Re: FBI announcement on email search 'Carnivore'
On Wed, 12 Jul 2000, David Honig wrote: For $500/monthly you too can have a box in various NAPs. You can run your NIC in Bill Clinton mode, e.g., to measure certain things about traffic. I know of a corporation doing this (they are only interested in infrastructure traffic, not content). I find it difficult to believe that NAPs aren't using a switched architecture, which should make this sort of thing much more difficult (barring ARP tricks). -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)
Re: FBI announcement on email search 'Carnivore'
David Honig wrote: At 10:58 AM 7/12/00 -0400, Steven M. Bellovin wrote: There's been speculation about NSA black boxes in such facilities for years. The FBI, however, isn't quite as "above the law" as the NSA likes For $500/monthly you too can have a box in various NAPs. You can run your NIC in Bill Clinton mode, e.g., to measure certain things about traffic. I know of a corporation doing this (they are only interested in infrastructure traffic, not content). Dunno about you, but we use switches for colo - which rather defeats this plan, no? Cheers, Ben. -- http://www.apache-ssl.org/ben.html Coming to ApacheCon Europe 2000? http://apachecon.com/
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Wed, 12 Jul 2000, Jeffrey I. Schiller wrote: I suspect that the reason they would want Carnivore as opposed to looking at spool files is that it is less invasive then looking at spool files, isn't dependent on the technology choices made by the ISP and finally its operation is beyond the ISP's examination. Exactly. From what we're lead to believe, Carnivore discards all packets that aren't email, then discards all emails that aren't covered by the warrant. However, Carnivore must be monitoring *all* traffic in order to make those determinations. Therefore, the privacy of every individual and organization utilizing a network on which a Carnivore resides is being violated. "Here just connect this to your network and we'll take it from there." I have to admit, it is the simplest, easiest way to achieve the goal. I wonder how we find out more (FOIA), the descriptions I have heard so far (its a sniffer) seems a bit onerous. Big Brother at his best! Is someone filling a FOIA request for this? - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW1OvisFU3q6vVI9AQHhdgf+J4zmvXZxFX6V08czQZ+/HJ+5vvfGJ0o8 W3hwGHnulMdHxSsOuvl7WtWKuR5W3mbQHV4DcGrZx81gDshsfKfcEUtfAtXmCipI 34TD/2T1ydvTFdqCRw5TNU2KdCY3mUSFH6ucA0VS70OslWYNlK1clSuQeYD9lDm9 m6otwbizJpkcEC/OB8819kWVQ+v2y8zjUhQvyUdNtv424jp4MhU+E5xhzW0qT57j URI2vvSx9qJGT3rnO9wPFbUHeB4x70eHQDa+/rqvU+7bMhRxy/1MezAa4z5CWS3y 9FkrJo27S5lTDnS2SeH0bP49PXWhxV7Q93/H+cDLUi7J1/CEFZfleA== =GPFi -END PGP SIGNATURE-
RE: FBI announcement on email search 'Carnivore'
Jeffrey Schiller asked: I wonder how we find out more (FOIA), the descriptions I have heard so far (its a sniffer) seems a bit onerous. Big Brother at his best! At least one group I know of has filed a FOIA for details. Perhaps we'll get information in a few weeks. Or maybe they will just have to go to court. Stay tuned. Will Rodger Voice +1 703 558 3375 Technology Reporter Fax +1 703 558 3981 USATODAY.com http://tech.usatoday.com PGP 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62 application/ms-tnef
RE: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Wed, 12 Jul 2000, Rodger, William wrote: Meyer wrote: I guess this explains the FBI's opposition to the Verio merger. I wonder if a colocation company or service provider could be forced to disclose its participation in the Carnivore project. Not unless compelled by the government. Even if a prior court order was issued, mandating that they not disclose their cooporation with the FBI? There's been speculation about NSA black boxes in such facilities for years. The FBI, however, isn't quite as "above the law" as the NSA likes to think it is. What would the legality of operation a random email sniffer be? It wouldn't be. The FBI needs to show a judge that email is at least relevant to an investigation and, in most cases, there is probable cause to believe a crime has been commited -- random emails don't fit that description. The argument I foresee is that the Carnivore box is configured to discard all email and other traffic that does not apply to the investigation. However, who audits the configuration of these boxes? This is the question of who watches the watchers... Then again, when email is more than six months old, the law says a judge "shall" issue a court order for stored emails when subpoenaed by the government. Many observers consider such language a rubber stamp. Sure sounds like one to me. - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW1XtCsFU3q6vVI9AQH7Kwf9ESv+Q59lRPV25a0SzbcIBvCvjRiKtNJN XzLm9+G1aHxSFxlcexkFTplqV6tsrsATSFGUhpUFZNp7UFTTBiHPT7+ys0/M4+pw mmkWD1xa0hYMqU0+1RIVfu9Tif/7SuOjGA4IwfAoF8UbJ7AJR/z49sdRQ6tyzRX4 DYXxx826dIKQSW30TBWf7RNC8Be0qELm9u1KO7BCL2fH485met+j/HbBK/hximPU EJO30jL5R4u688FkqX9ukhwsK2x+97Swh4nepHULJ8da0pkE9c9ZA2XYQyPA2VtW 9xjF02WokA486miMy0Kx7iGntVymg4nu1bF1jrvweqlZqTxjGNxU8Q== =eeeG -END PGP SIGNATURE-
Re: FBI announcement on email search 'Carnivore'
I had posted a note saying that pen register usage in New York was barred by the courts unless a wiretap warrant had been issued. I need to update that posting. First, that opinion was rendered in People vs. Bialostok, 80 NY2d 738, http://www.law.cornell.edu/cgi-bin/nyctap.cgi?80+738 But it is no longer in force. In People vs. Martello, 99 N.Y. Int. 0113, http://www.law.cornell.edu/ny/ctap/I99_0113.htm, the Court noted that subsequent to the events in the earlier case, the legislature passed a law specifically defining pen registers and providing for their use. The earlier ban is thus no longer in effect. Furthermore, since they had made their decision on statutory grounds, rather than constitutional grounds, the legislature was free to change the procedures required. So -- I doubt that that case would have any bearing on any Federal lawsuit. --Steve Bellovin
FYI: Intelectual property discussion on AES
FYI: Discussion on patent-news about Intellectual property and how AES free-use is probably not guarantee-able. --- From: Gregory Aharonian [[EMAIL PROTECTED]] To: [EMAIL PROTECTED] Subject: PATNEWS: NIST threatens antitrust against potential crypto patent moochers !2713 NIST threatens antitrust against potential crypto patent moochers But first, I have decided to file an opposition to the trademark application for the phrase "patent busters". I just mailed off a request for an extension in time to file a formal opposition request. Once I get back a copy of my extension request, I will send it out over PATNEWS, plus a rough draft of my opposition request that a trademark lawyer prepared for me. Stay tuned. The National Institute of Standards and Technology is overseeing an effort to develop a new encryption standard. With some wise forethought, NIST is making sure as few patent games as possible are played with the new standard, even going to the extent to threaten antitrust against anyone who tries asserting their patent against users of the new AES standard, if the patent assignee didn't inform NIST during the development of the standard. While I can applaud NIST for being proactive, can they actually carry out their threat, especially against someone not participating in the development of the standard? I can imagine someone with some encryption patent application pending, watching what is going on and drafting some revised claims (or do a continuation) to cover the final candidates for the standard. Submarining maybe obnoxious to some, but it is not illegal in the IP world which has always had some builtin insurance against claims of antitrust. Anyways, what follows is a discussion from an open source discussion list, followed by information from the NIST Web page on AES. Greg Aharonian Internet Patent News Service Mentioning Dan Bernstein, does anyone know the license that twofish will be under? I think Bernstein was one of the orginal authors. Note also that licensing of an algorithm (generally addressed by patent) is distinct from licensing of an implementation of the algorithm as a computer program (copyright). Different implementations could be licensed under different licenses -- in fact, the same implementation could be licensed by the original author under different licenses. "Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses." http://www.counterpane.com/twofish.html Twofish is a (the?) leading contestant for the Advanced Encryption Standard (AES) to be chosen by NIST. Their web site is interesting reading, especially this: SPECIAL NOTE - Intellectual Property NIST reminds all interested parties that the adoption of AES is being conducted as an open standards-setting activity. Specifically, NIST has requested that all interested parties identify to NIST any patents or inventions that may be required for the use of AES. NIST hereby gives public notice that it may seek redress under the antitrust laws of the United States against any party in the future who might seek to exercise patent rights against any user of AES that have not been disclosed to NIST in response to this request for information. That's bureaucrat speak-for "if you try that submarine patent shit on us you will be eating powdered mashed potatoes in Marion, Illinois for the rest of your natural-born life." -= Advanced Encryption Standard (AES) Development Effort =- Advanced Encryption Standard (AES) Development Effort This page can now be reached via http://www.nist.gov/aes/ Recent Announcements May 15, 2000 - NSA's final report on hardware evaluations of the five finalists is now available. May 11, 2000 - An electronic version of the AES3 Proceedings is now available. April 28, 2000 - The AES3 feedback form summary has been updated to include all of the comments provided on the forms. SPECIAL NOTE - Intellectual Property NIST reminds all interested parties that the adoption of AES is being conducted as an open standards-setting activity. Specifically, NIST has requested that all interested parties identify to NIST any patents or inventions that may be required for the use of AES. NIST hereby gives public notice that it may seek redress under the antitrust laws of the United States against any party in the future who might seek to exercise patent rights against any user