Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
United States

ACLU Files For Carnivore Info 107

Robert J. Berger writes: "A press release from the ACLU says they are using the Freedom of Information Act to seek all of the codes, records, letters and memorandums related to the FBI programs dubbed 'Carnivore', 'Omnivore' and 'Etherpeek.' "The FBI is saying 'trust us, we're not violating anybody's privacy,"' said Barry Steinhardt, associate director of the ACLU. "With all due respect, we'd like to determine that for ourselves.""
This discussion has been archived. No new comments can be posted.

ACLU Files For Carnivore Info

Comments Filter:
  • Everyone should join the ACLU [client-mail.com] to help them support more activities like this...
  • Isn't this comment a tad contradictory, surely they are invading the privacy of the users of the ISP being scanned as all data is scanned and analysed? They should release the code just for the sake of ensure it is doing *exactly* for the right purposes, who knows what other things they could run searches for as it sifts through the data. Surely the temptation to flag any messages with "terrorist" "bomb" and the like could proove too tempting.

    Just a thought...
  • by Stonehand ( 71085 ) on Saturday July 15, 2000 @07:37AM (#930943) Homepage
    Just skimming the Freedom of Information Act [usdoj.gov], one particular exemption catches my eye --


    ...would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law


    I'd think the FBI might make the case that if the design of the *vore systems shows WHAT it monitors -- how it selects such -- then this clause might apply. Certainly, this would seem to allow the FBI to refuse to describe *which* ISPs are being monitored... But then, I'm neither a lawyer nor a Fed.
  • I used to use Etherpeek in my door room in college (I didn't know it was an FBI program)

    Come on tho, you could see the traffic passing through your ethernet network, see who was logging in to prOn sites, steal their passwords for those prOn sites, etc.

    It wasn't the greatest program tho since keeping a log became a crunch on hard drive space... those logs got long REALLY quickly.
  • Probably even more important now is finding out what ISP's have this installed now. So how about hearing from different ISPs who have been asked to install it? Is it just ISP in the US? Or is it ISP that are worldwide, (AOL and the likes). Is the FBI even allowed to place monitoring software that will possibly monitor email from those outside the US or is this outside their jurisdiction? Many more questions to be answered and this Freedom of Information request is just the first step
  • by Anonymous Coward
    While I am sure that some people are uneasy about their privacy, they should try to understand just why the FBI [fbi.gov] exists.

    This great country of ours is founded upon certain constitutional truths, amongst which are the right to freedom, and the pursiut of happiness.

    What then, are we as Americans to do about those elements that do not share our vision. Are we simply to allow them to conspire to bring about our downfall ?

    I am sure that the FGI, and other government agencies have the wellbeing of the public at heart, and we should look leniantly on those few cases where they have crossed the line. It is understandable that occasionally a few zealots will take things a bit further than they should in support of a worthy cause. You only have to look at some of the claims made about Linux on this very forum to see how easy it is to become a fanatic :-)

    So in short, this is another non-event. As I have said before on this forum, the private life of Joe Sixpack is OF NO INTEREST WHATSOEVER to the FBI, and the cliche is still true, ONLY CRIMINALS NEED WORRY ABOUT THIS.

    You people should stop criticizing the very people who are trying to protect your safety even as our civilization is crumbling around us. Surely these people (the good guys) deserve our support ?

  • by ktakki ( 64573 ) on Saturday July 15, 2000 @07:42AM (#930947) Homepage Journal
    Etherpeek [aggroup.com] is the name of a commercial packet sniffer/network analysis tool.

    I sense a lack of imagination where the naming of secrets is concerned. What's next: Operation Trashpicker or Operation Hold-your-ear-against-the-wall-Here-use-this-drink ing-glass-you'll-hear-better?

    I guess even spies get bored.

    k.
    --
    "In spite of everything, I still believe that people
    are really good at heart." - Anne Frank
  • by Speare ( 84249 ) on Saturday July 15, 2000 @07:42AM (#930948) Homepage Journal
    The Freedom of Information requests don't return something useless like,
    • Carnivore, general term for any animal that subsists mainly on the flesh of other animals. More specifically, it refers to any member of the mammal order Carnivora. The carnivores are at the top of the food chains that make up the food web of the earth's life forms. They feed on herbivores, or planteaters, which in turn feed on the plants or dinoflagellates, at the bottom of the food chains, that absorb and store energy directly from the sun. Carnivores live mainly alone or in small groups and are not preyed upon except by other carnivores.

    However, they often return something just as useful, in that the government redacts the information returned "for security purposes." While redact means edit, in such cases it is effectively, black out with a wide felt-tip marker.

    If SlashDot were redacted the way most "important" data received through FoI requests, it would appear like this:

    • ***** Files For Carnivore Info
      Posted by
      ***** on *****
      from the
      ***** dept.
      ***** writes: "A press release from the ***** says they are using the Freedom of Information Act to seek all of the ***** related to the ***** " The ***** is saying ' ***** ,' said ***** , ***** of the ***** . " ***** ""
  • What if the boxen are configurable to the point that they'll discard packets that don't fall under an existing investigation? Then there might be no violation...

    Could simply be the equivalent of tapping a phone. If a possible perp is being investigated, determine his ISP. When he dials in (if it's not an always-on connection), the ISP should know due to authentication; then dump all packets going to/fro that IP, and stop when connection is dropped.

    Data can later be analyzed to check for things like e-mail messages (given that it may be interesting to know who a suspect is talking to) and so forth.
  • We need to remember there are other government agencies out ther that are snoopin' too. The CIA likes violating the rights of the US citizens and the NSA likes to violate everyones rights.
    Stay tuned cuz the FBI are the losers of the bunch. The get caught all the time for their dirty work.
    Hmmm, maybe it is just a cover up for what the CIA and NSA are working on?
  • I've lived in forign countries where the government owned all the land, took care of all the health care, (third world country so you can imagine what that was like) and could search homes or stop people without any reason at all.

    I don't really believe that the government doesn't have our best interest in mind at least for the most part. There is no possible way the FBI could read all email, and I would go even farther to say there's no way they are going to get the software installed at all ISPs. There's dozens of Mom and Pa Internet shops that simply aren't going to do it. The FBI found a loophole where they can gather information a possibly catch criminals. I truely don't believe there's a consipiracy to label everyone as a bad guy.

    Is what they are doing wrong? Yes I think so. Is it particulary dangerous to our freedom? Probably not, especially when compared to what goes on in some other countries. I'm glad the ACLU is stepping in but really what can they do about it? I'm sure that this sort of thing will still go on unless Congress opens an investigation and puts a stop to it. So if you are worried about the FBI reading your mail then encrypt it. Personally I have nothing to hide.


    Never knock on Death's door:

  • It has never ceased to amaze me how few liberties we would currently have, if it were not for private organizations, like the ACLU. The government cannot or will not protect us, so the ACLU has to.

    I personally am extremely pleased to hear of their FOIA demand for information on this blatant 4th amendment violation. The FBI needs to stay the hell out of our mail. And it's also high time that this sort of privacy violation got wide mainstream media, so that is is less likely to occur in the future.

    gitm

  • God bless the ACLU...

    Go get 'em, tiger!

  • All you have to do is look at the FBI files on Abbie Hoffman, or John Lennon, to see that they'll just come up 90% blacked out. In many cases, they omit entire pages--in other cases, they black out everything but the page number!

    Anyway, you can bet CIA, NSA, and probably FBI have been monitoring Internet transmissions illegally for years, just like they've been tapping phones illegally for years. The FBI may not be run by J Edgar Hoover anymore, but they're still the same organisation. In response to claims the CIA assassinated a Serbian official, the CIA said "We don't do that anymore." Bullshit. These are the same organisations, with the same goals, and they will continue their illegal activities against Americans and foreigners for a long time to come.

    The ACLU is unfortunately not going to get much out of them.

  • This is the most disturbing violation of our rights. Apparently the Effa Be Eye thinks that the electronic transmissions we send to and fro are just ripe for the taking. They claim it's only suspected criminals, "Suspected"?
    When activity like this is permitted then sooner or later we will all become suspects in their eyes.

    I applaud the ACLU! If they can actually get something done then they deserve a pat on the back or better.


  • For years, the government tracked and illegally (without warrants) bugged the phones of such people as John Lennon, Abbie Hoffman, Jerry Rubin, and more. You can see a list of some of these people and their (blacked out) FBI files at the FBI's FOIA site [fbi.gov].

    Anyone with any influence who disagrees with the government is going to be tracked, bugged, and if they're influential enough, eventually shot. No, it's not the Soviet Union, but it's a lot more oppressive than you'd like to think. The minute you speak out about the oppression, you start to find out exactly how close we are to fascism.

  • The FBI claims that they are already sharing information with the industry...

    (I'll believe it when I see it).

    The FBI is sharing information regarding Carnivore with industry at this time to assist them in their efforts to develop open standards for complying with wiretap requirements. The FBI did so two weeks ago, at the request of the Communications Assistance for Law Enforcement Act (CALEA) Implementation Section, at an industry standards meeting (the Joint Experts Meeting) which was set up in response to an FCC suggestion to develop standards for Internet interception. [1] [fbi.gov]

    What's interesting in this case is the FBI's press department, and their use of the word 'industry'. Usually, one would assume that they are referring to the 'computer' industry, but here, apparently, they are refering to the 'law enforcement' industry. See the CALEA web site [calea.org], and you'll understand...

    -jerdenn

  • Dunno if this is all over the country, but PacBell sends us here in California a list of legal notifications to have your phone tapped. They include beeping every 10 or so seconds, a verbal notification, and others.

    Email, of course, doesn't need any notification of saving the conversation if it is the send or receiving party that is doing it. But if there is a third party tapping your email line, they don't have to notify you. I'm curious if it is easier for the FBI to wiretap email than it is phone conversations, ie do they have to install remote hardware near the point of the tap for phone conversations?

    -- Moondog
  • Hey, predicting my death are ya? How's it gunna be? Please, not something boring like drunk driving or aids or lung cancer from all of those cigarettes I never smoked. At least let it be cool, like getting impaled by rebar shot from a railgun, or having my sole stolen by Microsoft.
  • by Anonymous Coward
    A company called (foveon) or something like that has placed a black box by the RMI.Net dial-up equipment. They say its to track users online and build marketing data from it. I was totaly against it, but had no say in the decision. So I took a vacation during the installation. When I came back it was all setup and no one ever talked about it again. I think the whole thing stinks, but the FBI has a job to protect. Unless the technology is abused its for our own good. I have had legal orders to supply the local sheriff dept. with user info and log files in the past. It's always been legit and called for in my own opinion. But to allow the FBI to do it when ever they want? Hmmm....... I don't know, but what if the sysadmin is anti-social or has a problem with authority, will he/she cooporate when asked to surrender info? I have no problem if its legal and justified. But will all other sysadmins feel the same? Who has a better employee screening process? The FBI or your local ISP? :)
  • In addition to the good job ACLU, EFF and other similar organizations are doing to preserve privacy in the net, we could do a lot more at the grassroot level. That is, we should do more to educate people in general about their right to privacy in the net ("No! Encryption is not only used by criminals nor does its use mean that you have got something to hide!") and advocate the use of strong encryption.

    Right now the problem with encryption is two-fold:

    1) PGP/GnuPG is still too complicated for an average computer user, not to mention Mom and Pop who just want to get their "internet experience".

    2) Strong encryption doesn't come as a default option in any popular e-mail program that I know of. Intentional or not, this severely cuts down the number of potential encryption users from the start.

  • Ok. Thats funny. An offhanded post intended to be silly, possibly entertaining, was taken as a serious thought. When was the "funny" removed from slashdot?

    Teslakid

  • If Carnivore was only doing what they say it is doing, then there would be absolutely no reason whatsoever for the FBI to keep information about the system so closed and secret (it's easy enough to get around anyway, with encryption). It's as simple as that.

    So then, the real question is not if they are doing something they shouldn't be, but what?

  • Several people have quoted portions of the web page posted by the FBI. To read the entire quote, go to http://www.fbi.gov/programs/carnivore/carnivore.ht m [fbi.gov] and read what is already avaiable.

    It isn't much.

    My question, which was not covered on the Web site nor on any story I've read to date, is what the FBI expects of the ISP that has one of these things put on its site.

    Perhaps a good Boardwatch article?

  • Whenever I spy on people (such as my 17 year old neighbors daughter), I always seem to land myself at the police department. But now the FBI can snoop on me without getting in trouble? Hrm. Bongo have idea. Bongo join FBI, learn about Omnivore, and intercept neighbors daughter emailing pictures of her diking out when she and friends had too much to drink! woot! Yay for democracy!
  • See my next post. The intent was /humor/. Think a little, your may nott ende up dying of stuplidity.

    Teslakid

  • The ISP's should have the right to know what the the FBI is putting their systems. I would want to know exactly what information it is taking the amount of bandwidth it is going to from me. All that stuff I would demand to know before I put it on my network. The source would be great so I know how I can work around it if it gave me problems
  • From the ACLU's letter:

    These developments have greatly increased the communications interconnectedness of all the countries in the world, especially technologically advanced nations like the US and the Netherlands.

    Does anyone have any idea why the Netherlands was mentioned specifically in this sentence?

  • One point not made in the Slashdot comment is that Congress is also interested in the issue. House Majority Leader Dick Armey has asked the FBI to stop using Carnivore until 4th Ammendment issues have been looked at, and the House Judiciary Committee is holding hearings on the matter on July 24th. That means that this isn't just a lonely fight of a few privacy advocates; some big guns in the government are at least interested and asking the right kinds of questions.

  • (warning: off-topic).. Sorry... I can't fathom evening *considering* joining the ACLU. I have no respect for an orginization that is so blatently stupid as to sue the State of Michigan for discrimination because it only offered scholarships to people who did *WELL* on a state educational proficiency test. Basically they're sueing the state of Michigan because they treat people who don't work as hard as others or are not as smart differently than they treat people who do work hard and are smart. Completley nuts -- while they're at it they should sue every university that doesn't let people in because of poor grades and test scores -- because they too are discriminating against people that aren't intelligent or hard-working.
  • One of the problems with sending encrypted mail is that I talk to a lot of non-geeks.. is there any support planned for GPG in Mozilla? Or some compaible alternative? This might be a chance to get encrypted communications more mainstream (I certainly make heavy use of SSH as is; It beats having to set up stupid display variables!)

    How about the web though? If "the man" can see what you're surfing, I don't know if I might like that. Do slashdot comments count as mail? What about hotmail? Or for that matter, ICQ? The hordes use ICQ a lot, and I know more than one person that sends drug-related info over it (much to my concern). If they're going to tap that, then this isn't about an email sniffer, it's about a network packet sniffer looking for strings.

    *sigh* Land of the free, indeed. Don't argue with the man, or he'll bust yo ass! It's not like you need to worry, unless you're a drug dealer/money laundrer/commie red pinko/branch davidian/mob leader/columbian national/insert group-of-the-month here

  • Really, is seeing the technical specs and source code going to help determine if the Carnivore system invades privacy? The FBI stated that all email traffic in an ISP goes through Carnivore. If that isn't invading privacy, what is?

    I'll try and guess how Carnivore works (the software that is, IDNJS about networks). I assume it requires too much disk to log the entire text of every message (and be too cumbersome to search, and be a tremendous waste of cpu). I bet they just index every message and check it against a list of "flags" - names, phrases, addresses or other terms related to ongoing investigations. If a message turns up a flag, the Carnivore notifies HQ and the message is logged. I bet the From:, To:, Cc: and Bcc: addresses immediately become flags as well. Perhaps all email traffic immediately following the flagged message would be logged for a certain period of time. Encrypted messages are ignored, but the From:, To:, Cc: and Bcc: addresses can still be checked.

    At least that's how I would build the system. Now, as a hypothetical exercise, how would you defeat it? Encryption helps, for sure. You'd need to change email addresses frequently, though. Or you could do what I do and live in a developing country. My ISP couldn't figure out if someone hacked into their system if their life depended on it, let alone figure out how to track anything.

    All I can tell you is the FBI will become the world's top experts on spam, as 60% of the carnivore's food will be spam. I can imagine a team of 30-year-old college drop outs working in a basement outside DC, reading page after page of spam on some trusty 1983 VAX machines.
  • The ACLU gets about 1 out of 100 right! They might be right on this one but they only support or defend the amendments to the Constitution that do not have the words "arms" or "infringed" in them. The ACLU is a hypocritical, worthless organization that should be banned by an amendment to the Constitution. Of course, that is one they would also ignore.

    --- Never hold a dustbuster and a cat at the same time ---

  • PGP, not GPG

    If you think you know what the hell is going on you're probably full of shit. -- Robert Anton Wilson
  • My ISP runs six OC48 lines into it's internal network. They claim the lines are running at about 70% use on average. I'm trying to imagine the size of a box that would handle that load...

    Anyone have any thoughts on this?

    -C
  • They haven't repealed the 4th Amendment yet. Isn't that an illegal search if there is no warrant?
  • Yeah. The government can suck your dick. Cause one fucking box is no way, no how gonna suck down multiple OC48

    Ahaha.. uncle sam you dumbfucker.
  • This sounds like a stupid idea. As I understand it, the system hopes to intercept the emails/ICQ logs/etc. of people who are stupid enough to crack systems, molest children, etc. and then brag about it over unencrypted channels. If everybody knows what selection criteria it uses, it'll be trivial for warez doods (in particular) to skirt around it by avoiding its key words (or whatever), and most of the good that might have come out of it will be neutralized. The FBI will point this out, the request will be denied, and the ACLU will be The Guys Who Want The Criminals To Go Free if they make a stink.

    Besides, there are much more valid reasons why Carnivore stinks. What the hell happened to eminent domain? If someone who gains unauthorized access to a web site is "stealing" server resources from the site, isn't the FBI "stealing" property that belongs to the ISPs here? What happens when the NSA decides that the security of the nation depends on them using my computer to help crack "terrorists'" encrypted messages? Kind of quartering soldiers in private homes, aren't we?

    Also, you have privacy. Now this is a thorny issue; IP packets aren't private in a technological sense. However, I think the courts would look unkindly on a company that sniffed packets from a backbone and sold the data (anything I tell my doctor/lawyer over ICQ, for example) for mining. The fourth amendment, probable cause... is it legal for a cop who doesn't have a warrant to stand on my doorstep and then bust me because he saw a bong in my living room when I opened the door? Probably. After all, I had no expectation of privacy. "Just use encryption." "Just use the window." Man, fuck this government.

    I've probably set off a couple of NSA sniffers already, so I'll give it a rest. God bless America; here's hoping she survives this generation's crop of power-hungry yahoos.

  • Maybe he's figured out what it's really for, in his latest article, Meet Eater [pbs.org].

    His reasoning leads him to this:

    "In this position, Carnivore can act as a listening and recording device, OR IT CAN ACT AS A SWITCH. If we ever hear a proposal from the FBI in which it plans to install Carnivores at all 6000 ISPs in the U.S., we'll be giving the government the power to do something it can't do right now.
    "Shut the Internet down."

  • According to the article, they do get warrants. If someone knows, however, I'd like to know whether the target of such a warrant has to be informed. I'm guessing no, else it would defeat the purpose.
  • But they can get one. And, so far, we've no evidence that the system is a) always-on, and b) indiscriminate. Unless an inside whistleblower reveals that, say, communications HAVE been recorded and examined without a warrant... there's no clear evidence of a violation. It all depends on what capabilities the systems have, and more importantly, how they use it.

  • Is it just me, or does the ACLU go after the stupidest things (not to say that this is stupid)? When was the last time you heard of them really changing the life of or liberating the average American citizen?

    A recent battle in Ohio comes to mind. The ACLU sues the state of Ohio for having "In God we trust" enscribed on a courthouse. Execuse me, but what do you swear upon when you testify in a legal court? The Bible. And isn't that same slogan printed on almost all of our legal tender?
  • Heres your takedown:

    "I bet they just index every message and check it against a list of "flags" - names, phrases, addresses or other terms related to ongoing investigations. If a message turns up a flag, the Carnivore notifies HQ and the message is logged. I bet the From:, To:, Cc: and Bcc: addresses immediately become flags as well."

    So if i'm flagged, and i send mail to someone, they become flagged? Buy a list of addreses, stick in the one you want. Write in code which is not obvious. Whammo. Ten thousand people are flagged, and don't know anything. They go about, sending their standard mail, and everyone is flagged.

    Teslakid


  • PGP, not GPG

    It was an encrypted message. :-)

    "I will gladly pay you today, sir, and eat up

  • No, he means GPG [gnupg.org] (aka GnuPG, the GNU Privacy Guard), a GPL'ed, open source alternative for PGP which does not use patented algorithims.

    The Mozilla Crypto FAQ [mozilla.org] has a little bit of information on encryption and the News/Email client.
  • so far, we've no evidence that the system is a) always-on, and b) indiscriminate.

    So far we also have no evidence that the system is NOT always-on and NOT indiscriminate.

    "Innocent until proven guilty" applies to those that the government accuses. The government itself is a separate category, and the functionaries of governments (both the US and others) have a long track record of improper actions.

    Government is granted extraordinary power. Strict scrutiny of government operations by the citizens is both proper and necessary to keep the government from exceeding both its own rules and its mandate.
  • I was going to moderate this thread, but I just couldn't, because I needed to let this rant out.

    To all of the people who think the FBI is so wrong in this(including the above poster): Who the hell do you think you are?

    We do not have a constitutional right to privacy. This is not a 4th ammendment issue either. If the FBI(or any organization, public or not), through legal means, asks an ISP to let them look through whatever records the ISP keeps, this doesn't violate the constitution in any way.

    The FBI is doing nothing illeagal here. If you are going to send plaintext over a mixed network like the internet, its going to be routed through some computer that you don't have an privacy contrract with.

    If you don't encrypt your email or network transmissions, anyone with enough money(power) can intercept it. And there is nothing illeagal about it(Contracts non-withstanding, but the buyer isn't at fault regardless).

    [sarcasm]Remember, information wants to be free.[/sarcasm]

  • Hi all, Here is some info that you may find interesting. I have worked in and out of the architectural/design/building industry for the better part of the last 14 years. In that time I have worked on the design and build of many telcom centers and ISP's. For this work security is stringent and done on a per project, eyes only basis.Most of these places (I am generalizing due to very real security issues in the telcom industry) are designed with very highly secure areas where the main switch/com centers and computer rooms setup with the following (very generalized and non specific) criteria: 1. switch/control centers have to be on an 'open' wall so that they may be visually inspected for bugs and taps. 2. computer centers and the racks they mount to have to have 100% visible access as well. 3. walls of secure areas usually have leadlined wallboard and welded wire mesh installed from deck to deck behind the leadlined wallboard. 4. these installations usually use the box within a box within a box scenario (ie secure areas within secure areas within even more secure areas built just as above.) 5. highly secure and mostly invisible CSTV systems monitor every square inch of the space inside and out of these installs, capable of doing so in complete darkness(i have done quite a few casinos that use very similar CSTV systems which can see every player and dealer at any given time) These are not the only security measures involved in building a telcom but this is as far as i can go without having to post as an AC. The folks working inside these areas have to have all sorts of additional clearances/citizenship requirements etc. Building these installations is not easy due to the fact that even the staff of contractors doing the build out typically have to pass security checks and sign nondisclosure agreements as to what they have seen and built. Telcoms are not the only types of businesses that have to follow these stringent security measures. There are a great many 'local companies' all over that are really offices for other agencies. You may or may not be aware of this but many times when these places are built they use names of 'private' corporations etc. to hide thier real ownership. Ironically, the ISP's that I worked on didn't have such security in thier design criteria (usually they are mostly concerned with disaster proofing and service interruption proofing) but if things keep going as they are it would not surprise me if they had to implement these types of upgrades due to the *ivor boxes being located within thier facilities. If that happens we will see a lot of ISP's go under as this type of construction, whether new build or retrofit is really very expensive. To sum it up, let me say this: the freedom of information act is really an obscene joke. I have seen documents released for the purposes of building these installations where as much as 90% of the actual design criteria is totally blacked out, 5% is readable but 'classified' (and usually printed in nonreproducable photo blue) and the remaining 5% is as generalized as this post is. Even if *ivor information is released to us via FOI act it will be mostly useless and not yield any clues as to the level that security is going to be compromised by it. Hopefully, there are some IT folks out there who work in these facilities that can provide us some insight to the systems without compromising themselves and thier positions. After all, matters of National Security are not a joke and in the big picture a little loss of personal privacy may seem trivial compared to whats really at stake (read:I am not in agreemnet with them doing this but I do understandwhy they are doing this). If you want privacy in your email the answer is very simple: use strong encryption and exercise due diligence in deleting/scrubbing your email after reading it. If enough people use highly encrypted email bigbrother will not have the time to decrypt all of it enmasse.
  • It's terrific that the ACLU are seeking some disclosure for Carnivore. I am hoping, however, that the prevelant tabloid-esque "Shocking revelation! The FBI may be monitoring your email!" attitude dies down a bit here. Are people that naive to think this is the first time the FBI (or other government bodies) has been actively monitoring traffic? The Internet was designed by and for the government!

    Look; not only are the FBI monitoring your network traffic, so are the Internet pedophile police, your ISP, the ACLU, Russian spy satellites, the National Baseball League, and my Aunt Bonnie.

    So please, all you sysadmins and DSL-packin' home-web-server 'l33t out there, please try to learn about the benefits of retiring legacy protocols like Telnet and FTP (which happen to send your password in plain-text), in favor of newer, robust, secure data types like SSH [openssh.com], scp, IPsec, and PGP. [mit.edu]

    And if you're really gonna get all worked up about "ooh, the FBI is spying on me using meat-eating computers co-located at my ISP", then consider using a secure operating system.

  • Define "you". Is "you" the United States of America. Or is "you" referring to whether or not I have another example?
  • by Anonymous Coward
    The FBI is doing nothing illeagal here. If you are going to send plaintext over a mixed network like the internet, its going to be routed through some computer that you don't have an privacy contrract with.

    Ok, you sound a little confused. I think the ACLU is trying to find out if the FBI is doing something wrong, by figuring out how this system works. If (for instance) it take everyone's email and stores it an FBI Drive, and they take it away to look through it all, searching for the email they are interested in, then I think the FBI is wrong. Especially if they keep all that mail along with the mail they were looking for. (You never know, they may need that other mail someday). It is trusting people like you that screwed oevr the most, only you don't even know it.

    [sarcasm]Remember, the government is your friend, and they would never do anything to invade on your privacy.[/sarcasm]
  • Since Earthlink is only collecting that data when it is being ordered to by a court I think that isn't such a bad thing especially since Earthlink is in charge of the data collection, not the feds. That way there is a 99.9% less chance of a federal fishing expedition which ends up monitoring half of the earthlink users because carnivore decided 1/2 the messages were suspicious.
  • by Anonymous Coward
    I'll let you in on a secret. Or probably not one but you never know. You want to know what the biggest use of Oracle and IBM databases is these days? (at least, it's the biggest thing going if you're an Oracle or IBM database sales person, this is money in the bank. I'm dead serious, I know guys who do this stuff for a living, there are ISPs that have more database hardware than they have network infrastructure!) ISPs buy them and they monitor your activity. The data is useful at several different resolutions, it could simply be URL hit list, it could be a user to URL hit list type list, it could be your full web dossier.

    There are lot's of ways to get information out of it for lot's of different reasons: knowing the 10 most popular destinations of your customers can be damn useful information for laying out infrastructure and inking advertising deals, that is just good business to keep those kinds of records and it's arguably not harmful to anyone. Knowing the habits of users without knowing the users is useful but requires substantially more money and processing power, this is for the data miners (who would have thought that the serious porn hounds are also predominantly overclockers?!?) this part is gold, there is no way this type of information will ever be made illegal and if you have the technology to master it you're going to continue to make billions. And then there is the credit industry style reporting where specific users are mapped to their habits, which has its own useful and devious uses.

    This stuff is done. You want to know half the sales pitch? A slick smooth talker from Oracle (a "shark" and not a "shithead" if you've ever worked there ;) comes and preaches the virtues of being able to build your infrastructure, better server your customers, then they go in to the cash you can make by selling the information if you want to go that route and the deal closer is protection. There have already been laws on the books that target ISPs as a way of controlling content. It's only a matter of time before an ISP is involved in a nasty legal battle because one of their customers did something with the net and someone lost a million dollars or got killed or worse; if you're an ISP you have to protect your business and that's all it is: a business with no nasty constitutional laws about privacy. (with the current legal landscape if you're a business you're really more akin to a target because suing is the way of the 21st century and individuals don't have money like businesses do) Now when you're a small to medium sized ISP with a hundred workers or so, the last responsibility you want to take on is policing your users and the last thing you want to happen is have the FBI come in and start mucking with your operation so that they can observe a suspect. These are fairly small businesses that are run on shoestrings and bailing wire, usually. You polish or clarify your privacy policy, buy a big mutha of an oracle database (I don't know of any specific cases but I imagine that you may not have to actually buy the database and the machine in some cases, deals can be worked,) hook it in and start monitoring. The FBI calls them up asking about Freddy Kiddie Porn Peddler and they can quickly provide them a detailed report of his activity, the FBI goes away and the ISP keeps running without any bumps. Don't believe me? how quickly and how detailed was the AOL 'core dump' when the Columbine thing went down? In hours, AOL had provided the FBI with extremely detailed information about the two shooters and AOL has millions of users. Ask Malda if he tracks IP addresses, I promise you that if the right AC posts the right message his IP will be pulled from the logs, the ISP will be contacted and he will be tracked down.

    Carnivore is a logical extension of this policy. It's aggressive and proactive, that's the biggest problem. Instead of just recording every email and providing the FBI with a listing when they ask for it, they are looking for deviants. It's uncool but there is no regulation, the internet isn't the post office and doesn't provide privacy like that. It's all commercial ventures and commercial ventures do whatever it takes to keep making money and avoid problems and there are no constitutional rights to violate because they're businesses. The only way this is illegal is if the FBI tries to force it on ISPs but more often than not they will probably volunteer because the FBI will provide hardware or something stupid and then the ISP won't have to spend as much money doing their own email tracking. They could just as well walk in to a bar and tell the bar keep that he'll get a $100 bill for fingering people dealing drugs, he already knows who it is and he probably doesn't want that element in his business anyways. The FBI gets a nice little list of people to suspect. Only it's not drug dealers or porn peddlers they are after, it's terrorists and potential terrorists.

    The only question in my mind is how far is the public willing to go? Most people have no real secrets, they are in to kink on the net and they don't want their family and friends to know. They are introverts and can't stand the idea of people knowing what they do, it makes them uncomfortable. Privacy and secrets are independent but our society thrives on the invasion of privacy and the supposed existence of secrets. We were captivated for a full year with the president getting a blow job, there are channels on cable the focus on gossip and celebrity worship, even the news is in an overload mode where an event happens and they don't stop covering it until there is nothing left to cover, privacy is invaded, and secrets are out. They fear Hoover-style FBI black mail, this is a potential problem but the potential is pretty small and as more and more people give in to what inhibitions they have about viewing porn and it becomes more socially acceptable nobody will care if you like the dirty shit. At that point it's your medical record and credit history, those are the biggest secrets most people have. Will people let the FBI snoop around in everything else if it stops Oklahoma City bombing number 2? Or Columbine 2? Who knows? If there is a few more school shootings like that and another major terrorist act like that then probably and who wouldn't give it up? And the news never steps in when the FBI stops something before it happens. The technology is there, the incentive for the businesses is there to use it, the FBI wants the information, other companies probably want it too.. Who knows? The ACLU stepping in is nothing more than a stunt to try and gain publicity for an organization that is trying to stay relevant (they seem a bit more selective these days when it comes to freedom and who can practice it) and a hiccup for the project. The FBI is simply asking businesses to provide information that they already have and keep. If you're a business who has started doing it then you can also just tell the ACLU to fuck off because it's classified information for your business.

    Really folks, privacy isn't nearly the hot button everyone likes to think it is. I was one of the original cipherpunks and what did we do? We built fricking anonymous remailers. BFD! It stops practically nobody from snooping because the people who can do it can do the simple traffic analysis it takes, there still isn't real privacy in the picture. Netscape has built in encryption and authentication for email (SMIME) next to nobody uses it, there is a third part involved in the process but it's still there and it's substantially more privacy than none, for $10-15 your emails will automatically sign and encrypt themselves and nobody does it. It's an extra step to encrypt or decrypt your email with most mailers and it's not worth it for the quick notes to most people. The more I look, the more it looks like the people who are serious about doing the email encryption don't do email because they are these socially dysfunctional introverts (I know a guy who sets up sendmail to reject non-encrypted email! I can't understand this because my non-computer-nerd friends won't encrypt and I don't want to stop emailing them, he just doesn't get much email and doesn't care, I can do you one better than that, why don't you just shutdown your mailer and not do email at all?) It's a typical political issue, everyone has pgp, everyone has a pgp key, everyone wants to know who to secure a file or email stream ("just in case",) close to nobody ever does it. It's really not nearly as important as everyone would like to think and it's simply a matter of social adjustment before that is realized or the switch happens and it becomes a serious issue.

  • Summary: just how much does the Carnivore box monitor? Does it look only at IMAP/POP2/POP3/SMTP traffic, or is its charter far, far broader to capture at least the endpoints of communciations using other modes of operation? Does this mean that the FBI therefore has a trace of all your activity available to it? The rest of this article looks at just how much the FBI would have to monitor in order to trace all possible mail traffic conduits.

    The telephone industry has been told they have to design switchgear to make ubiquitious wiretaps easier. That mandate has not, to date, been extended to Internet Service Providers...but I can see where the ISP business will be nailed in just this way. Unfortunately for law enforcement, such a law would only help them catch the really, really, stupid criminal or the casual criminal -- the hard-core types would enlist the aid of cybercriminals [no, not hacker you dimwit] to help them hide their tracks.

    Frankly, the Internet marketplace provides a number of opportunities to thwart this sort of stuff. Some examples:

    1. Etherswitches instead of hubs: If ISPs were to rip out all standard hubs and replace them with Etherswitches, it makes it far more difficult for the FBI to find a tap point. An added bonus is that your internal connectivity improves remarkably, and you will find it far less likely (using 100-Base T switches) to run out of bandwidth inside.
    2. Clusters for mail: By using cluster technology, where you use a group of single-CPU servers instead of a single multi-CPU server and a disk array, you improve your mail reliability and break the mail path into enough segments that a single-port sniffer won't do the job. The business reason to do this, too, is to increase the reliability of mail carriage -- particularly if each CPU supported both client and remote SMTP as well as POP2, POP3, and IMAP. If one CPU goes down, the other three can take up the slack until the one CPU is fixed. Properly designed redundent data arrays are in and of themselves immune to single-point failure.
    3. Webmail: This speaks for itself. The cops would have to be monitoring Web accesses as well as the seven or so mail protocols. Not only that, but the FBI box would have to be able to tell the difference between accesses to a mail server and accesses to, say, SlashDot. Webmail itself is easier to use than most Mail User Agents. The downside of Webmail is that the FBI could then monitor the Webmail service in some way...but there are plenty of free mail services out there. For a pen-and-trace tap, though, the free mail services have well-known Internet addresses, but the ability to trace mail through the free services would be far more difficult. Indeed, how do you differentiate between mail to a remote perp and mail to an innocent party? You would have to be able to interpret the content of Web traffic -- and that runs afoul of the content restrictions on pen-and-trace.
    4. TELNET: Then there is the use of TELNET-base mail services and TELNET tunnelling. Early ARPAnet users used TELNET to access the native mail systems on the hosts, and by prior agreement decided which hosts would carry what threads. Does the FBI capture every keystroke of a TELNET session to determine whether it "looks" like mail?
    5. FTP: Everyone is so hung on on SMTP/POP3 that they forget that for years significant communications have been done using FTP and other data-exchange protocols. See The Oddessy Files for a description how Authur Clarke and Bill Hyman exchanged files as mail using RCPM systems. With FTPS/990 and FTPS-data/989 the only option that law enforcement would have is a "pen-and-trace" to FTP sites, or an FTPD running on an end-point machine.
    6. Private-port traffic: Just because the IETF publishes a list of well-known ports doesn't mean that perps have to use those numbers. There are 65534 port numbers to choose from, and the numbers do not have to be consistant from host to host. Couple this with a network of proxies and relays sprinkled around the world (remember, there are countries where the FBI has no entry) and the only tool available to nail the perp would be RICO -- if they could prove it. Does this mean that the FBI would pen-and-trace EVERY SINGLE CONNECTION? Does it mean it has to monitor all DNS lookups to see if a DNS randomizer is steering a particular domain name to multiple addresses? Does the pen-and-trace also extend to DNS lookups in general? Or is it because DNS would be considered by the courts as "address information" that the content of DNS lookups would be captured?
    7. SSL [VPN]: Just because I'm using an ISP for Internet access doesn't mean that I use that ISP for mail. I could be tunnelling to another site, or a chain of sites, using VPN (IPIP tunnels encrypted with SSL) to obtain mail. Does the FBI intend to sniff out my tunnel usage and place Carnivore boxes at every possible location? Would the courts stand still for such activity?
    8. SSL [POP3S/995, TELNETS/992]: One of the concerns of the FBI was what happened when encryption became widespread. Now we know one of the reasons why. [Interesting that there is no secure SMTP available -- is it because sendmail and other MTAs don't want to support it?]
    9. SSL [HTTPS, especially Webmail]: This enhances the security of Web-based mail, where available. I have Webmail that understands and uses SSL, which means that I can avoid being snooped between client and my mail server, wherever that mail server is. Coupled with the number of Webmail services, it would take a large number of boxes to trace the activities of someone who has really learned how to use a large, large number of Webmail services. Building a private webmail service from readily-available tools, like Microsoft FrontPage, would be a snap...and the result would be something that could be used as a mail-relay agent that would thwart pen-and-trace wiretaps.
    10. Encryption in general: In many cases, law enforcement isn't all that interested in the content of the messages, but instead are interested in traffic patterns. "Pen and trace" taps are far easier for law enforcement to get, and they use it to identify targets for more traditional search warrants. The only way to avoid such traffic analysis is to use an off-short remailer to relay your traffic. In time, though, the use of a remailer service will be used by prosecutors as evidence that you, the citizen, have something to hide. Encrypting the body of your message, then, does something for you only when you really have something illegal to hide and you have really attracted the attention of law enforcement.

    This is not intended to be a primer on how to "get around" the FBI Carnivore box. This is intended to show (a) how difficult the task is to monitor all mail given current technology, and (b) to show how combating the technology already in place may cause privacy concerns far greater than mentioned already.

    The monitoring of paper mail is, by comparison, a far easier task: you have a handful of choke points (USPS, FedEx, UPS, DHL, and so forth) who need to be in the good graces of law enforcement to do their job. The monitoring of fax and modem traffic is done using pen-and-trace wiretaps, recognizing the unique wideband signals to identify the difference. (Did you know it's extrememly difficult -- read "expensive" -- to extract content from V.34 and V.90 traffic from a tap?)

    In contrast, once you get access to the digital Internet. how do you monitor ALL the ways to exchange mail?

  • Are you speaking of the guys at the FBI who bait people in chat rooms into agreeing to have sex with underage kids ? Yeah - they are really nice people, since going after criminals who DID something wrong is so difficult for them, they need to lure disturbed people into commiting crimes so that they can arrest them. Sounds like the Soviet union to me...
  • It this true? If so where can I get more information? I heard that some bbackward african state had the bright to legislate pi=3 but not a western country. Maybe it will help the folks in Lousiane prooving the earth is flat.
  • Personally I have nothing to hide." Did you learn nothing in high school civics? That is perhaps the single worst reason to tolerate government intrusion into your private life. Because God help you the day you suddenly disagree with something the well-meaning and benevolent people with guns and jails say or do, and they proceed to take a dislike to you. Or are you saying that scenario could never happen in the wonderful USA and thus we should discard the protections for the few because the masses are 'happy enough'?

    The Japanese in the U.S. during WWII probably thought so too.
  • by gmhowell ( 26755 ) <gmhowell@gmail.com> on Saturday July 15, 2000 @09:57AM (#930998) Homepage Journal
    >>>We do not have a constitutional right to privacy

    Okay, I'll assume you live in the US, and therefore cannot use that as an excuse for ignorance. You may remember hearing of a case about 25 years ago called 'Roe v. Wade'. The crux of the decision was based on the fact that people in the US DO have a constitutional right to privacy. It is not specifically written (AFAIK) but it has been interpreted thus.

  • From what I've read of the system, it's a box that gets plugged in to the ISPs network and sniffs the traffic.

    But don't most ISPs use ethernet switches rather than hubs?

    If so, the Carnivore box would only receive traffic addressed to it (none) and maybe the occasional wayward packet.

    Am I missing something? Are the feds doing some sort of MAC hacking or Tempest monitoring or other weird voodoo?

  • actually, the CIA and NSA take the rights of American citizens very seriously. Many times they have to immediately interrupt thier investigations and taps due to the realization that the persons involved are Americans. I have heard this a few times from people who worked in those circles and there were quite a few /. posts stating this the other day. I can't remember the specifics but there is a Presidential Order (or someother high order) that explicitly prohibits them from doing so. if you know which order it is please post it as i am interested in reading through the specs of it - thanks :)
  • by Anonymous Coward
    Is it just me, or does the ACLU go after the stupidest things (not to say that this is stupid)? When was the last time you heard of them really changing the life of or liberating the average American citizen?

    You mean like the 85 innocent people released from death row in the last 24 years?

    Going after any infringment of American's rights, no matter how small, is not stupid. Some day you might just thank them for it.
  • by Anonymous Coward
    The only solution is encryption, but you must use it to make it useful.

    Does it really matter if it's the FBI or some pimple-faced youth at your ISP violating your privacy. Just face the facts: You have no privacy on the Internet without encryption, your only protection is the masses of other traffic.

    If you have *ANY* intrest in privacy, then take steps to protect it. Install postfix+ssl on your mailservers, use GPG for your email.

    I'm so sick of people who post GPG keys but never bother using them. In order to prevent suspicion because of using encryption, you must use it normally. If someone posts their GPG key, then USE IT, if they didn't want encrypted mail, they wouldn't post it!

    Go grab my email and send me a GPG (/openpgp) encrypted email, include your key and I'll reply. The practice is good and it will certantly annoy sniffers. :P (http://www.linuxpower.cx/~greg/ [linuxpower.cx]).

  • ISPs also tend to use good switches. These (such as any Cisco switch, for instance) have directives for mirroring all traffic from (a) given port(s) to another port. Designed as a debugging aid, it also allows packet sniffers to work in a switched environment.

    We use it in conjunction with an http traffic analysis package.

    Switch#wri t
    Current configuration:
    !
    version 11.2

    [...]

    interface FastEthernet0/1
    port monitor FastEthernet0/2
    port monitor FastEthernet0/3
    port monitor FastEthernet0/4
    port monitor FastEthernet0/5
    port monitor FastEthernet0/6
    port monitor FastEthernet0/7
    port monitor FastEthernet0/8

  • Do most ISPs do this? I'm a Mindspring user, and now that they've merged, I wonder if this includes the entire Mindspring-Earthlink group. I believe Mindspring and Earthlink both aquired some smaller ISPs in the last few years. I'd rather have Earthlink scan my mail than the FBI though. I'm a little suspicious that Earthlink could reach an agreement like this with the FBI. I wonder what kind of quality control the FBI performs to ensure Earthlink is really gathering all the information they 'need'. My experience with Mindspring is that they're a good company, and I've never had reason to believe they were doing things with my information that I would not approve of. When handing over info to law enforcement through a court order, could Earthlink notify their customers first?
  • >Dunno if this is all over the country, but PacBell sends us here in California a list of legal notifications to have your phone tapped. They include beeping every 10 or so seconds, a verbal notification, and others.

    These are standard notifications that a conversation is being *RECORDED* (by a corporation), not that it is being *TAPPED*. (What, you think the FBI is going to play a bunch'o beeps to warn the terrorists :P)

    > But if there is a third party tapping your email line, they don't have to notify you.

    Unless that third party is acting under a court order, they'd be in violation of the Electronic Privacy act of 1991. Class 2 felony, I believe.
  • I understand your statement. I just believe that what your saying is "wrong" is actually "right." Oh well, we disagree.

  • ...More specifically, it refers to any member of the mammal order Carnivora. The carnivores are at the top of the food chains that make up the food web of the earth's life forms. They feed on herbivores, or planteaters...

    Ok, assuming we are both talking about the mammilian order Carnivora (of infraclass Eutheria, of subclass Theria), this statement is far from true. Members of this order can be described as Predatory mammals, however, this does not mean that they only prey on plant eating animals. Let's take a look at some common representitives of the order:


    Dogs

    cats

    bears

    raccoons

    minks

    sea lions

    seals

    walruses

    otters

    Most of these animals are far from being the apex predator in their particular biomes, and are indeed often preyed upon by other meat/meat&plant eating animals. Also, many of the aforementioned animals' prey are themselves carnivores/omnivores. Though this may be a little offtopic, it's annoying when people use zoology in vain.

  • TOP SECRET CARNIVORE

    (U) Artificial Intelligence email filtering algorithm:

    (TS) cat email.txt | grep (gnutella|napster|31337|pr0n|hax0r|PGP|Freenet|GPG |Klinton|bomb|Ryder|Waco|Ruby|Ryder) >
    /home/freeh/suspicious.txt


    TOP SECRET CARNIVORE

    Classifing authority DOJ. Declassify on OADR.
  • This is EXACTLY the kind of thing the successor to the KGB mandates in every Russian ISP. So what's the difference? The FBI guys wear white hats? These people need to be stopped NOW. With this in place, any individual even making a joke about drugs, politics or blowing up Congress in email will be susceptible to surveillance and harassment. Once they have your name in their little (big!) file they're NOT going to delete it, and you can look forward to a life under surveillance. The concept that 270 million people need to be searched in order to capture the tiny percentage of the population who are terrorists and drug dealers and child porno's is morally and intellectually bankrupt. They might as well just do mandatory house-to-house searches.

  • You could also roll your own using the open-source "mailsnarf" program. It is also pitifully easy to build the same thing from scratch.

    The beta of the next version of BlackICE Sentry (from Network ICE [networkice.com]) has Carnivore features built in. Administrators can configure "from" or "to" patterns to capture e-mails to the disk in mbox format. It can keep up with full-duplex 100-mbps connections, so you can tap into links between switches. This version runs on Linux, Solaris, or WinNT. It costs $5000, though.

  • On topic, off topic or blatant self promotion?...
    My little site, www.spamMimic.com [spammimic.com], will encode a message into spam for a tad of privacy AND possibly bog down Carnivore and the like.
  • by Anonymous Coward
    You obviously haven't read The Prince or any political theory. You're obviously very naive and think people in government are not full of the same prejudices and ignorance found in the general population. If you had ever worked with the government you would know what a bunch of idiots are running the show. These are the people who bombed the Chinese Embassy for crying out loud. You trust these people to spot a real threat? And besides when has the FBI ever stopped a terrorist using these techniques? Its really jsut an extension of their insane War on Drugs which gives people life sentences while murders walk!!And nothing will stop the Timothy McVeys of the world. But perhaps the McVays win when we allow the government run by morons to take our rights because we have alowed irrational fears to overwhelm our judgement.
  • Tell that to Mumia Abu-Jamal, or kevin mitnick, or anyone in hollywood during the 1940-50's who had possible ties to marxism.

    Going after individuals without regard to the law is a tactic the united state's goverment has done, is done, and most likely will continue to do assuming there are no major chances in law enforcement policy.

  • Note that the bold italics are something that the person that I am responding to is responding to. The italics is the person that I am responding to.

    You sure sound like a troll, but I'll bite...

    Heh

    stop criticizing the very people who are trying to protect your safety even as our civilization is crumbling around us

    Yes, our civilization is crumbling about us, but the criminal(s) that we should be worried about is not ordinary criminals, but the government itself.

    And you should stop watching crap like America's Most Wanted and read some real statistics for a change. Crime rates are down but this is not being noticed due to the crime hysteria, fed by the law enforcement agency sponsored cop shows and other propaganda.

    I agree with you on this point. Stuff like Cops is just pure jingoistic government propaganda

    Government is not your enemy, but it is not your friend either.

    ONLY CRIMINALS NEED WORRY ABOUT THIS

    Ok. You must be a troll. History has proven this claim false so many times that we've lost count.

    Not just this, but anyone who doesn't have full support for and loyalty to the government should have the shit scared out of them right now. You should be worried about getting shot by the government death squads which will most surely come our way with the way our country is currently going.

  • I think he was just trolling.

    Of course I may be giving him too much credit...

  • If you have nothing to hide, please post your complete address book; all of your credit card numbers, with expiration dates; your income tax return and all of your bank statements for the last year in your reply to this. Trust us, no one who reads /. would do anything that is not in your best interest.

    Or maybe you actually do have something to hide.

  • So we have an organized criminal, a Communist, and a race-warrior. Are these not people the FBI should be tracking ?

    The Freedom of speech is not just for people we agree with. (If that were not the case, one of us could not take part in this discussion). There is nothing illegal about being a Communist. There is also nothing illegal about being proud to be black, or even believing in racial apartheid.

    Unless you can show where they DID SOMETHING ILLEGAL (and don't bother with jaywalking or speeding), the argument doesn't hold.

    BTW, I believe you confused Jimmy HOFFA and Abbie HOFFMAN.

  • First of all, I find your American clichés extremely annoying. America is neither better nor worse than other countries...you just happen to have a bigger army and economy thanks to the fact that the land you snatched from the Native Americans is very mineral rich and fruitful. You also fail to realise that not everyone agrees with the laws of the country they live in. I, f.e., belive that cannabis smoking should be legalised, yet I am the victim of government agencies that are enforcing laws I do not agree with or consent to abide by. The people who work for government agencies aren't Crusaders in Shining White Armour, coming to the rescue of the victimised and helpless citizens. They're people, like everyone else, people who want their payroll and pension. They don't particularly care about John Doe or his privacy or his rights not to be scrutinized, violated, beaten or abused. I know this may sound extreme and paranoid, but they're part of a machinery that governs society as a whole, a machinery that protects the values and ideals of the wealthiest and most powerful. Their values do not neccesarily coincide with mine, or yours, for that matter.. The individual doesn't come into this. It's a machinery of numbers. You say that only criminals fear the law! I have never heard such preposterous nonsense. Everyone has violated some law at some time. Everyone feels his freedom is violated when he's driving down the street and sees a police car. The automatic reaction is to slow down, drive carefully, ANYTHING to avoid the scrutiny of an agent of that system! Your freedom is inhibited by enforcers such as these. It doesn't help that certain types of people are attracted to positions of official power, such as the FBI or regular police. It attracts people who enjoy having power over others, enjoy the fear they cause. The system is NOT the good guy. The FBI are not valiant defenders of "normal" people. They're a bunch of people with rights to pry into your life. Think about it that way. Criticism is always good. It leads to self-improvement on behalf of the criticised. Intelligent people have been saying that civilisation is crumbling since the invention of the railroad. My Very Long Two Icelandic Crowns.
  • So we have an organized criminal, a Communist, and a race-warrior. Are these not people the FBI should be tracking?

    In short, no.
  • ok...Roe v. Wade, constitutional rights to privacy, the 4th amendment all that's all fine and dandy, but if the FBI wants to put some kind of software on ISPs servers and the ISPs refuse, then move on to the next ISP who will let you and eventually you'll get the "terrorist" you are looking for. Here's a suggestions: try monitoring some of the large peering points and watch the traffic from there. Narrow it down, instead of 5 bazzilion ISPs, go to smaller points and try the packet sniffing from there!! ISP servers are problematic on their own, much less adding additional propriatary software that may or may not work with the current setting, therefore crashing them, who needs that? anyways that's my 2 "sense"....!!
  • I believe you are speaking of Affirmative Action, and certain Michigan School's efforts to end the practice of Affirmitive Action admission policies.

    While I tend to agree with you, I'm also willing to conceed the point that current admissions practices to tend to be be weighted towards the middle-upper class white male.

    -jerdenn

  • Wake up my friend. I'd support the ACLU if they didn't waste time and money on trivial matters (like the courthouse example I gave) most of the time. But the fact is that they do. Very little comes out of their pursuits.

    And the death row matter was not spearheaded by the ACLU by any means whatsoever. They merely jumped on the bandwagon for their own advancement.

  • Do you know why your Windows computer crashed the last time it did?

    But of course. It was the VXD error in " " which caused a page fault at 3a77bfff::7acc3246. Dumbass! :-)

    "I will gladly pay you today, sir, and eat up


  • Executive Order 12333

    "Never attribute to penis that which can reasonably explained by cigar?"

    "I will gladly pay you today, sir, and eat up

  • by Anonymous Coward
    There is a HUGE difference between Carnivore and existing wiretap systems. I am Chief of Technology for a CLEC and also handle the National Security stuff. When we get a court order, WE, the carrier, present the required call content to the requesting Agency. ONLY calls destined for or originated by that number(s) will be presented to the Agency. There is a check in the system - the carrier ensures that the Law Enforcement Agency does NOT get any other calls than the ones authorized. Carnivore, on the other hand, looks at anything and everything. The telecom carrier has no way to verify that the LEA is monitoring only the authorized party(ies). I can tell you from personal experience that some agencies try to take shortcuts. I was served an improperly completed order a few weeks ago. I suspected that the judge had given the cops some blank orders which he pre-signed. Or maybe the judge doesn't know how to fill one out properly. And can't spell his own name. :-) I refused it, called the judge personally and informed him that if it happens again he's going to be seeing a grand jury. Haven't heard anything more... In short, in any system like this, checks and balances are vital. Hope Congress doesn't get snowed by Janet Reno and the FBI BS'ers like they did on CALEA!

  • Gonna keep some CA's (Carnivore Admins) hopping if the box is Windows-based.

    "I will gladly pay you today, sir, and eat up

  • >>To all of the people who think the FBI is so wrong in this(including the above poster): Who the hell do you think you are?

    A citizen of the US-of-A. It's bad enough that I'm going to be of leagal voting age in tenmonths and either Bush or Gore is going to be in power (Support the one-and-a-half party system!), I don't need the FBI looking through all my e-mails. All I need is for this Carnavore BS and the Anti-Metaanphetamine rider to get passed and we've lost everything our forefathers... (::Somewhere, the Star-Spangled Banner is hummed::) ...ok, enough of that gooey crap. You get my point. If we lose on this battle, what's next? I, fore one, don't want CBS's freindly facism, aka the show Big Brother (Somewhere, George Orwell rolls in his grave), to become a reallity for everyone.
    -=The Rimstalker=-
  • or having my sole stolen by Microsoft.
    Writing shoddy software, anti-competitive practices, maybe even racketeering are fair enough claims but the slurs that Microsoft employees break into people's homes and steal their fish have never been substantiated.

    LOL
    -=The Rimstalker=-
  • Robert Cringely has an interesting perspective on this issue at PBS. [pbs.org] The real question, as he points out is "Why does the FBI need a box?" since they could do what they purport they want to do by some simple changes in an ISP's router.
  • I'm confused -- you want to ban an organization because you feel they are not defending civil rights vigorously enough?

  • uh, sorry to burst your constitutional bubble, but the constitution has been suspended as of March 4, 1933. Read it and weap-
    http://www.afcomm.com/afc/report.html [afcomm.com]
    Everyone needs to worry-
  • Ooh, Abbie Hoffman, a real revolutionary. Became some sort of Wall Street goon, IIRC. Yeah, the FBI violated people's civil rights, but who have they killed recently? Tell this claptrap to Noam Chomsky, for example, a pretty influential guy if you ask me. He, and many others like him, certainly aren't dead. He hasn't lost his position at MIT, and he's been agitating for over 30 years. The government does some pretty unpleaseant things in this country, but your spouting off on fiction does nothing to stop it.
  • What you fail to understand is that "Carnivore" is just another step in the direction of the type of government you left. Unfortunately the FBI has not shown a great deal of responsiblity in the use of wiretaps and similar invasion of privacy techniques in times past. In fact the simple act of making a post to /. may have brought you to their notice. When it comes politics, the FBI has no sense of humor or perspective.
  • There most certantly *IS* SSMTP. It's supported by the postfix+TLS patch. Most mailers don't include it because of legal issues RE: RSA and export restrictions.

    Port number, please. I don't find any secure version of SMTP in the ISI list of well-known ports.

  • Ooooo! Ouch.....good point!
  • *Few cases* where they've crossed the Line? What color is the sky on your planet?

    Let's look at the scoreboard, shall we?

    The FBI, under the control of J. Edgar Hoover, compiled dossiers on hundreds of thousands of American citizens who never committed any crime at all. The contents of those dossiers were used routinely to blackmail people that Hoover (in his sole opinion) considered "unamerican."

    Did you know that Hoover considered the move to integrate Major Leage Baseball a "communist plot?"

    Did you know that Hoover spent thousands of tax dollars on investigating Desi Arnaz, because he didn't like the way that "The Untouchables" glorified the secret service, a rival to his beloved FBI?

    Surely you're aware of the FBI's harassment of Martin Luther King, which included anonymous written demands that he commit suicide?

    How about the FBI handing over dossiers on hundreds of Bill Clinton's republican opponents to the White House staff, with NO legal justification to do so?

    Get real: The FBI occasionaly deigns to do its real job, when they can fit it in to their busy schedule of trying to clamp down on any serious dissent in the USA. Thank god for our courts.

    -jcr

  • There's dozens of Mom and Pa Internet shops that simply aren't going to do it

    But those are usually connected to a bigger carrier... And as carnivore sits on top of the hierarchy, they are targeted too... The only way to make sure no one scans your data would be a direct connection to a backbone, and even then it could run through some boxes like carnivore ... I don't think the USA is the only country usings such things...

    Just a though

    -Drunken Havoc

  • The internet is basically a US operation

    I think you're not up-to-date in this... The Internet might have been a US operation, but today its present in every country. Therefore, i don't think that the USA have the right to shut it off. Better get in touch with the rest of the world, lad.

  • See the CALEA web site, and you'll understand..

    No, no. That's the Commission on Accreditation for Law Enforcement Agencies. You want the Communications Assistance for Law Enforcement Act. They both have the same acronym.

    The United States Telephone Association has a CALEA Compliance Manual [usta.org] available. $35 to USTA members. $2000 to non-members.

    The FCC's CALEA page [fcc.gov] has links to the relevant regulations. That's a good place to start.

How many surrealists does it take to screw in a lightbulb? One to hold the giraffe and one to fill the bathtub with brightly colored power tools.

Working...