Today, Ken D'Ambrosio gleaned this insight:
Somewhat out of order, but:
> P.P.S. The only reason I sent this to the list was because yours was the
> second such e-mail I've responded to, and I've deleted out-of-hand the
> vast majority of e-mails with this subject line. If anyone wishes to
> argue with me further about this, please do so directly, so that we
> needn't spam the members of the list who wish, gad-zooks, to read about
> Linux, and not potential infringements of civil liberties.
This is a discussion list, and these types of issues, while not directly
related to Linux, are of interest to Linux users and potentially impacting
ALL of us, so I for one don't think this discussion is misplaced on this
list. Particularly when recent discussions, both on and off this list,
revolve around the open-source community's willingness and even eagerness
to subvert the system. As such it's quite relevant. I find such
assertions by the media quite disgusting. There may well be certain
members of the open-source community who feel this way, but I for one
prefer to work within the law, and I suspect most here do.
Also, suggesting that you take this discussion off-list rather defeats
your purpose for posting on the list, doesn't it? As I said, this is a
discussion list, and generally the purpose is to encourage discussion
about topics relevant to Linux, but perhaps more accurately relevant to
the people who post and read here.
> > These reasons have never stopped the government before.
> > The USPS has laid claim to many things, including "mail" openings in our
> > own homes. The infrastructure to support an email surcharge would suit
> > the needs of the FBI's carnivore program very well. If the open source
> > community "subverted" this, we would all become criminals.
> > Microsoft, among others, would love that.
>
> You know, I wasn't even going to bother to respond to this, but you bring
> up issues that I feel need to be addressed. There is a fine line between
> common-sense caution in trusting authority, and paranoia. Frankly, I
> think that you've crossed it. First and foremost, carnivore is intended
> to stop (or, rather, track) DDoS attacks
Actually you're mistaken here. I sat and watched the Senate oversight
committee hearings on C-SPAN and listened for hours to an assistant
director of the FBI (or some such title, can't recall his name at all),
and a small panel of his buddies talk about what carnivore does, and the
bulk of it is to filter and record e-mail headers. It is used as a tool
to help the FBI gather relevant information to an ongoing criminal
investigation, and can gather information regarding who an e-mail is from
and to, as well as grabbing entire e-mails with content considered
relevant to the investigation.
Also worthy of note is that while the latter behavior is subject to the
same type of criteria review that a wire tap is, the former type of
behavior, monitoring only your e-mail headers, DOES NOT REQUIRE PROBABLE
CAUSE OR THE ISSUE OF A SEARCH WARRANT. This was likened to obtaining
records of who you called and who called you, which the FBI also can do
without a warrant. They only need to convince a judge that the
information will be used in an unspecified ongoing criminal investigation.
The theory is that since they are not looking at content, they have not
unduly invaded your privacy and are only obtaining information about
"public" transactions, and do not need a search warrant for this... since
a third party was involved (the phone company, or your ISP) the
information regarding the whos and whens of the conversation is considered
not private. Sounds like BS to me, and I'm still pissed.
I'm not just making this up... I'm recounting the telling of it by one of
the FBI's own, to a Congressional committe, as seen on C-SPAN. I can't
watch C-SPAN very often, because it generally makes me very angry.
-- e-mail is a *VERY* different
> creature, and propagated in very different ways. (Well, it goes over a
> TCP stream, right? Not necessarily. It is all SMTP RFC compliant,
> right? Well, no. Etc.)
I'm not sure what your point is here...
> Second, attempting to monitor e-mail would make the hue and cry over
> the CDA look like a kindergarten scuffle.
Well, that's what the FBI is doing with carnivore, and the NSA has been
doing it for years. NSA can get away with it because technically they are
not a law enforcement agency, and they are acting "in the public interest
and for the security of the nation, but they often share information they
glean with other agencies via "anonymous tips" which if you ask me
ammounts to illegal search.
The FBI wants a more direct route; hence carnivore. The theory is that
when it's installed, it is installed in a specific way which prevents the
FBI from being able to monitor and record e-mail addresses and URLs in the
headers of e-mail, if that is the sort of activity that has been approved.
I can see all sorts of opportunity for abuses (most of which were raised
by the opposing panel) such as:
* how do WE know the software does what FBI says it does?
* how do we know the software will only do what they say it will after
they install it?
* how do we know they will only look at the information they say they
will be looking at?
* even if most FBI agents are honest, what's to prevent some from
installing a "rogue" version of the software that sends them copies of
every e-mail it looks at?
* assuming this is possible, what's to prevent such an agent from using
the software to monitor private e-mail for personal gain?
* etc.
The bottom line is when this software is installed in some ISP in the
field, we have no way to know that the FBI is not monitoring any and all
of our "private"* e-mail for any reason at all.
> Third, the OS community doesn't need to "subvert" it -- it's subverted
> by the very nature of this distributed thing called the Internet: can
> you run Sendmail on your box? Of course! Is there a deterministic
> way to trace traffic? No!
Of course there is. The spooks have been doing it for years. If they
suspect you, they can install sniffing software at your ISP to monitor
your connection until they get enough information to hang you. And if
you're violating the law, they WILL hang you.
> All of this (and much more) makes it fantastically difficult to
> implement anything as paranoid as the government attempting to
> implement e-mail tarriffs.
I have to disagree. It can be enforced at the ISP, and anyone whose
e-mail "pattern" seems "unusual" can have their connection monitored for
violations. And if the government gets it in their head that they want
this, good luck preventing them. Just look at the war on drugs. The
penalty for first time drug offenders is often worse than for violent sex
offendors, burglers, car theives, etc. for a crime that essentially hurts
no one, except perhaps the offenders themselves. I'm not advocating the
use or sale of drugs, but there's definitely an imbalance here.
> And, frankly, a law that can't, or won't, be enforced suddenly
> becomes meaningless. (Just ask all the people I see who change lanes
> without using their blinkers,
I've got a lot to say about this one too, but it's really out of place on
this list, so I'll refrain.
> that have become anachronisms, but never revoked.) If you believe
> that we're already in enough of a police state that this irrelevent, I
> suggest you contemplate moving, instead of complaining.
I don't WANT to move... I just want my government to behave
themselves. 200 years ago this country was founded to get away from this
type of shit... we shouldn't have to be dealing with it again after such a
short period of time.
> government GAVE AWAY the Internet after (*gasp*) using our tax dollars
> to jumpstart it.
That's an easy one... they never had any idea it would become what it has
become; until very recently, the Internet was only for propellorheads. If
they did have an idea, they'd have held onto it until they could figure
out how best to tax it, like they do everything else. I think the only
thing that is stopping them now is they aren't able to justify it, since
the internet isn't costing them anything and is run entirely by private
companies.
> should always, IMHO, be held under suspicion, but that doesn't mean
> it's inherently evil, or inherently out to get us
No, but it doesn't mean that it isn't true either... :) Actually I can't
blame law enforcement agencies TOO much for the way they behave... their
goal is to protect the citizenry from harm, both from internal and
(especially) external sources. Their collective "heart" is in the right
place, for the most part, though there will be exceptions and bad cops.
I think the problem is that the longer you spend in this role, the more
paranoid you become (just like sysadmins and especially security
admins!) and these guys have had LOTS of time to get paranoid. They're as
guilty as we are at jumping at shadows, and THAT'S what the founding
fathers wanted to avoid. Please don't tell me you've never heard of
real cases with ridiculous charges. It DOES happen, and it
shouldn't. Ever.
--
You know that everytime I try to go where I really want to be,
It's already where I am, cuz I'm already there...
---------------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
---------------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
