Re: FBI announcement on email search 'Carnivore'
At 10:27 PM 7/16/00 +0100, Ben Laurie wrote: >Lucky Green wrote: >> In >> particular, the "black box" monitoring device installed at the ISP level >> appears to be in the process of becoming the implementation of choice. >> Pioneered by Russia, this design has rapidly been adopted by the UK, and now >> is used in the US. > >This may be a nit, but there are those of us who hope it is a nit of >significance: unlike Russia or the US, the black box monitoring device >is still a twinkle in the eye of the spooks in the UK. RIP is not yet >law, and when and if it is, it may not include provision for such a box. Yes, but now that the US has legalized export of crypto hardware to EU and other friendly governments, they can have 10 of them there overnight :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Sun, 16 Jul 2000, Ben Laurie wrote: > Lucky Green wrote: > > In > > particular, the "black box" monitoring device installed at the ISP level > > appears to be in the process of becoming the implementation of choice. > > Pioneered by Russia, this design has rapidly been adopted by the UK, and now > > is used in the US. > > This may be a nit, but there are those of us who hope it is a nit of > significance: unlike Russia or the US, the black box monitoring device > is still a twinkle in the eye of the spooks in the UK. RIP is not yet > law, and when and if it is, it may not include provision for such a box. Note that there *are* no express provisions for this black box in the US, and in fact there are many laws that would lead people like me to believe it is probably illegal. So the current status of the RIP bill may not be relevant to the existance of black boxes on the UK Internet. - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOXOnxisFU3q6vVI9AQF4Dgf+LpUKB/3u2/k8oK6A+vS2NUWk4ZElB3Bc bLr75F2Eu5HALPw1ern51zVMMJdLEznNrSnanuinBbcSeqNSR4L+Tnms0S4pAVcP uf00SEySIhjWI20L2f6oXc/Z8VfK2UolQ4GjFUtoFPAqzYC3NQih9bPAyNAbYIoi aTegNO5iwu0IR2j0TAGcSKKtKkVSdmh/CsguPVoRuVyJr3EcRzbPIE7vqQ/mO86E Dz759pILeSdHn7mipm0BSREk1/Y2UEWx93A8pFJitvp7iU4m6ZErsrJXTIVXR0w5 07ofJQgXEjMh7oT1IJcHAga2J6SywhO6+bp4BHuzF7JvzenEOLkXIA== =4dI6 -END PGP SIGNATURE-
RE: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Sun, 16 Jul 2000, Lucky Green wrote: > Only time will tell. And it may be long time, indeed. The FBI is some 5 > years behind in some of their FOIA responses. That renders the FOIA almost totally useless in cases like this... > Still, I disclosure of the Carnivore code is not the most interesting issue > here. Carnivore represents just one of many indicators of a much larger > global trend. While the implementation details vary from country to country, > law enforcement is moving to active monitoring of Internet communications > closer to the targets of interest, but not at the target level. In > particular, the "black box" monitoring device installed at the ISP level > appears to be in the process of becoming the implementation of choice. > Pioneered by Russia, this design has rapidly been adopted by the UK, and now > is used in the US. Sure. But I'd still like to get my hands on one of these boxes, and see exactly what they do. I am convinced that the potential abilities of a Carnivore box are far greater than the legal abilities. > There are sound engineering reasons why this design is so popular: unlike a > wiretap order to copy all the emails of a particular interception target, > the black box does not require per-message cooperation from the ISP's staff. Right, because it can simply gobble up *everything*, with the simple reassurance that the box will not monitor innocent commnications. > This is of importance, since this cooperation cannot and is not assumed. In the US, it should be. That's why we have a legal system. The ISP should have the ability to know exactly how its network is being used. > The lesson here is simple: encrypt your emails and other private > communications. Tell that to my ex-wife. You and I have been using encryption for years... but until we get a decent, AOL-style S/MIME or PGP implementation that is totally transparent to the user, you might as well say this: The lesson here is simple: don't say in email or any other communication that which you wish to be private. - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOXOnUCsFU3q6vVI9AQFh4wgAqHVhr1kCqKmQ+T7fsMP9OJEAk7hQR/lf hEWlWPPSAEv3besjw2937yZehiYjisqTQ6lxMWA1GmNJmvvbwGhE3E34yC3uWgiL zErXI0YIYbyCSuR7/0h6B9cg6T5BS7QiZ5hQ4fRlPBHNjkueaGgcXaceE8kRHjZt RWOMR0TXutKEoOGutkoD/lk+c9Pjpf9wS96C7wZacrEy94+sxxMpfXqRX/UIuvbC Km2q2EveJ0tFfqVamsIMjrNFKGGcSb1XLaVs3AglIKf2e3PUeci6iuK5dIWI0OzE E8qpdhmaVQ40Szhu3IN9ACbLh/Uit5/1rA5o15zwiyIeeG3um9vT4g== =fScr -END PGP SIGNATURE-
Re: FBI announcement on email search 'Carnivore'
Lucky Green wrote: > In > particular, the "black box" monitoring device installed at the ISP level > appears to be in the process of becoming the implementation of choice. > Pioneered by Russia, this design has rapidly been adopted by the UK, and now > is used in the US. This may be a nit, but there are those of us who hope it is a nit of significance: unlike Russia or the US, the black box monitoring device is still a twinkle in the eye of the spooks in the UK. RIP is not yet law, and when and if it is, it may not include provision for such a box. > Few designs require less day-to-day > involvement by the ISP than hooking a black box sniffer to the ISP's > internal network. Except that most large ISPs have an infrastructure that does not lend itself nicely to such a simple-minded attack (except, probably, for email traffic handled by their own mail servers - which may, perversely, be a good thing). Cheers, Ben. -- http://www.apache-ssl.org/ben.html Coming to ApacheCon Europe 2000? http://apachecon.com/
RE: FBI announcement on email search 'Carnivore'
Meyer wrote about the pending FOIA for Carnivore: >Additionally, I don't believe the source is available, and I would doubt >the FBI would have the source for it. But, assuming that a) this is the >same product that the FBI is using, and b) they were given the source >under the agreement that it not be disclosed, could the FOIA force the >disclosure of this code? Only time will tell. And it may be long time, indeed. The FBI is some 5 years behind in some of their FOIA responses. Still, I disclosure of the Carnivore code is not the most interesting issue here. Carnivore represents just one of many indicators of a much larger global trend. While the implementation details vary from country to country, law enforcement is moving to active monitoring of Internet communications closer to the targets of interest, but not at the target level. In particular, the "black box" monitoring device installed at the ISP level appears to be in the process of becoming the implementation of choice. Pioneered by Russia, this design has rapidly been adopted by the UK, and now is used in the US. There are sound engineering reasons why this design is so popular: unlike a wiretap order to copy all the emails of a particular interception target, the black box does not require per-message cooperation from the ISP's staff. This is of importance, since this cooperation cannot and is not assumed. C.f. the proposals floating around in some European countries to in the future require network administrators to obtain security clearances to increase the likelihood of thorough compliance with wiretap orders. An interception technology design that reduces the level of active participation the ISP has to play in the intercepts is more reliable and cheaper to all parties involved. Few designs require less day-to-day involvement by the ISP than hooking a black box sniffer to the ISP's internal network. The lesson here is simple: encrypt your emails and other private communications. --Lucky Green <[EMAIL PROTECTED]> "Anytime you decrypt: that's against the law". Jack Valenti, President, Motion Picture Association of America in a sworn deposition, 2000-06-06
Re: FBI announcement on email search 'Carnivore'
In message <[EMAIL PROTECTED]>, Meyer Wolfs heim writes: >-BEGIN PGP SIGNED MESSAGE- > >On Fri, 14 Jul 2000, Steven M. Bellovin wrote: > >> According to the AP, the ACLU has filed a Freedom of Information Act >> request for information on Carnivore. See http://www.aclu.org/news/2000/n07 >1400a.html >> and http://www.nytimes.com/aponline/w/AP-FBI-Snooping.html > >I notice in this article that one of their programs is >"EtherPeek". Assuming this is the same as the well known ethernet sniffer, >you don't need to file for FOIA to learn about it. > >http://www.aggroup.com/ > >Additionally, I don't believe the source is available, and I would doubt >the FBI would have the source for it. But, assuming that a) this is the >same product that the FBI is using, and b) they were given the source >under the agreement that it not be disclosed, could the FOIA force the >disclosure of this code? Probably not. I was trying to avoid quoting the whole NY Times article; if you don't subscribe to the Times, you can find the same article (I think) at http://www.accesswaco.com/shared/news/ap/ap_story.html/Washington/AP.V0971.AP-FBI-Snooping.html Anyway -- according to the story, there are a number of exemptions in the Freedom of Information Act that might prevent disclosure of the source code. But the FOIA request was also for any internal FBI documents on the subject; those are much less likely to be protected by the exemptions. --Steve Bellovin
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Fri, 14 Jul 2000, Steven M. Bellovin wrote: > According to the AP, the ACLU has filed a Freedom of Information Act > request for information on Carnivore. See >http://www.aclu.org/news/2000/n071400a.html > and http://www.nytimes.com/aponline/w/AP-FBI-Snooping.html I notice in this article that one of their programs is "EtherPeek". Assuming this is the same as the well known ethernet sniffer, you don't need to file for FOIA to learn about it. http://www.aggroup.com/ Additionally, I don't believe the source is available, and I would doubt the FBI would have the source for it. But, assuming that a) this is the same product that the FBI is using, and b) they were given the source under the agreement that it not be disclosed, could the FOIA force the disclosure of this code? - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW/ByisFU3q6vVI9AQFqnggAr0AQMkGPLBF1pMbTazizIB36GLQlU/ie BAsVZZUQ/06ioQc8mDB5QyUHBusnwNt7fv81Up/EKs5aS03sZJ1Ti6iIaMAg61yo fHsKF5aQiQxjZ1ow296LoePjKtbS2NVh+d8gsGmSWBqPV/go3Su1QYERgsWi4kaK 8AXMUsO0IS7/44Kj7rvzsK8aBQ7GxxzVm+4E2lOpcy7CU9R92T/EhHf7nUMKI9k6 mxsYGR0xJG06l/fdqxVPgud1UEHcdTdEBZjjrGN3HNV0Fcf1U0XAkGJRN5Cfb7SV jBqGN9fCgaxohNiu/CSQIgKZbNsect2TmrfEek+lNvFrSL1rhP/gZw== =2o8m -END PGP SIGNATURE-
Re: FBI announcement on email search 'Carnivore'
According to the AP, the ACLU has filed a Freedom of Information Act request for information on Carnivore. See http://www.aclu.org/news/2000/n071400a.html and http://www.nytimes.com/aponline/w/AP-FBI-Snooping.html --Steve Bellovin
Re: FBI announcement on email search 'Carnivore'
I had posted a note saying that pen register usage in New York was barred by the courts unless a wiretap warrant had been issued. I need to update that posting. First, that opinion was rendered in People vs. Bialostok, 80 NY2d 738, http://www.law.cornell.edu/cgi-bin/nyctap.cgi?80+738 But it is no longer in force. In People vs. Martello, 99 N.Y. Int. 0113, http://www.law.cornell.edu/ny/ctap/I99_0113.htm, the Court noted that subsequent to the events in the earlier case, the legislature passed a law specifically defining pen registers and providing for their use. The earlier ban is thus no longer in effect. Furthermore, since they had made their decision on statutory grounds, rather than constitutional grounds, the legislature was free to change the procedures required. So -- I doubt that that case would have any bearing on any Federal lawsuit. --Steve Bellovin
RE: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Wed, 12 Jul 2000, Rodger, William wrote: > Meyer wrote: > > > > I guess this explains the FBI's opposition to the Verio > > merger. I wonder > > if a colocation company or service provider could be forced > > to disclose > > its participation in the Carnivore project. > > Not unless compelled by the government. Even if a prior court order was issued, mandating that they not disclose their cooporation with the FBI? > > There's been speculation about NSA black boxes in such facilities for > > years. The FBI, however, isn't quite as "above the law" as > > the NSA likes > > to think it is. What would the legality of operation a random email > > sniffer be? > > It wouldn't be. The FBI needs to show a judge that email is at least > relevant to an investigation and, in most cases, there is probable cause to > believe a crime has been commited -- random emails don't fit that > description. The argument I foresee is that the Carnivore box is configured to discard all email and other traffic that does not apply to the investigation. However, who audits the configuration of these boxes? This is the question of who watches the watchers... > Then again, when email is more than six months old, the law says a judge > "shall" issue a court order for stored emails when subpoenaed by the > government. Many observers consider such language a rubber stamp. Sure sounds like one to me. - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW1XtCsFU3q6vVI9AQH7Kwf9ESv+Q59lRPV25a0SzbcIBvCvjRiKtNJN XzLm9+G1aHxSFxlcexkFTplqV6tsrsATSFGUhpUFZNp7UFTTBiHPT7+ys0/M4+pw mmkWD1xa0hYMqU0+1RIVfu9Tif/7SuOjGA4IwfAoF8UbJ7AJR/z49sdRQ6tyzRX4 DYXxx826dIKQSW30TBWf7RNC8Be0qELm9u1KO7BCL2fH485met+j/HbBK/hximPU EJO30jL5R4u688FkqX9ukhwsK2x+97Swh4nepHULJ8da0pkE9c9ZA2XYQyPA2VtW 9xjF02WokA486miMy0Kx7iGntVymg4nu1bF1jrvweqlZqTxjGNxU8Q== =eeeG -END PGP SIGNATURE-
RE: FBI announcement on email search 'Carnivore'
Jeffrey Schiller asked: > > I wonder how we find out more (FOIA), the descriptions I have heard so > far (its a sniffer) seems a bit onerous. Big Brother at his best! At least one group I know of has filed a FOIA for details. Perhaps we'll get information in a few weeks. Or maybe they will just have to go to court. Stay tuned. Will Rodger Voice +1 703 558 3375 Technology Reporter Fax +1 703 558 3981 USATODAY.com http://tech.usatoday.com PGP 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62 > application/ms-tnef
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Wed, 12 Jul 2000, Jeffrey I. Schiller wrote: > I suspect that the reason they would want Carnivore as opposed to > looking at spool files is that it is less invasive then looking at spool > files, isn't dependent on the technology choices made by the ISP and > finally its operation is beyond the ISP's examination. Exactly. From what we're lead to believe, Carnivore discards all packets that aren't email, then discards all emails that aren't covered by the warrant. However, Carnivore must be monitoring *all* traffic in order to make those determinations. Therefore, the privacy of every individual and organization utilizing a network on which a Carnivore resides is being violated. > "Here just connect this to your network and we'll take it from there." I have to admit, it is the simplest, easiest way to achieve the goal. > I wonder how we find out more (FOIA), the descriptions I have heard so > far (its a sniffer) seems a bit onerous. Big Brother at his best! Is someone filling a FOIA request for this? - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW1OvisFU3q6vVI9AQHhdgf+J4zmvXZxFX6V08czQZ+/HJ+5vvfGJ0o8 W3hwGHnulMdHxSsOuvl7WtWKuR5W3mbQHV4DcGrZx81gDshsfKfcEUtfAtXmCipI 34TD/2T1ydvTFdqCRw5TNU2KdCY3mUSFH6ucA0VS70OslWYNlK1clSuQeYD9lDm9 m6otwbizJpkcEC/OB8819kWVQ+v2y8zjUhQvyUdNtv424jp4MhU+E5xhzW0qT57j URI2vvSx9qJGT3rnO9wPFbUHeB4x70eHQDa+/rqvU+7bMhRxy/1MezAa4z5CWS3y 9FkrJo27S5lTDnS2SeH0bP49PXWhxV7Q93/H+cDLUi7J1/CEFZfleA== =GPFi -END PGP SIGNATURE-
Re: FBI announcement on email search 'Carnivore'
David Honig wrote: > > At 10:58 AM 7/12/00 -0400, Steven M. Bellovin wrote: > >>There's been speculation about NSA black boxes in such facilities for > >>years. The FBI, however, isn't quite as "above the law" as the NSA likes > > For $500/monthly you too can have a box in various NAPs. You can > run your NIC in Bill Clinton mode, e.g., to measure certain > things about traffic. I know of a corporation doing this (they > are only interested in infrastructure traffic, not content). Dunno about you, but we use switches for colo - which rather defeats this plan, no? Cheers, Ben. -- http://www.apache-ssl.org/ben.html Coming to ApacheCon Europe 2000? http://apachecon.com/
Re: FBI announcement on email search 'Carnivore'
On Wed, 12 Jul 2000, David Honig wrote: > For $500/monthly you too can have a box in various NAPs. You can > run your NIC in Bill Clinton mode, e.g., to measure certain > things about traffic. I know of a corporation doing this (they > are only interested in infrastructure traffic, not content). I find it difficult to believe that NAPs aren't using a switched architecture, which should make this sort of thing much more difficult (barring ARP tricks). -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On 12 Jul 2000, Marc Horowitz wrote: > In the case of monitoring an individual's email, it would be > sufficient to monitor their spool file on whatever ISP mail server > stores their mail. The spool file only contains one person's email, > and only the ISP needs to know. This does not put the privacy of any > other user's email at risk. You are quite correct, and this is how everyone has always assumed the FBI went about monitoring suspects' email communications (Prior to Carnivore.) However, that would clearly not require a specialized black box system to be placed at the ISP's facility. I think it is clear that something much more devious is occuring here. > There are exceptions. Large companies maintain their own email > servers, so there is no independent ISP to cooperate with the FBI. > However, the same problem exists with large company's phone lines. A > company with 1000 phones does not have an individual phone line > dedicated to each phone, in fact there is no direct correlation > between phones and incoming or outgoing lines. Wiretaps must have run > into this issue, and this would seem to be good precedent for the > leased lines which carry a large company's email (and web, IM, and > all other) traffic. And then the argument presented by Paul D. Robertson would hold up. The only sure-fire way to obtain a suspect's commications is to monitor it on the network level. It is easier to isolate a phone conversation than an email conversation... > Finally, there are sophisticated individuals which also run their own > email systems. In these cases, I suspect wiretapping the entire > connection for that individual would fall within the scope of a > wiretap, since only a single individual would be targetted. (It might > take a few overturned cases before they learn to write the warrants > correctly.) > > In general, I can't see why the FBI needs tools like Carnivore to tap > email. The store-and-forward nature of email means there's a place > you can go to find the email, and the structure of most email systems > means there's a place which contains only the email for that user. They need such a device so they can conduct illegial email monitoring under the guise of legitimate surveilance. Yes, I am a little cynical. Yes, I have good reason to be. - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW1MmCsFU3q6vVI9AQFsegf7BwT9uC8fEzENKfEyvNbSMAQq5kUfUJvt rRnlUFJQD6kkswhs+CFCdfofIJBQY/GWdZA926pamxNeDkJpOgFDqUjfMDtFwHXu VmgxVOOFbw3XWY16IRclDDEiwpHZxAksAYy2itNYengshoVbzhLaczMbFLinoDoE Vlbo0G01dU7ZhPQnpc9vBNc4kIwUUgbCz7pwzDsnuD2JG2YAZjFl3SCNxkEShmKz W9Yumdg90jukUOcJOTxlhqdqlU7yxr4f+GrA4y96I/GILAdh+5b4sYfVI7sgyRfX fbikp/65JLqvMOUOiSpBgD1eEc6x8h281U//SeDSUOOiEsDfyZ1B2w== =jwqD -END PGP SIGNATURE-
Re: FBI announcement on email search 'Carnivore'
David Honig writes: > For $500/monthly you too can have a box in various NAPs. You can > run your NIC in Bill Clinton mode, e.g., to measure certain > things about traffic. I know of a corporation doing this (they > are only interested in infrastructure traffic, not content). I know of a (deceased) person who has been running such a promiscuous NIC for the purpose of IRC bot password interception. As a result he took over a #channel... Apropos IRC, is there anything on the horizont (apart from Fling), which will at least use strong encryption for /dcc chat? Perhaps even public-key authentication? Pointers welcome.
Re: FBI announcement on email search 'Carnivore'
At 10:58 AM 7/12/00 -0400, Steven M. Bellovin wrote: >>There's been speculation about NSA black boxes in such facilities for >>years. The FBI, however, isn't quite as "above the law" as the NSA likes For $500/monthly you too can have a box in various NAPs. You can run your NIC in Bill Clinton mode, e.g., to measure certain things about traffic. I know of a corporation doing this (they are only interested in infrastructure traffic, not content).
Re: FBI announcement on email search 'Carnivore'
I suspect that the reason they would want Carnivore as opposed to looking at spool files is that it is less invasive then looking at spool files, isn't dependent on the technology choices made by the ISP and finally its operation is beyond the ISP's examination. "Here just connect this to your network and we'll take it from there." I wonder how we find out more (FOIA), the descriptions I have heard so far (its a sniffer) seems a bit onerous. Big Brother at his best! -Jeff
RE: FBI announcement on email search 'Carnivore'
Meyer wrote: > > I guess this explains the FBI's opposition to the Verio > merger. I wonder > if a colocation company or service provider could be forced > to disclose > its participation in the Carnivore project. Not unless compelled by the government. > There's been speculation about NSA black boxes in such facilities for > years. The FBI, however, isn't quite as "above the law" as > the NSA likes > to think it is. What would the legality of operation a random email > sniffer be? It wouldn't be. The FBI needs to show a judge that email is at least relevant to an investigation and, in most cases, there is probable cause to believe a crime has been commited -- random emails don't fit that description. Then again, when email is more than six months old, the law says a judge "shall" issue a court order for stored emails when subpoenaed by the government. Many observers consider such language a rubber stamp. Will Rodger Voice +1 703 558 3375 Technology Reporter Fax +1 703 558 3981 USATODAY.com http://tech.usatoday.com PGP 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62 application/ms-tnef
Re: FBI announcement on email search 'Carnivore'
In message <[EMAIL PROTECTED]>, Marc Horowitz writes: >"Steven M. Bellovin" <[EMAIL PROTECTED]> writes: > >>> In this situation, everyone's email has to be scanned in order to >>> isolate the desired traffic. > >I've seen this claim before, and I don't think it's true. It's like >saying to wiretap my phone calls, you need to tap an entire fiber, and >do voiceprint ID to find my calls. It's much easier and more >effective only to tap my line. > > >In general, I can't see why the FBI needs tools like Carnivore to tap >email. The store-and-forward nature of email means there's a place >you can go to find the email, and the structure of most email systems >means there's a place which contains only the email for that user. Right -- but this is a network device. From the AP wire: Marcus Thomas, who heads the FBI's cybertechnology section, told the Wall Street Journal that the bureau has about 20 Carnivore systems, which are PCs with proprietary software. He said Carnivore meets current wiretapping laws, but is designed to keep up with the Internet. ``This is just a specialized sniffer,'' Thomas told the Journal, which first reported details about Carnivore. If the FBI says that it's a sniffer, rather than something that looks at spool files, I'm not really in a position to argue...
Re: FBI announcement on email search 'Carnivore'
"Steven M. Bellovin" <[EMAIL PROTECTED]> writes: >> In this situation, everyone's email has to be scanned in order to >> isolate the desired traffic. I've seen this claim before, and I don't think it's true. It's like saying to wiretap my phone calls, you need to tap an entire fiber, and do voiceprint ID to find my calls. It's much easier and more effective only to tap my line. In the case of monitoring an individual's email, it would be sufficient to monitor their spool file on whatever ISP mail server stores their mail. The spool file only contains one person's email, and only the ISP needs to know. This does not put the privacy of any other user's email at risk. There are exceptions. Large companies maintain their own email servers, so there is no independent ISP to cooperate with the FBI. However, the same problem exists with large company's phone lines. A company with 1000 phones does not have an individual phone line dedicated to each phone, in fact there is no direct correlation between phones and incoming or outgoing lines. Wiretaps must have run into this issue, and this would seem to be good precedent for the leased lines which carry a large company's email (and web, IM, and all other) traffic. Finally, there are sophisticated individuals which also run their own email systems. In these cases, I suspect wiretapping the entire connection for that individual would fall within the scope of a wiretap, since only a single individual would be targetted. (It might take a few overturned cases before they learn to write the warrants correctly.) In general, I can't see why the FBI needs tools like Carnivore to tap email. The store-and-forward nature of email means there's a place you can go to find the email, and the structure of most email systems means there's a place which contains only the email for that user. >> This precedent isn't binding on the FBI, but Federal courts do >> refer to state court opinions when appropriate. It might be an >> interesting case. Given that the Federal courts seem to permit pen registers with less review than wiretaps, I'm not sure that the New York court's arguments will have much effect. Marc
Re: FBI announcement on email search 'Carnivore'
In message <[EMAIL PROTECTED]>, Meyer Wolfs heim writes: >-BEGIN PGP SIGNED MESSAGE- > >I guess this explains the FBI's opposition to the Verio merger. I wonder >if a colocation company or service provider could be forced to disclose >its participation in the Carnivore project. Any AboveNet/Exodus customers >here want to try? > >There's been speculation about NSA black boxes in such facilities for >years. The FBI, however, isn't quite as "above the law" as the NSA likes >to think it is. What would the legality of operation a random email >sniffer be? Unlike a phone system, you can't wiretap email on the network >level without violating the privacy of all the other users sharing that >switch. > >Is there any old case law on wiretaps on telephone party-lines, where >uninvolved parties were monitored? There was an interesting case in New York in 1993, where the Court of Appeals (the highest state court in New York -- the Supreme Court there is the trial-level court) ruled that pen registers (devices for recording dialed numbers) could not be used without a wiretap warrant -- and wiretap warrants are much harder to get. Their reasoning was that in order to record the dialed number, you had to tap the line; therefore, the same requirements should apply. (I don't have a precise citation for this case; the text of the opinion I have says "not yet published".) In this situation, everyone's email has to be scanned in order to isolate the desired traffic. In other words, we have a general wiretap device that -- according to the FBI -- is used only in accordance with the restrictions of the warrant. But that was the case with pen registers in New York, and the court wouldn't buy it. This precedent isn't binding on the FBI, but Federal courts do refer to state court opinions when appropriate. It might be an interesting case. --Steve Bellovin
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Tue, 11 Jul 2000, P.J. Ponder wrote: > http://www.sjmercury.com/svtech/reports/gmsv/ > >From today's 'Good Morning Silicon Valley': > > FBI unearths sequel to Orwell's 1984: Privacy advocates are outraged over > the FBI's deployment of a high-speed e-mail search technology called > Carnivore which can scan massive amounts of data for e-mail messages from > criminal suspects. Federal investigators -- who claim to have used the > system in fewer than 100 cases since it debuted a year ago -- showed the > technology to industry specialists in Washington a few weeks ago in the > hopes of fostering an industry consensus on a standard for monitoring all > digital communications. Marcus Thomas, chief of the FBI's Cyber Technology > Section at Quantico, described Carnivore as nothing more than a "very > specialized sniffer." Privacy advocates, predictably, see the technology > as wide open to abuse. Said Mark Rasch, a former federal computer-crimes > prosecutor, "It's the electronic equivalent of listening to everybody's > phone calls to see if it's the phone call you should be monitoring." I guess this explains the FBI's opposition to the Verio merger. I wonder if a colocation company or service provider could be forced to disclose its participation in the Carnivore project. Any AboveNet/Exodus customers here want to try? There's been speculation about NSA black boxes in such facilities for years. The FBI, however, isn't quite as "above the law" as the NSA likes to think it is. What would the legality of operation a random email sniffer be? Unlike a phone system, you can't wiretap email on the network level without violating the privacy of all the other users sharing that switch. Is there any old case law on wiretaps on telephone party-lines, where uninvolved parties were monitored? - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOWuTlCsFU3q6vVI9AQHNvwf+PSDbjn9/yt1THaYKx2jJuyDkDCVhKISR MmDErcdjg/muhO4LLW4iqEkj5o7tkhszVQVG2N1Lx4IsEM/tNWU7rn3sbA+BLsyd 0U/zl9aSOlQZWTeXxjt6tMIoevYjy1dVJigPxWgrktiHrvOMRmjey36Hah0ww6IX GT6seerla28oSBgBav+q/b9BEYcoydUChKQoK+fPwksRChVoDasuv5OFH6a2G1qg Hee2F0Qgv+AhWQ7CYRspsG1j45/rHyldxqvRCm/nK19spnEqkR0JJeZ6EMvJZWtR tFQTJtvQaYeMhTzNxhKwVzrLl3MkbY83Pltk+DZOxyE6FncmPRODPA== =Klzz -END PGP SIGNATURE-