Lie. Right?
Not only will I lie on the report, I'm lying to you right now.
Question 3. You have no integrity...right?
What would you like my answer to be?
Question 4. You are a government shill...right?
They're paying me $20 not to answer this.
Question 5. Why should I believe you...You are a liar...right?
Would I lie to you?
Question 6. How will Natalie Portman be affected by carnivore?
I
Re:Crooks won't encrypt, Carnivore will work (Score:1)
You missed the non-sequitur (something's rotten) (Score:1)
Another important question that wasn't touched by anyone: The verifiability of the Carnivore systems in the field. Can we be sure that they are using the same software as the system being reviewed by IIT? How? With a tap on a specific phone line, or a diversion of a specific user's packets by the ISP, it is known that no other traffic is being intercepted. With something like Carnivore, it could be doing anything... and we would never know.
Something is definitely rotten in Washington, and this latest fetid emission is proof enough to convince any reasonable person. It is time to rescind CALEA and get our government out of the population-surveillance business.
Dismissive was what came to mind (Score:1)
Re:One thing is clear... (Score:1)
In not those words exactly, but combined with previous (and following) answers this snippet should give you an idea of what he thinks about the people whose questions got submitted:
I guess it's a nice way of saying 'you're a bunch of paranoid idiots, stop whining'.
what the writers of the constitution believed (Score:1)
think of who these people were. wealthy land and slave owners. if the constitution were re-written today the same way it was back then, it would be written by bill gates, larry ellison, jack valenti, hilary rosen.....
what the writers of the constitution were protecting was their own rights to conduct their business without interference from the government (which was also the reason for the revolutionary war.) remember the bill of rights wasn't even added until the states refused to approve it the firsttime around...
scary thought, huh?
but true...
Re:Your intentions are good... (Score:1)
the point is, the government provides a lot of services. most of them are valuable. you may not like them or agree with their value, and you are free to express your dissenting opinion.
but it does cost money for the government to provide these services. and the government can't make money out of thin air any more than you can.
Re:Perrit's mind may already be made up. (Score:1)
or perhaps it's possible that he believes that the idea of carnivore is not inherently unconstitutional, and that he is going to assess the implementation of the system to see whether it is implemented in a way that stays inline with current viewpoints on acceptable behavior by law enforcement agencies.
That sounds to me like he's willing to be censored
i don't see how you interpret his statement to mean anything of the sort. at any rate, maybe he is. he's not the only reviewer. it is possible that the government would wish to edit th report to keep specific implementation details out of it without changing what it says. if it's editied, we will know it. and if it is changed substantively by the government, somebody on the review team will let it be known. the govenrment can keep them from sharing technical details of the system with NDA's and top secret classifications, but they cannot keep the reviewers from sharing their opinion of the review process.
That's what impartiality means.
you, my friend, are not looking for an impartial reviewer. you are looking for a reviewer who has made up his mind ahead of time that Carnivore is unconstitutional.
but then again, i worked for the department of defense once so this is obviously a biased opinion. come to think of it, i go to school at iit, and actually had a class with dean perrit once. obviously i'm only here to spread misinformation and prevent you from uncovering the truth...
Oh well. Big Brother knows best I guess. get a life....
Re:Not exactly encouraging answers (Score:1)
never assume you know more than anyone. you will tend to find yourself proved wrong quite often. in this case, you may know more about setting up a linux box, but i doubt you know more than he does about the issue in question: the legality of the carnivore system. he is one of the country's more respected lawyers in the field of law & technology.
After reading his evasive and non-responsive answers, its pretty obvious that Mr Perrit (or should I say " Mr Parrot ") appears to be a shill, a disengenuous legal weasel, and is quite obviously comfortable at being kept firmly in the government's pocket.
actually, it was quite obvious to me that his answers where non-substantive because the questions were non-substantive. how many forms of "why should we believe that your report is not going to be censored" and "is the doj reading your answers to this survey" do we need to subject the guy to. there were a few substanive questions that i would have liked a bit more substantial answers to, but for the most part, i thought dean perrit did a good job responding to our accusations.
everyone here apparently has already made up their mind that carnivore is illegal and will be abused and that no matter what the result if this review is, the government has a premade report ready that they will publish in place of the "independent review". at this point, why did we even bother asking him any questions?
Re:My Carnivore review... (Score:1)
so your summary of tyrranosaurus' attacks is pretty much irrelevant... then again, so is this post.
Re:Perrit's mind may already be made up. (Score:1)
Writing in the present tense?? (Score:1)
Carnivore is used in sensitive criminal and foreign intelligence investigations.
I'm just curious...why is he using the present tense here??? Carnivore is?? That's frightening....
Re:he is feeding bs here (Score:1)
Further, the card does "tap" everything on its segment, but discards everything not destined for itself.
Re:he is feeding bs here (Score:1)
Re:I'm glad they know how to use a sniffer. (Score:1)
Re:Perrit Interview (Score:2)
Another thing I find amusing, is that the review is already over and done with. The gentleman sees "no reason" why the FBI should want anything other than a fair & impartial review. That's the exact same thing, as saying that Carnivore's software does exactly what we have been told, neither more nor less.
So... the Feds are paying for this review, the people doing this review become unemployable if they piss the Feds off, and the Feds get to edit the final report to suit themselves.
Am I the only one who refuses to take this matter seriously??
why impartiality is important to the doj (Score:2)
jump a few years ahead. the carnivore review was a wash. the doj have put their handy little sniffers in place, and actually manage to catch a two bit drug smuggler who wasn't smart enough to encrypt his email. he sues the doj based on the unconstitutionality of the carnivore device. the judge agrees.
oops. now doj is up a creek. carnivore has been declared unconstitutional and all of the work they put into it is for nothing. what's worse, they never got any big convictions out of it, and the one little two-bit smuggler they did catch gets off the hook. not to mention all of the bad publicity the doj gets.
if the carnivore system is going to get declared illegal or unconstitutional by a federal judge, it is in the doj's best interest for these lawyers to point that out now. because the doj can't do anything about a judges decision. they can do something about the decision of these reviewers: they can listen to what they say, and, if neccessary, change the implementation of carnivore so that it behaves within what is considered to be acceptable behavior for electronic surveillance. because not all electronic surveillance is unconstitutional. and if carnivore does violate our constitutional rights, the case will get thrown out of court the first time they try to use it.
Thoughts (Score:2)
He misses the point - that's not what we're worried about.
Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. [...]It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."
Um, hello? This is done all the time in the courts, by "experts". Obviously the DOJ has something to gain: power. And I'm sure they could offer something to the review team to persuade them. No, I don't think this'll happen, but simply saying "it's not in our interest" doesn't convince me.
A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.
Yeah, well, ping is routinely used, but that doesn't mean the users are familiar with ICMP "technology". I know plenty of people that use snoop on Solaris who don't understand protocol analysis. I don't consider this answer sufficient.
His answers appear a bit vague and "don't-worry"-ish, but maybe he didn't expect them to be examined so thoroughly, or maybe he had a bad day. I'm willing to give him the benefit of the doubt, but I'm still not completely conviced.
--
Re:Hmmm (Score:2)
It's seems to me that this guy is walking a fine line. He's answering questions in a hostile environment. That takes guts and speaks a little to his credibility.
By my view, this sort of system is an affront to our liberties. The fact that he's answering questions here make me think that he believes that there is a balance to be had (a hardliner wouldn't bother). I expect that he'll discharge his duties in accord with his beliefs.
Re:One thing is clear... (Score:2)
Even in my home state of Victoria, Australia, an "intelligence bureau" was set up where police were infiltrated into various groups of political activists such as student groups, the Squatters' Union, and a whole bunch of mostly innocuous community organisations. While it might be arguably legitimate to surveil these groups (including reading their mail, tapping phone calls, and keeping extensive dossiers on people who *hadn't committed crimes*) if they are planning violent protests, most of them had no such plans, and indeed the officers performing the surveillance begged their superiors to stop wasting their time. In one particularly sad/amusing case, the officer concerned sympathised with the advocacy group to such an extent that he spent a substantial amount of time teaching the members of the group typing skills so they could advocate their views more effectively.
When a new government was elected and discovered the surveillance division, the minister concerned ordered that the surveillance be stopped and all files to be destroyed. However, the surveillance continued and files were retained for at least another five years in direct contravention of the wishes of their political bosses (who were *fully* empowered to direct the police in this way).
People who worry about "law and order", "national security" and "stability" go work for these organisations. People worried about "civil liberties" don't.
Just because you're paranoid...etc (Score:2)
Okay, I"ll try not to sputter uncontrollably at the poor logic here. First off, why do you think they commissioned this? Public outcry (you used the term "acquiesce" yourself, so I assume you realize that this wasn't something they wanted). What, may we infer from this fact, is their "interest"? Settling the public down. Getting people to accept the boxes. Censoring anything that would prompt further outcry from the public (which they might again have to "acquiesce" to) would obviously be in line with these "interests".
The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."
Maybe I can help you with an example of the correct use of "counterintuitive": It's counterintuitive to believe that the review process has any integrity when a majority of institutions turned down an opportunity for a prestigious opportunity for national exposure because of concerns about the process.
Intuition says, and your comments bear out, that the only institutions that have no problem with the possibility of censorship are institutions that essentially trust the government (and of course, intuition can be wrong--I'm just saying that it's not on your side, not that we should trust it). Intuition tells me that, if you are the type of person that says "well, the govenrnment will probably only take out the parts of the report that are essential to security", you are much more likely to be the type of person that says "well, the government will probably only listen to the stuff that they're pretty sure is related to a crime". That doesn't give me warm fuzzies about your qualifications.
While I certainly agree that the average Slashdot poster is on the high end of the paranoia scale, I think there is a lot about this case that makes a lot of suspicion healthy. You appear to either believe or be trying to push the idea that this review is something that the government came up with because it felt that it would be the best way to protect our privacy. Whether you believe that or are trying to make it appear that way, it casts doubt on your credibility.
--
Re:One thing is clear... (Score:2)
True enough. It isn't *always* doing that. But you can't ignore the historical fact that the gov't did indeed set out to screw people like Martin Luther King.
This bill gives the gov't more than enough power to slap down anyone that ever tries to oppose it. You can't say "won't happen here" because it already did happen here. Nixon had an enemies list, but he didn't have the technology to review every god damned web page his opponents looked at...
DOJ Overview (Score:2)
If the DOJ *really* wants an honest review, why maintain the right to turn it into a whitewash?
Incongruent conspiracy theories (Score:2)
As this guy said, Carnivore is a tool, it can be used for good or bad. You trust our intelligence services with agents and sattelites and what not. You trust our law enforcement agents with guns. You trust our military with a staggering amount of weaponary. All these can be used for great evil. But that doesn't mean we would be better off sticking our head up our ass and abolishing them entirely simply because there is potential for abuse. Question them? Sure. Nail them where they abuse? Certainly. Abandon all reason? Never.
harsh punishment or investigative powers, not both (Score:2)
If the US justice system ever became oriented more towards rehabilitation and helping the offender reintegrate into society, then, and only then, would extensive investigative powers be justified. (That is the route many European countries have followed in the past, and their lower crime rates seem to justify it.)
So, people probably would be happy to give the US government broad new investigative powers if the US government abolishes the death penalty, decriminalizes drug posession, and shifts emphasis from retribution to rehabilitation. Otherwise, giving it both extensiv power to punish and extensive power to investigate means going down the road towards a police state.
Re:Not clear on something.. (Score:2)
Write laws first, then software.
Re:Not clear on something.. (Score:2)
Works both ways.. and I personally love at-will. It got me out of a bad situation in which I was able to just walk out and say screw it, I'm gone. Just because someone can terminate you at any time for any reason including abscence doesn't mean they are evil.
Re:wrong answer? (Score:2)
Re:Incongruent conspiracy theories (Score:2)
Why couldn't they just go behind everyone's back?
Because they are still restricted by law. Civil rights groups have sued to make the details of Carnivore public. As a result, the FBI was ordered to have an independent review of the system.
They already tried to go behind everyones back when they claimed it was the "Internet equivalent of a wire tapping". I know you see this as a blatently false statement.
Re:Foreign Intelligence Investigations?? (Score:2)
The reason why this is illegal is because they are thus spying on everyone, regardless of whether or not it will be used in court. Imagine technology like this being used in Nazi Germany. Holy hell would resistence not stand a chance.
I know thats an extreme example, but its best to understand power limitations in extreme situations. Then you can see how power is abused.
Re:Foreign Intelligence Investigations?? (Score:2)
If they're using this against foreign nationals as well, then they'd be alotting them the same rights as American citizens. That is of course, unless Carnivore has the ability to not play by the rules.
I take his statement practically as admittion that Carnivore does not play by the rules.
Foreign Intelligence Investigations?? (Score:2)
Carnivore is used in sensitive criminal and foreign intelligence investigations.
Interesting... so when they conduct foreign intelligence investigations, they must provide the target with the same rights as an American citizen? What a load of crap!
Widespread crypto (Score:2)
Although the export controls caused a real problem, they have been lifted. So I wonder what (if anything) the government is doing to prevent the proliferation of strong crypto. I kinda suspect they doing very little, either due to it being hopeless (genie can't go back into bottle) or because their cracking ability is far beyond what is believed (i.e. they can quickly crack what we think is strong).
About the only thing they can do to slow down crypto would be to apply pressure at some centralized points that effect many people (e.g. Microsoft, Apple).
Many of the mundane uses of the internet don't have any centralized point that can easily be pressured, though. (e.g. Open source.) That's why ssh/ssl are so much more commonly used by BSD/Linux users. I wonder why Slashdot doesn't let people connect via HTTPS yet. (But then I've always also wondered why Slashdot still uses GIFs, links to Amazon, etc. Inconsistency is not new here.)
---
Re:he is feeding bs here (Score:2)
One thing I hadn't considered... (Score:2)
anyway...
The part that interested me:
If appropriate filters are used in a sniffer or other network monitoring device, preventing human knowledge of material that is filtered out, there may be less threat to privacy interests than if human beings must review content in order to apply minimization requirements, as is commonplace with telephone wiretaps.
I don't know how we feel warm and fuzzy about it, but digital eavesdropping at least has the theoretical capability to be digitally filtered, with only relevant info ever seeing human eyes. Analog phone taps don't have that.
Re:The Questions.... (Score:2)
Only honest people take offence at attacks on their integrity.
--
Give me a candidate who speaks out against the war on drugs.
Slashdot is a tool (Score:2)
Re:Or it might just be... (Score:2)
If he had come up with an answer that stated that he *would* go against the FBI and anyone else trying to cover up the final report, I doubt they'd even give him much of a chance to put his input into the report-- i.e. "We're sorry, Mr. Perrit, but you're now responsible for checking grammar and spelling of the background section of the report!"
Not quite right. (Score:2)
Something to keep in mind: just his willingness to field questions about his Carnivore review says something about his commitment to an open process. He could have just told Slashdot to go away; instead, he chose to answer questions and bear the thousands of flames by people who really didn't think things through. For that, Mr. Perrit has my thanks and my commendations.
Now, on to a dissection of your flame:
This is a dodge--he was asked to address why the secrescy [sic] about the functioning of the device, not its actual in-operation placement. Let "regular" people see the source--the system is effective by its placement not by its function.
First, he did answer the question. The answer to the secrecy question is that the US Government is using this software in sensitive investigations which pertain to the national security of the United States. It is possible that Carnivore has some extremely cool technology inside of it (I doubt it, but it's possible) that the US Government doesn't want to see in private hands, for fear that it will launch a new generation of information-warfare tools.
Please note that for about eight years I was constantly violating ITAR and export restrictions. I am extremely skeptical of national-security claims when applied to technology. Just because ITAR was a steaming load of excrement, though, doesn't automatically mean Carnivore is. It also doesn't mean it isn't.
What Mr. Perrit said was, essentially, "the Government feels it is a national security interest to keep the Carnivore source closed." Frankly, I disagree with the Government's position--but I don't disagree with Mr. Perrit. Why should I disagree with him? He wasn't the one who declared Carnivore a national-security issue; that was the Department of Justice.
Carnivore's closed-source status, as well as the not-quite-open status of the technical review, are both political decisions made by political animals. Don't flame Mr. Perrit for it; his job is only to conduct a technical review, not to make political decisions.
What you're doing here is shooting the messenger for the message he brings. Better to shoot the politicians who wrote the damn message. (US Secret Service, take note--this is a figure of speech, not an incitement to violence.)
Yes, we know that about sniffer
Statistically, I find that doubtful. The overwhelming majority of Slashdotters know very little about crypto, about network security, about the interaction of technology and politics. There are eight people here whose opinions I give a lot of weight to. You aren't one of them.
Mr. Perrit did not get to his current position by being an idiot. It is hardly seemly for someone to accuse him of being an intellectual inferior without first reading his academic papers, talking to his past students, or maybe (just maybe) waiting for the Carnivore review to come out and then dissecting it paragraph-by-paragraph.
[W]e probably know more than you do!
What do you base this probability on? Please, enlighten me. The "we" you're talking about is all of Slashdot--and I've got to tell you, most of Slashdot is composed of morons. Richard Feynman was reviewing school textbooks a few decades ago, and one of the most egregious ones had been approved by the sixty-five engineers of some corporation or another. "Ah," said Feynman, "so that's why it's so lousy. If only three or four had approved it, it might have been worthwhile--but of sixty-five engineers, you can be assured most of them are crap."
(I'm putting words in Feynman's mouth here, but that's the general gist. See Surely You're Joking, Mr. Feynman! for his account of the matter.)
After reading his evasive and non-responsive answers, its [sic] pretty obvious that Mr Perrit (or should I say "Mr Parrot") appears to be a shill, a disengenuous [sic] legal weasel, and is quite obviously comfortable at being kept firmly in the government's pocket.
Grow up and stop flaming. Real hackers argue on the merits of something, not devolve into ad-hominem attacks.
It's unbiased because we say it is! (Score:2)
Justice has every incentive to cover up anything that may be damaging to their case. Given government abuses of the past, it's not out of the question that Justice has commissioned this review simply to create the impression that we have nothing to worry about from Carnivore. And the fact that the review team does not want to compromise their reputations, etc. is a pretty poor guarantee of a proper review. If they present a whitewash report (or Justice turns it into one), the truth will likely be hidden for many years, until long after the team members' careers are over.
And senior government officials tend to get to their levels of power by officially saying one thing and then doing another.....
I didn't expect much more (Score:2)
My original question had a background, which would have taken hours to think out, edit, and make concise and explicit. So my question was posted in haste, and didn't force the type of answer I was hoping for. Especially the "I am not willing to speculate as to what action I would take" bit.
Years ago I took an oath, to "support and defend the Constitution of the U.S. of A against all enemies foreign and domestic". Throughout my career I was questioned on a regular basis on the constitution, what actions were considered "defending", and which would be a violation of my oath. Some of these were taken from local problems which were never fully resolved, such as "If an FBI agent with local clearance for our SIGINT unit were to abuse the equipment to spy on his ex-wife, ex-girlfriend, and the local police investigating the stalking and harrassing charges, what would you do?" We had to state clearly what actions we would take to preserve our oath. Failing to swiftly and lawfully prevent others from violating the constitution was considered a violation of the oath, and a court martialable offense.
Those who have studied the US constitution, and the well documented actions of the FBI to ignore all of the limitations placed upon them, have to question whether advances such as carnivore will continue to violate the constitution. Certainly it is the major cause of concern with the critics of carnivore.
What happens when the FBI approaches an ISP with the demand to install carnivore for an indefinite length of time, and the ISP refuses? What if the ISP instead installs a publically reviewed wiretapping system such as altivore, and allows the FBI agents to access only certain information in return for a valid court order, to protect the fourth amendment? What if the engineers at the ISP were ex-military and took their oath seriously, as I still do, 20+ years after leaving active duty?
I've dealt with rogue FBI agents in the past, and the answer is that individuals inside the ISP would quickly find themselves with many small legal problems. IRS audits, anonymous tips to local police about pedophile activities, "ghost" warrants mysteriously inserted into the NCIC2k database, DEA alerts. When the FBI plays rough, citizens tend to get hurt.
Knowing that the FBI will play dirty to protect themselves, and their ability to ignore constitutional protections guaranteed to all citizens of the US, is what led to my question for Dean Perrit. He clearly knows the reputation of the FBI, knows they operate with impunity from prosecution for their crimes, and he declined to speculate on whether he has the integrity to stand up to the FBI. Given the possiblity he could quickly find himself an "ex-reviewer", his answer is about what I would expect. I also suspect Dean Perrit has never served his country in any manner requiring him to take an oath to defend the constitution, which is why the FBI has chosen him to be a reviewer. He may have no qualms about lying to the US population about the constitutional abuses carnivore will permit the FBI to inflict.
the AC
Re:One thing is clear... (Score:2)
Yes, there are a lot of people that are unreasonably paranoid about government. I think for a large part, a lot of what we see as "conspiratorial" behavior is just ignorance or stupidity, or truly accidental shredding of documents, whatever. Sometimes these people are annoying, but you can easily ignore or marginalize them (like those self-proclaimed "anarchists" at most of the protests happening - there point was...?).
*However* I think history has given us *plenty* of reason to be paranoid and _highly_ skeptical. Here is my rationalization: If we are *too* paranoid the *worst* that happens is we waste a lot of energy shouting about nothing and annoying people. If we are not paranoid *enough*, if we are too complacent, the price is far greater...we can get f*cked in so many ways we can't imagine.
Given that cost/benefit equation, I'll endure paranoid protesters. Hey, think of them as performing a service. They are harrassing government so that it is harder to step out of line. Is that fair? That's your call. Let's just wait until 2020, or 2040, when they release what "really" happened to JFK
Re:Or it might just be... (Score:2)
Answer the frickin' questions. (Score:2)
---
Any electronic eavesdropping technique or system is subject to frustration by new technologies.
It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.
Uh, it would be nice if he would answer the question, I'd really like to know. It's pretty obvious that law enforcement and national security agencies will keep up on technology, but he didn't make ANY reference to the practicality of a system like carnivore.
Way to play safe...
Re:Here's one they forgot to ask... (Score:2)
* kidding *
Re:Incongruent conspiracy theories (Score:2)
I won't admit that, because I don't believe the government is trying to follow the law, which in this case means the Constitution. There is plenty of evidence for this position; the Communications Decency Act, the Clipper chip, crypto export controls, Know Your Customer, the meth anti-proliferation bill, etc, etc.
What I do take issue with, is when they distract from the central questions by bashing integrity of the FBI and all other involved parties.
The FBI and many other government agencies deserve to have their integrity questioned based on past activities. Very few people here seem to have any difficuly accepting that entities like the RIAA and MPAA are determined to remove consumers' rights in order to increase their own power. Why can this not be true for government as well?
Carnivore is unconstitutional on its face. It is the equivalent of bugging every telephone in the country and promising only to listen to the "bad" people.
Re:too bad (Score:2)
IMHO, we probably can trust IIT. On the other hand, we have no reason to trust the DOJ or FBI. IIT could come out with a blistering report, and the FBI/DOJ could hide it or redact it into senselessness. Then, the proposed scenario here, IIT validates Carnivore (call it V1.0) cleanly, FBI/DOJ publishes report, and then deploys Carnivore V1.1, which has all the unconstitutional stuff that they *just happened* to add after the review...
But I definitely agree with this poster, that question SHOULD have been asked!
Re:Ummmm....yeah (Score:2)
Confidentiality? (Score:2)
Carnivore is used in sensitive criminal and foreign intelligence investigations. The
need for confidentiality in such investigations long has been recognized by the
Congress and Supreme Court of the United States. It is not unreasonable for the
Justice Department to assure that the details of confidential criminal investigations
or of foreign intelligence methods and procedures will not disclosed to the public.
Isn't that "Security by obscurity"?
If it is, I am afraid it has been shown not to work... Script Kiddies are going to have a field day with this.
Just my US$ 0.02...
Re:I have it up to here (Score:2)
There used to be a "Moron Muster" listing people who posted, publicly (on USENET, in plaintext) blatantly requesting pirated software (usually caught via a fake FTP w4r3z S1t3 announcement followed by a request for public "add me to the list" posts. Sure, they got added to a list...) The list was alarmingly large, but IIRC is no longer maintained.
The Algerian who got caught with explosives at the Canadian border 'round New Years -- apparently he or somebody in his cell made a pretty hefty mistake. Perhaps t'was infiltrated -- ISTR that once upon a time, a very, very large number of "members" of various extremist orgs like Weathermen, Klan spin-offs, and such, were actually Feds.
As for legality, well, that is a concern. Frankly, even for a "good cause" (counterrorism), I would not want to accept a precedent which said that existing statutes should be ignored when it is expedient to do so; it is too easy to cynically manufacture "good causes".
Consequently, current privacy guarantees should be maintained... and whether that is true may be based upon how good Carnivore's filtering system is. If the architecture guarantees that only specifically targetted communications will be visible to human observers (Ever. Not on tape; not shown on screen; but INVISIBLE as far as Carnivore's users and the users of its product are concerned), then it could be permissible. But ignoring existing Constitutional protections, or those granted by laws consistent with such, simply due to expedience is intolerable.
Crooks won't encrypt, Carnivore will work (Score:2)
I keep reading posts claiming that all crooks will use 128bit RSA encryption etc. However, if you actually read police reports and pay attention to who is getting arrested, I would say 99% of crooks have no idea what encryption is and no clue that email is logged and traceable. Yes, international terrorists and some smarter organizations will figure it out, but most criminals are not computer guys. Yes, they could easily be trained in all this stuff - but they have to know that it exists first. And Bob in his basement emailing plans for a heist or trying to pick up a minor is usually NOT thinking about that sort of thing.
Hell, how often do you read about computer companies that should know better getting caught this way? (ie, Microsoft.) Why the attitude that Microsoft isn't smart enough to encrypt, but Joe Criminal IS smart enough to encrypt?
Note that I'm not claiming that Carnivore is or is not a good idea here, just that it will actually have results if used.
Evan Reynolds evanthx@hotmail.com
Question #5 wasn't answered either (Score:2)
Who would Carnivore really catch?
The answer:
Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.
The question specifically asked who. The answer does not contain any specific names or categories of individuals or organizations. Even a statement like, "Carnivore will catch those individuals or organizations who are not equipped to thwart its capabilities" would be technically an answer, even though it wouldn't say anything.
I'm very dissappointed with Mr. Perritt. All he's done is further convince the technical community that Carnivore is a really bad idea.
--
Re:Perrit Interview (Score:2)
Re:Ummmm....yeah (Score:2)
Wow. I've rarely encountered any statement so completely erroneous.
The Fourth does no such thing. It prohibits unreasonable searches and seizures. The police can legally do any search/seizure they damn well please as long as they can later convince a court that it was reasonable. In practice, a whole body of judicial rulings has sprung up over the last 100 years or so that essentially translates "get a warrant first and you won't have to worry (much) about having a search subsequently ruled unreasonable." But that certainly doesn't mean that warrants are required in every case.
I don't like the idea of Carnivore. I feel sure it will be used for nefarious purposes. I think it should be vigorously opposed at every opportunity. But ridiculous overstatement such as this one only undermine our position.
Tell us why Carnivore is unreasonable. Then you'll have a leg up on showing why it violates the Fourth. I'm sure we could serve the cause of liberty by coming up with hundreds of scenarios where it would be unreasonable. Unthinking condemnation of warrantless searches, though, serves no useful purpose.
Re:Your intentions are good... (Score:2)
No, I'd be what I am now, namely a drone having a major portion of my income seized by the government so government officials can stay in power by trading the money so seized for votes.
Re:Your intentions are good... (Score:2)
I don't believe it. The government is not inherently evil. Capable of great evil, yes. But by itself, it just is. The government is made up of individuals, each of which is capable of making the wrong decision--as we have all seen many times. The reviewer does not, IMO, believe that the government will heed this review because of an enlightened sense of morality; he said that it was in the best interest of the government and of the reviewers to ensure a fair report. I happen to agree with that assessment. I also agree with the general sentiment that if there were a concerted effort towards a coverup, it may be hard to detect (given the level of secrecy around the issue)--and that's a shame. There is a need for secrecy, but the technologies here are pretty easily fathomed--it's not rocket science!
The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.
There may be problems, and toes stepped on, but the fact remains that significant public outcry exists. It is not in the government's interest to look like the bad guy, and more importantly, it isn't in the reviewers' interest to not be impartial. (Cynical comments about impartial reviewers having good prospects for employment these days are obvious, here)
The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.
Healthy suspicion doesn't have to look like paranoia. The government has a lot wrong with it, but even more is right. The fact that we can have this debate at all is evidence of the things we're doing right. Our government isn't supressing unpopular views! It's (in a fashion) welcoming them! It's far from perfect, but public opinion does get heard, and even acted upon. If the government was really out to screw you, you'd be dead. You're not, so we can happily argue about it.
-(())
what a load of crap. (Score:2)
So far as I can see, he has not realy answerd anything.... my confedence in all this is still in the toilet.
The FBI has already lied about Carnivore (Score:2)
i'm sure after the review even more lies will come out. even if that happens, is there anything we can do about it? so they lied about what it does, they will still try to prove that it's within the boundaries of the law.
Re:Or it might just be... (Score:2)
However, the opposite of Edward's law is also true: you can't supply a sociological solution to a technical problem. When you do you get something like the Challenger. "See there is no formal specification on how cold the o-rings can be, therefore it is safe for us to launch."
People - people rule the world - always have, always will. However People - people are for the most part evasive, dishonest, untrustworthy, weasels.
By his answers the person reviewing Carnivore is a People - person. He gives answers which appear to be straight forward and forthright. They are actually evasive and weasel worded. Of course most people are swayed by surface appearances - so his answers will be adequate for most people.
If he actually gave straight forward correct answers he would be a technical person, and he wouldn't be in a position to be answering the questions; he would be one of us asking them.
Re:Ummmm....yeah (Score:2)
Pretty clever, if the government wants to violate the 4th amendment all they have to do is keep the technique they use a secret and they are home free.
I think that a counter argument is "Any surveillance technique which is kept a secret is an unreasonable search technique - how can you reason against something when you don't know what it is?
Well that was rather... bland (Score:2)
Re:HYPOTHETICAL COURT CASE (Score:2)
Question 11 (Score:2)
11. Mr. Perritt, what did you have for lunch today?
A cheeseburger and fries.
Post: He clearly didn't answer that question. What kind of cheese? Did he have mayonnaise or ketchup? I know he didn't eat without a drink. He's clearly avoiding the question.
Does it really matter what the answers are? The proof is in the pudding. The review should be judged by the methods with which it was conducted and the results. All these posts remind me of someone's wife (not my wife...really). "Well, I want to be mad, and since you haven't done anything wrong yet, I'll just get mad at you for something I think you're going to do in the near future."
Here's one they forgot to ask... (Score:2)
Oh yeah, clipper... I guess that's the solution.
Re:Story submitted to slashdot ( more information) (Score:3)
I submitted this story to slashdot, but I have yet to see anything, so I thought I'd post it here.
Re:Incongruent conspiracy theories (Score:3)
I have no problem when people want to argue the issues where they lay. What I do take issue with, is when they distract from the central questions by bashing integrity of the FBI and all other involved parties. There is a world of difference between saying "I don't trust your judgement entirely, I want X, Y, and Z" and saying "I know you're TRYING to take my civil rights away, therefore I will do the exact opposite as you no matter what"
Scanning for whitewash .... found! (Score:3)
The question posed to this guy was not about a specific investigation or case; it was about the general process used for investigating. There is a huge difference between law enforcement not wanting to go public about the details of an investigation, and them not wanting to talk about how this new investigation tool will be used.
This falls under "foreign intelligence methods and procedures"? If that were true, then wouldn't they only need to tap into the backbones that connect USA to other countries, rather than tapping into domestic ISPs' LANs? If tapping into domestic networks is justified as an "intelligence method or procedure" that need not be disclosed to the public, then there is absolutely no limit as to what sorts of surveillence can be used against US Citizens. They could require that a microphone be surgically implanted in every US Citizen, and the application of this justification would be just as valid.
---
Re:I'm glad they know how to use a sniffer. (Score:3)
(OT) what about the NSA interview? (Score:3)
Looking at his answers to my question... (Score:3)
In the past, the FBI and the other groups in the Federal Government have tried to shove the balance completely to their own side. This has given us a significant amount of distrust in their motives. From the CDAs to Operation Sundevil, they have shown a lack of comprehension of the issue they have to deal with, instead avoiding the hard questions for the easy ones. And more and more often, they've gotten slapped down, and I think that's starting to make them very very cranky. And they want something that'll move the balance the way they want, and that no one can take away from them. And they think Carnivore is it.
The FBI has, in every case, tried to push to have back-doors put into encryption methods that they can access. Into IPsec. Let's not forget Clipper all those years ago. While I can understand there are potentially pressing reasons for these restrictions in the name of National Security, what's going to keep these people who would use encryption from snagging a half-dozen comp-sci majors from India and having them write a half-dozen different quick-and-dirty encrypts that you can use once or twice and then throw away. Even if it takes 24 hours to crack, some of these drug shipments will be done by then if they time it right and get it on the way. And they won't have the back-doors. Even if they use something like DES, they still need to figure the key for it... Which is something that hasn't been put forth. One-shot encryption is possible for the big criminal cartels, because they can afford to pay some people for it in order to make a profit in an illegal business.I'm going to go out on a limb here and think this means that he feels that our desire for a completely objective peer review by individuals who have no connection with the Federal administrative process is a bad thing. I'm not sure there's really anyone available who meets the criteria:
Would Lawrence Lessig? He's testified in a number of trials, and the fact that he's been mostly against the Federal requests may be a big red mark. Can anyone think of someone who's got the technical chops AND managed to avoid either annoying the Feds OR working for them?
----
I'm glad they know how to use a sniffer. (Score:3)
A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.
My reading of this is members of the team have used sniffers. What the question asked is if the team has any skills in implementing a sniffer. Does anyone know the answer?
Re:Story submitted to slashdot (Score:3)
A) This only applies to evidence relevant to finding the whereabouts of a fugitive from justice. A person only under investigation does not count. A person under arrest does not count. Evidence relevant to guilt does not count. Evidence requested must be relevant to finding a fugitive.
B) These are not secret -- in fact, they have to be reported (in number) to the House and Senate, at least for the next three years. In order to avoid disclosure to third parties, a Court must agree to one of various conditions, and "just because the AG says so" is not one of them. And judges DO get seriously, seriously angry at the Federal Government when they feel that the latter is abusing their court -- and the court can specify that nondisclosure is only temporary...
The court system is not being bypassed, folks.
But thanks for the alarmism. Without that, this just would not be Slashdot, no?
boxen (Score:3)
What we already know is bad enough. (Score:3)
The real problem is the features Carnivore doesn't have.
The FBI fought hard against that requirement in CALEA, and they lost. They also fought against the FCC requirement that the telco has the legal right to examine and question the legal basis of the warrant, and they lost on that one too. The Internet needs similar treatment.
Ummm...looking for an excuse? (Score:3)
(Emphasis added by previous poster)
He's right, it isn't in English. That's because he parsed the sentence wrong. The correct (and syntactically and semantically valid) parse is
In formal English, one "balances" a "against" b -- in this case, needs against threats -- and one does not "balance" a "and" b.
foreign intelligence investigations (Score:3)
Peritt had two sentences that I think explain why the Carnivore review is being conducted in such cloak-and-dagger style:
These are the first overt admissions I've seen that Carnivore is not just a law-enforcement tool. I suspect that the foreign intelligence gathering aspect is what the DoJ, FBI, etc. don't want publicly revealed or even discussed.
For example, perhaps Carnivore does something special with packets that are headed overseas or to foreign embassies. I bet these can be legally tapped at will, much as the NSA is allowed to monitor international (but not domestic) phone calls. I'd guess that scraps of intelligence could frequently be gleaned in this way. Say a Moscow embassy functionary emails his girlfriend back in St. Petersburg and says a tad more than he should to make himself look cool and important. Perhaps Carnivore would gobble this down.
I'm not sure whether NSA conducts industrial espionage as, apparently, some western European intelligence services do. If so, emails from foreign business travelers back home would be a gold mine. This would defintely be hush-hush to a vastly higher degree than banal packet sniffing related to a criminal investigation.
(Of course, why they wouldn't just watch overseas pipes instead of local ISPs isn't clear to me... okay, NO ONE BRING THAT UP, all right? I like my theory.)
wrong answer? (Score:3)
Perrit Interview (Score:3)
The Question: (Score:3)
Perritt: Neither the FBI nor any other government agency reviewed my answers to these questions.
Non-responsive. Only the second half of the question was answered.
he is feeding bs here (Score:3)
The previous statement is not true. (How does that sig go? All generalizations are false.)
First, many computer networks are now switched. A net card on a switched network segment does not "tap" all of the traffic traversing the segment. In fact, it does not even come in contact with it. The switch only sends data to a machine that is destined for that particular machine (done by mac address). This is, of course, with the exception of broadcast traffic.
Second, even if the net card is on a hub vs a switch, it still does not "tap" all the traffic on the segment. Any traffic that is not destined for that particular machine gets discarded. It only begins "tapping" all the traffic once it is put into promiscuous mode (sniffing mode).
Someone correct me if I am wrong, buy my understanding is that the Carnivore boxen will be inline on the ISP's network. In other words, all the ISP's traffic will pass through it. Seems to me he is playing down the sniffing functionality like it is something that every networked system does. This is simply not true.
IMO, someone who is supposed to be reviewing a sniffing system should not be spreading false information. Either he does not know what he is talking about, or he is spreading misinformation on purpose. Either way, I will not trust any information that he publishes about the system.
Hmmm (Score:3)
In other words, "I'm pretty sure I don't have the balls to make any waves."
Ummmm....yeah (Score:3)
"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy."
The second clause (in bold) doesn't appear to be written in English. What would it mean to threaten to invade the privacy of national security?
The first clause is more frightening: We (the people) allow laws to be created that "can't possibly be enforced" and then his first clause comes into play: "effective enforcement of the criminal laws". First you define the criminals, then figure out how to catch them.
This is EXACTLY why we (in the US) have a Bill of Rights. It says that, no matter what "criminal laws" you think you have to enforce, you can't do X, Y and Z. There is no "balancing"--the Fourth Amendment says you cannot search/seize my property without a warrant PERIOD. Carnivore violates that amendment, therefore it is unconstitutional. Catch your "criminals" another way.
--
An abstained vote is a vote for Bush and Gore.
Story submitted to slashdot (Score:4)
The government is going to be voting on a bill today that may give them the right to search records without a warrant, in secret. This bill has already passed the Senate! HELP!!!
The full story is at http://www.defendyourprivacy.com/ [defendyourprivacy.com]
I have some other urls as well to go along with this:
http:/http://thomas.loc.gov/cgi-bi n/b dquery/z?d106:s.02516: [loc.gov]
http://www.nationalreview.co m/k opel/kopel101000.shtml [nationalreview.com]
Perrit's mind may already be made up. (Score:4)
And even if he comes to the opposite conclusion,
It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.
That sounds to me like he's willing to be censored. This whole thing is a bit more than fishy if you ask me.
And yes, if you worked for the Feds at any time (even 24 years ago), much less the DoJ (Krent), then that sure as hell disqualifies one from undertaking an independent review. That's what impartiality means.
Oh well. Big Brother knows best I guess.
Re:Perrit's mind may already be made up. (Score:4)
But am I an evil person? Hell no, I am more for freedom than you are -- you know why? You are trying to censor him - I'd be willing to bet you haven't lived 24 years, so how do you know how long of a time that is? It's a long time, and a lot can change. Even if he did work for the DoJ, NSA, CIA, FBI or whatever - he still is a person with his own beliefs, not of the government.
Very formal and cautious... (Score:4)
The FBI didn't need to review this interview, since they know that he is very careful with his wording. He answered every question by either determining not to answer, or by being very terse and formal. Oh well, it's better than nothing, and gives us a peek into how their minds operate. We'll end up with a report that is worded very carefully and scholarly. They won't leave anything out, but they aren't going to speculate or probe the possibilities. More of a technical specification than a discussion of Carnivore.
-Adam
But roses don't eat people... do they?
Or it might just be... (Score:4)
...that "Since I can't see into the future, I'm not going to guess how I might react to any of an infinite number of possibilities, especially in a public forum famous for roasting alive anybody who doesn't swear by the Linux Party Line."
Don't you think that what action he takes might, just might depend on exactly what kind of "inappropriate control" is exercised?
Seemed a fair answer to me. What were you expecting? "I shall immediately flood the DoJ with complaints even though I haven't read the edited report!"??
All network cards tap? (Score:4)
You could say that.. but you could also say that the Wire itself taps all the traffic, and so does the T-connector...
The entire *point* of having that layer model is that a clear hierachy is specified as to what has access where, and the NIC is an integral part of the network layer itself. By default a network card doesn't generate an interrupt for packets that aren't addressed to itself, and I'm fairly sure that if I placed a card onto someone else's network and set it to promiscuous mode against their wishes I'd be violating a law or two.
I concede there are a few ambiguities... one of the reason that strong encryption by default is a good idea, so only the source and recipient can read that data? (Every web session over SSL, every shell over SSH etc...) Ooops, the government doesn't like widespread crypto either.
Your intentions are good... (Score:4)
This man does not share the belief that most
Ok. Maybe you don't believe this. But I believe it. And many other people believe it.
For instance, the people who wrote the US Constitution believed it. That's why they set up three branches of government specially designed to frustrate and impede each other. The US government is set up to do as little as possible. And for very good reasons: bureaucracies (and governments) expand to fill all available space. Go down to the DMV some afternoon and see for yourself.
It would be easy to say that he's just a governmen patsy, but that wouldn't be true.
Correct. He's not doing anything he knows to be wrong.
The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.
Ah.... I don't know. "Security" and "avoidance of embarassment" are very easily interchangeable.
The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.
I'm not going to bash him, but I believe he's not suspicious enough. I might trust him as a person, but I'm still not going to trust his report.
Bruce
Damn moderators (Score:5)
To paraphrase, the question was something like "How do you know the software you are reviewing will be the (only) software installed on the FBI's black boxes?"
Perritt did admit in question 9 that Carnivore would need to physically tap all traffic on a subnet, then apply software to reject packets not related to a particular investigation.
So how does he know that the software actually going into use will be the same as the software he is being asked to review? Since the FBI will need encrypted remote access to operate the Carnivore boxes, what is to stop them from uploading whatever software they want, without any judicial review or ISP knowledge, after the fact?
Of course, the answers have to be "he doesn't know", and "nothing", but I would have liked to hear it from Perritt himself.
Let's not forget the second most important question [slashdot.org], which only got moderated to a 3:
In Marshall v. Barlow's, US Supreme Court 1978, the court found that businesses are subject to the same Fourth Amendment protection as individuals are, in regard to Administrative agencies. How will the FBI install these boxes in ISPs when there is no ongoing investigation, and no warrant?
Really, what happens when an ISP says, "No, we aren't going to violate our customers' privacy." Do they get hit with a "sure, we're investigating someone, and it's going to take an awful long time so we'll have to leave this box here indefinitely" warrant? Do they get pressured into accepting Carnivore installations in spite of the 4th amendment?
FBI reads for first time? (Score:5)
Unless of course he sent it in an email.
Not exactly encouraging answers (Score:5)
For example
This is a dodge - he was asked to address why the secrescy about the functioning of the device, not its actual in-operation placement. Let "regular" people see the source - the system is effective by its placement not by its function.
And the answer?
Yes, we know that about sniffer - anyone here that has run Network General product to diagonose packet problems is aware that they are used routinely.
- Dont talk down to us, we probably know more than you do!
Are your team members going to ensure that it captures only the authorized intercepts and not infringing on the innocent? We are still waiting for a clear and definite answer on that oneAfter reading his evasive and non-responsive answers, its pretty obvious that Mr Perrit (or should I say " Mr Parrot ") appears to be a shill, a disengenuous legal weasel, and is quite obviously comfortable at being kept firmly in the government's pocket.
My Carnivore review... (Score:5)
1. The Tyranosaurus Rex, Common name T-Rex.
2. The Eatius Roadrunnerus, Common name Wile E. Coyote.
For the purpose of this review, I will be dealing with five categories: Attack method, Persistance, Cyclic Preference (Day or night?), Natural tools, and Success rate.
I.) Attack method.
First we will examine the Tyranosaurus Rex, here forward referred to as T-Rex. The Tyranosaurus has two main attack methods. The first and primary method is its enormous, powerful jaws. This attack allows a very quick kill of the quarry and is effective in preparing the meal for easy digestion. The second attack method of the T-Rex is its long tail, which can be used to knock over or stun the quarry at range. This attack has one major disadvantage, namely that it puts the T-Rex off balance, leaving it vulnerable.
The Coyote, on the other hand, has many attacks, but tends to focus on two: The Trap, and the Pursuit. In both cases, the attack is augmented by techological means, showing the cognitive abilities of the Coyote, also known as its "Suuuper Geeeenius."
II.) Persistance
In this case, the coyote is a clear winner. The coyote has been known to stalk the same prey for well over twenty years, showing that it is a very vicious and persistant hunter.
The T-Rex, on the other hand, shows limited persistance, generally giving up on any given quarry within ten to fifteen minutes, and not possibly re-attempting the attack more than an hour and fifteen minutes or so later.
III.) Cycle
Here, again, the Coyote is a clear winner. It has been known to stay up all night preparing for the next day's hunt. The T-rex, on the other hand, basically only attacks something near it, and has only been known to hunt during the day, unless it's raining.
IV.) Natural Tools.
In this case, the coyote is a sore loser at best. Its only natural tool is its mind, which, having no physical presence, does not really satisfy this category. The T-Rex, on the other hand, has many natural tools, including its attacks (see I. above), and its large, well formed muscles and skeletal structure, designed for the pursuit.
V.) Success rate
This, being the deciding factor between the two, determines who is the superior carnivore. So far, the contestants are fairly evenly matched, with the T-Rex excelling at attack methods and natural tools, while the Coyote is both persistant and follows a more effective day/night cycle. This makes the final category, the Success Rate, the tie breaker. In this category, the T-Rex clearly excels. It is able to make regular meals of many varieties of woodland creature, ranging from goats to Pondus Scumus, the modern Lawyer. The Cotote, however, has not once been seen to successfully capture and consume its prey. More often than not, it severely injures itself in the course of its hunt.
Therefore, the clear winner is: The Coyote, because it is much more entertaining.
Thank you and good night.
The Questions.... (Score:5)
Question 2. You will Lie. Right?
Question 3. You have no integrity...right?
Question 4. You are a government shill...right?
Question 5. Why should I believe you...You are a liar...right?
Question 6. How will Natalie Portman be affected by carnivore?
*ahem* half those questions were absolutely redundant. If I was that guy I would have refused to answer attacks on his integrity after the third or fourth time.
rev
Re:All network cards tap? (Score:5)
> SSH etc...)
I have to agree.
One of the battle cry's we have used at work is
"Plaintext Passwords must die" (they wont die soon but we are working on it).
I am in favor of doing it up right. Phase out http in favor of https. I know my webserver will soon have a rewrite rule to redirect all http traffic to https.
I like the analogy used in the PGP manual the best. Would you send all your personal mail on psotcards? If everyone did, then sending something in an envelope would look weird - suspicous even.
So encrypt it all. Everything. ALL traffic in and out of everywhere. What is really needed is a free public CA, who can sign ssl certs for people. Or, better yet, come up with a "web of trust" system and build support for it into the web browsers...then into everything else.
Crypto needs to be made painless to use. Simple and default.
-Steve
One thing is clear... (Score:5)
I, for one, have to applaud him for answering these questions without resorting to calling us the paranoid delusionals we really are.
It would be easy to say that he's just a governmen patsy, but that wouldn't be true. The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.
The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.
Question #8 (Score:5)