-Caveat Lector- http://www.stopcarnivore.org/threeproblems.htm
The Backdoor, the Rogue Agent, and the Mishap: the Hidden Dangers of Carnivore Introduction Most of the discussion about the F.B.I. spy tool Carnivore has focused on the 4th Amendment. By its nature, Carnivore violates the 4th Amendment, but many people have seemed willing to overlook that, especially in recent weeks, as long as it will make them safer. This paper is written for the people who believe the "4th Amendment argument" is not sufficient to justify prohibiting Carnivore. Make no mistake, we at StopCarnivore.org still firmly hold that Carnivore is in clear and disturbing violation of the 4th Amendment, but there are clearly those who believe that is not a good enough reason to prevent its use. This paper is intended to provide convincing reasons, beyond the 4th Amendment argument, why Carnivore is a law enforcement tool that we all should reject. This paper is also designed to provide a response to those who say, "If you're not doing anything wrong, you don't have anything to worry about." The following are things that affect everyone, innocent people included. The three primary dangers of Carnivore to innocent people can be called the Backdoor problem, the Rogue Agent problem, and the Mishap problem. The Backdoor problem The Backdoor problem is probably the most serious of the three problems. When installed, Carnivore provides a very high level of access to the data pipeline which it monitors. F.B.I. documents and the IIRTI "independent" study of Carnivore show that the system can be accessed by a username/password combo. In IIRTI's own words, "any action taken by the Carnivore system could have been directed by anyone knowing the Administrator password. It is impossible to trace the actions to specific individuals." There is no question that there are hackers and computer experts who can break into "secure" computer networks. The Air Force, the Pentagon, and many other high-profile government and corporate web servers have been hacked into in the past. Carnivore provides hackers, and those that fund them, with a new and very fruitful target. Currently, Internet Service Provider (ISPs) take efforts to maintain the security of their networks from outside invasion or manipulation. Unfortunately, Carnivore obviates those security measures, and takes the data out of the ISP's control. In order to have the access that it has, Carnivore must, by design, bypass all of the ISP's security measures, which would otherwise block such efforts by and outside entity to spy on the ISP's users. In order to function, Carnivore must be allowed full access to the data pipeline. Unfortunately, this opens up a backdoor into the network, and ISP's are powerless to protect it. If someone with untoward motives were to gain control of a Carnivore installation, they would have full, unrestricted access to all of the data coming through that particular pipeline. This means they could do anything from spying on people, to accessing their computers, to shutting down websites, company servers, and so on. They could pass on a computer virus to thousands of people at once, or just stop e-mail access for thousands of people at once. They could access identity information, bank information, credit card information, etc. And all of this presumably without being detected by the ISP's security systems. Very little has been said about how Carnivore could weaken the security of the Internet, but it is a very real threat. How long will it be before hackers and others figure out how to find Carnivore and then hack into it? It's only a matter of time. Then, all of the access that we have granted to the F.B.I. will be in the wrong hands, and it won't be limited to just accessing one or two accounts, because that's not how Carnivore is designed. Carnivore is designed to have total access to the whole data pipeline, and unfortunately, it isn't designed to be very secure. We won't belabor the various nightmare scenarios that could come about due to this flaw in Carnivore, but we shouldn't need to. The F.B.I. would very much like it if Carnivore was installed everywhere, giving them immediate access to all U.S. Internet traffic. But they have failed to mention how easily that access could be taken over by people with ill intent, or the obvious security problems that such a takeover would raise. The Rogue Agent problem One bad apple can spoil the bunch, as they say. As easy as it would seem to be for hackers and terrorists to gain access to Carnivore, it is many degrees easier for a federal agent to do so. The story of Robert Hannsen, the F.B.I. agent who was spying for the U.S.S.R. and Russia for so many years, is widely known. Of course, he operated in the days before Carnivore existed, and he was stealing secrets the "old fashioned way": by taking papers and selling them. What could a rogue agent do with access to Carnivore? Basically, anything he or she wanted to. If Carnivore is scanning a server that hosts a bank, the rogue agent can access bank files. The rogue agent could intercept and even alter e-mails or websites, could commit damaging acts, could commit corporate espionage, and so on. Instead of having to steal papers, the rogue agent powered by Carnivore can simply load the info onto a disk, or even e-mail it to his or her cohorts, and then cover up his or her tracks, using Carnivore to do so. A recent investigation in Michigan uncovered a long history of abuse by State Troopers of the state Law Enforcement Investigation Network, a police database. Officers used the database as a tool to meet women, settle scores, and torment motorists. It would be naive to believe that other states don't suffer from similar misuses of such information—and it would be equally naive to believe there are no agents in the federal police forces who would commit similar acts. One bad apple indeed can spoil the whole barrel, and if one rogue F.B.I. agent misuses Carnivore to harm or threaten an innocent person, or as a tool for industrial or governmental espionage, then it will spoil the whole benefit of using it in the first place. With the current design of Carnivore, and the aims to make its use widespread, it is sensible to believe that misuse and abuse of the system by unsavory elements on the "inside" will occur. To what degree, we don't know- and we may never know, given the IIRTI's assessment that it is impossible to discover who has done what with Carnivore. The Mishap problem The F.B.I. is well-known for its mishaps, mis-steps, and questionable tactics, and these are worth noting as we look at Carnivore as well. As noted above, Carnivore is placed at a very central part of whatever network it is installed at, and all the data at that location flows through it. If something goes wrong in a carnivore installation, it could interfere with a substantial portion of the Internet. Indeed, Carnivore has been at the root of at least one network mishap already. Back in 1999, the F.B.I. forced Earthlink to install Carnivore on one of their network nodes, even after Earthlink went to court to protest the order. In order to install Carnivore, the tech people at Earthlink had to install a different operating system. At a point late in the Carnivore installation, that portion of their network had serious problems, and their customer's access was adversely affected. As a result, Earthlink removed Carnivore from their system, and negotiated an arrangement with the F.B.I. that would prohibit future use of Carnivore on Earthlink's network. There may be other instances of Carnivore disrupting service in other installations, but no information has been released about any of the other cases in which Carnivore has been used. This issue becomes particularly relevant in light of the news that the F.B.I. is seeking to install Carnivore on the bigger network hubs—introducing the potential for Carnivore to be scanning hundreds of thousands of people's data. Or, to disrupt those people's data, if something in Carnivore interferes with the network. Carnivore unfortunately takes ultimate control out of the hands of Internet Providers, and puts it in the hands of less technically savvy people, whose primary motivation is not providing secure Internet connectivity, but instead is surveillance and investigation. We at StopCarnivore.org wouldn't be at all surprised if we come to find out about a number of instances where Carnivore has caused a disruption in service or security for the customers of various ISPs. With a more widespread deployment of Carnivore, such as the Department of Justice seeks, the likelihood of such interruptions and problems will increase substantially. Conclusion Carnivore goes too far, and that fact has implications well beyond the 4th Amendment argument. We say again: Make no mistake, we at StopCarnivore.org still firmly hold that Carnivore is in clear and disturbing violation of the 4th Amendment. For those who don't feel that the 4th Amendment argument is convincing enough, then we offer three other significant reasons why Carnivore is a dangerous and unworthy law enforcement tool. It goes too far, and in going too far it weakens the Internet itself, increasing our vulnerability to cyber-attack, espionage, identity theft, and accidental disruption of service. If the F.B.I. insists on tapping the Internet, they simply need to find a better tool to do it with. They developed Carnivore with little or no oversight, and they did a poor job at it, designing a system which puts the needs of law enforcement ahead of security concerns, privacy issues, and civil liberties. The system is simply not workable within the American way of life, and even those who are willing to discard their constitutional rights should be able to see its frightening flaws. ===== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://serendipity.magnet.ch/wtc.html __________________________________________________ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com <A HREF="http://www.ctrl.org/";>www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/";>ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
