Re: FBI announcement on email search 'Carnivore'
At 10:27 PM 7/16/00 +0100, Ben Laurie wrote: Lucky Green wrote: In particular, the "black box" monitoring device installed at the ISP level appears to be in the process of becoming the implementation of choice. Pioneered by Russia, this design has rapidly been adopted by the UK, and now is used in the US. This may be a nit, but there are those of us who hope it is a nit of significance: unlike Russia or the US, the black box monitoring device is still a twinkle in the eye of the spooks in the UK. RIP is not yet law, and when and if it is, it may not include provision for such a box. Yes, but now that the US has legalized export of crypto hardware to EU and other friendly governments, they can have 10 of them there overnight :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Sun, 16 Jul 2000, Ben Laurie wrote: Lucky Green wrote: In particular, the "black box" monitoring device installed at the ISP level appears to be in the process of becoming the implementation of choice. Pioneered by Russia, this design has rapidly been adopted by the UK, and now is used in the US. This may be a nit, but there are those of us who hope it is a nit of significance: unlike Russia or the US, the black box monitoring device is still a twinkle in the eye of the spooks in the UK. RIP is not yet law, and when and if it is, it may not include provision for such a box. Note that there *are* no express provisions for this black box in the US, and in fact there are many laws that would lead people like me to believe it is probably illegal. So the current status of the RIP bill may not be relevant to the existance of black boxes on the UK Internet. - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOXOnxisFU3q6vVI9AQF4Dgf+LpUKB/3u2/k8oK6A+vS2NUWk4ZElB3Bc bLr75F2Eu5HALPw1ern51zVMMJdLEznNrSnanuinBbcSeqNSR4L+Tnms0S4pAVcP uf00SEySIhjWI20L2f6oXc/Z8VfK2UolQ4GjFUtoFPAqzYC3NQih9bPAyNAbYIoi aTegNO5iwu0IR2j0TAGcSKKtKkVSdmh/CsguPVoRuVyJr3EcRzbPIE7vqQ/mO86E Dz759pILeSdHn7mipm0BSREk1/Y2UEWx93A8pFJitvp7iU4m6ZErsrJXTIVXR0w5 07ofJQgXEjMh7oT1IJcHAga2J6SywhO6+bp4BHuzF7JvzenEOLkXIA== =4dI6 -END PGP SIGNATURE-
Re: FBI announcement on email search 'Carnivore'
In message [EMAIL PROTECTED], Meyer Wolfs heim writes: -BEGIN PGP SIGNED MESSAGE- On Fri, 14 Jul 2000, Steven M. Bellovin wrote: According to the AP, the ACLU has filed a Freedom of Information Act request for information on Carnivore. See http://www.aclu.org/news/2000/n07 1400a.html and http://www.nytimes.com/aponline/w/AP-FBI-Snooping.html I notice in this article that one of their programs is "EtherPeek". Assuming this is the same as the well known ethernet sniffer, you don't need to file for FOIA to learn about it. http://www.aggroup.com/ Additionally, I don't believe the source is available, and I would doubt the FBI would have the source for it. But, assuming that a) this is the same product that the FBI is using, and b) they were given the source under the agreement that it not be disclosed, could the FOIA force the disclosure of this code? Probably not. I was trying to avoid quoting the whole NY Times article; if you don't subscribe to the Times, you can find the same article (I think) at http://www.accesswaco.com/shared/news/ap/ap_story.html/Washington/AP.V0971.AP-FBI-Snooping.html Anyway -- according to the story, there are a number of exemptions in the Freedom of Information Act that might prevent disclosure of the source code. But the FOIA request was also for any internal FBI documents on the subject; those are much less likely to be protected by the exemptions. --Steve Bellovin
Re: FBI announcement on email search 'Carnivore'
According to the AP, the ACLU has filed a Freedom of Information Act request for information on Carnivore. See http://www.aclu.org/news/2000/n071400a.html and http://www.nytimes.com/aponline/w/AP-FBI-Snooping.html --Steve Bellovin
Re: FBI announcement on email search 'Carnivore'
On Wed, 12 Jul 2000, David Honig wrote: For $500/monthly you too can have a box in various NAPs. You can run your NIC in Bill Clinton mode, e.g., to measure certain things about traffic. I know of a corporation doing this (they are only interested in infrastructure traffic, not content). I find it difficult to believe that NAPs aren't using a switched architecture, which should make this sort of thing much more difficult (barring ARP tricks). -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)
Re: FBI announcement on email search 'Carnivore'
David Honig wrote: At 10:58 AM 7/12/00 -0400, Steven M. Bellovin wrote: There's been speculation about NSA black boxes in such facilities for years. The FBI, however, isn't quite as "above the law" as the NSA likes For $500/monthly you too can have a box in various NAPs. You can run your NIC in Bill Clinton mode, e.g., to measure certain things about traffic. I know of a corporation doing this (they are only interested in infrastructure traffic, not content). Dunno about you, but we use switches for colo - which rather defeats this plan, no? Cheers, Ben. -- http://www.apache-ssl.org/ben.html Coming to ApacheCon Europe 2000? http://apachecon.com/
Re: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Wed, 12 Jul 2000, Jeffrey I. Schiller wrote: I suspect that the reason they would want Carnivore as opposed to looking at spool files is that it is less invasive then looking at spool files, isn't dependent on the technology choices made by the ISP and finally its operation is beyond the ISP's examination. Exactly. From what we're lead to believe, Carnivore discards all packets that aren't email, then discards all emails that aren't covered by the warrant. However, Carnivore must be monitoring *all* traffic in order to make those determinations. Therefore, the privacy of every individual and organization utilizing a network on which a Carnivore resides is being violated. "Here just connect this to your network and we'll take it from there." I have to admit, it is the simplest, easiest way to achieve the goal. I wonder how we find out more (FOIA), the descriptions I have heard so far (its a sniffer) seems a bit onerous. Big Brother at his best! Is someone filling a FOIA request for this? - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW1OvisFU3q6vVI9AQHhdgf+J4zmvXZxFX6V08czQZ+/HJ+5vvfGJ0o8 W3hwGHnulMdHxSsOuvl7WtWKuR5W3mbQHV4DcGrZx81gDshsfKfcEUtfAtXmCipI 34TD/2T1ydvTFdqCRw5TNU2KdCY3mUSFH6ucA0VS70OslWYNlK1clSuQeYD9lDm9 m6otwbizJpkcEC/OB8819kWVQ+v2y8zjUhQvyUdNtv424jp4MhU+E5xhzW0qT57j URI2vvSx9qJGT3rnO9wPFbUHeB4x70eHQDa+/rqvU+7bMhRxy/1MezAa4z5CWS3y 9FkrJo27S5lTDnS2SeH0bP49PXWhxV7Q93/H+cDLUi7J1/CEFZfleA== =GPFi -END PGP SIGNATURE-
RE: FBI announcement on email search 'Carnivore'
Jeffrey Schiller asked: I wonder how we find out more (FOIA), the descriptions I have heard so far (its a sniffer) seems a bit onerous. Big Brother at his best! At least one group I know of has filed a FOIA for details. Perhaps we'll get information in a few weeks. Or maybe they will just have to go to court. Stay tuned. Will Rodger Voice +1 703 558 3375 Technology Reporter Fax +1 703 558 3981 USATODAY.com http://tech.usatoday.com PGP 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62 application/ms-tnef
RE: FBI announcement on email search 'Carnivore'
-BEGIN PGP SIGNED MESSAGE- On Wed, 12 Jul 2000, Rodger, William wrote: Meyer wrote: I guess this explains the FBI's opposition to the Verio merger. I wonder if a colocation company or service provider could be forced to disclose its participation in the Carnivore project. Not unless compelled by the government. Even if a prior court order was issued, mandating that they not disclose their cooporation with the FBI? There's been speculation about NSA black boxes in such facilities for years. The FBI, however, isn't quite as "above the law" as the NSA likes to think it is. What would the legality of operation a random email sniffer be? It wouldn't be. The FBI needs to show a judge that email is at least relevant to an investigation and, in most cases, there is probable cause to believe a crime has been commited -- random emails don't fit that description. The argument I foresee is that the Carnivore box is configured to discard all email and other traffic that does not apply to the investigation. However, who audits the configuration of these boxes? This is the question of who watches the watchers... Then again, when email is more than six months old, the law says a judge "shall" issue a court order for stored emails when subpoenaed by the government. Many observers consider such language a rubber stamp. Sure sounds like one to me. - -MW- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (FreeBSD) Comment: No comment. iQEVAwUBOW1XtCsFU3q6vVI9AQH7Kwf9ESv+Q59lRPV25a0SzbcIBvCvjRiKtNJN XzLm9+G1aHxSFxlcexkFTplqV6tsrsATSFGUhpUFZNp7UFTTBiHPT7+ys0/M4+pw mmkWD1xa0hYMqU0+1RIVfu9Tif/7SuOjGA4IwfAoF8UbJ7AJR/z49sdRQ6tyzRX4 DYXxx826dIKQSW30TBWf7RNC8Be0qELm9u1KO7BCL2fH485met+j/HbBK/hximPU EJO30jL5R4u688FkqX9ukhwsK2x+97Swh4nepHULJ8da0pkE9c9ZA2XYQyPA2VtW 9xjF02WokA486miMy0Kx7iGntVymg4nu1bF1jrvweqlZqTxjGNxU8Q== =eeeG -END PGP SIGNATURE-
Re: FBI announcement on email search 'Carnivore'
I had posted a note saying that pen register usage in New York was barred by the courts unless a wiretap warrant had been issued. I need to update that posting. First, that opinion was rendered in People vs. Bialostok, 80 NY2d 738, http://www.law.cornell.edu/cgi-bin/nyctap.cgi?80+738 But it is no longer in force. In People vs. Martello, 99 N.Y. Int. 0113, http://www.law.cornell.edu/ny/ctap/I99_0113.htm, the Court noted that subsequent to the events in the earlier case, the legislature passed a law specifically defining pen registers and providing for their use. The earlier ban is thus no longer in effect. Furthermore, since they had made their decision on statutory grounds, rather than constitutional grounds, the legislature was free to change the procedures required. So -- I doubt that that case would have any bearing on any Federal lawsuit. --Steve Bellovin
Re: FBI announcement on email search 'Carnivore'
In message [EMAIL PROTECTED], Meyer Wolfs heim writes: -BEGIN PGP SIGNED MESSAGE- I guess this explains the FBI's opposition to the Verio merger. I wonder if a colocation company or service provider could be forced to disclose its participation in the Carnivore project. Any AboveNet/Exodus customers here want to try? There's been speculation about NSA black boxes in such facilities for years. The FBI, however, isn't quite as "above the law" as the NSA likes to think it is. What would the legality of operation a random email sniffer be? Unlike a phone system, you can't wiretap email on the network level without violating the privacy of all the other users sharing that switch. Is there any old case law on wiretaps on telephone party-lines, where uninvolved parties were monitored? There was an interesting case in New York in 1993, where the Court of Appeals (the highest state court in New York -- the Supreme Court there is the trial-level court) ruled that pen registers (devices for recording dialed numbers) could not be used without a wiretap warrant -- and wiretap warrants are much harder to get. Their reasoning was that in order to record the dialed number, you had to tap the line; therefore, the same requirements should apply. (I don't have a precise citation for this case; the text of the opinion I have says "not yet published".) In this situation, everyone's email has to be scanned in order to isolate the desired traffic. In other words, we have a general wiretap device that -- according to the FBI -- is used only in accordance with the restrictions of the warrant. But that was the case with pen registers in New York, and the court wouldn't buy it. This precedent isn't binding on the FBI, but Federal courts do refer to state court opinions when appropriate. It might be an interesting case. --Steve Bellovin
Re: FBI announcement on email search 'Carnivore'
"Steven M. Bellovin" [EMAIL PROTECTED] writes: In this situation, everyone's email has to be scanned in order to isolate the desired traffic. I've seen this claim before, and I don't think it's true. It's like saying to wiretap my phone calls, you need to tap an entire fiber, and do voiceprint ID to find my calls. It's much easier and more effective only to tap my line. In the case of monitoring an individual's email, it would be sufficient to monitor their spool file on whatever ISP mail server stores their mail. The spool file only contains one person's email, and only the ISP needs to know. This does not put the privacy of any other user's email at risk. There are exceptions. Large companies maintain their own email servers, so there is no independent ISP to cooperate with the FBI. However, the same problem exists with large company's phone lines. A company with 1000 phones does not have an individual phone line dedicated to each phone, in fact there is no direct correlation between phones and incoming or outgoing lines. Wiretaps must have run into this issue, and this would seem to be good precedent for the leased lines which carry a large company's email (and web, IM, and all other) traffic. Finally, there are sophisticated individuals which also run their own email systems. In these cases, I suspect wiretapping the entire connection for that individual would fall within the scope of a wiretap, since only a single individual would be targetted. (It might take a few overturned cases before they learn to write the warrants correctly.) In general, I can't see why the FBI needs tools like Carnivore to tap email. The store-and-forward nature of email means there's a place you can go to find the email, and the structure of most email systems means there's a place which contains only the email for that user. This precedent isn't binding on the FBI, but Federal courts do refer to state court opinions when appropriate. It might be an interesting case. Given that the Federal courts seem to permit pen registers with less review than wiretaps, I'm not sure that the New York court's arguments will have much effect. Marc
Re: FBI announcement on email search 'Carnivore'
In message [EMAIL PROTECTED], Marc Horowitz writes: "Steven M. Bellovin" [EMAIL PROTECTED] writes: In this situation, everyone's email has to be scanned in order to isolate the desired traffic. I've seen this claim before, and I don't think it's true. It's like saying to wiretap my phone calls, you need to tap an entire fiber, and do voiceprint ID to find my calls. It's much easier and more effective only to tap my line. In general, I can't see why the FBI needs tools like Carnivore to tap email. The store-and-forward nature of email means there's a place you can go to find the email, and the structure of most email systems means there's a place which contains only the email for that user. Right -- but this is a network device. From the AP wire: Marcus Thomas, who heads the FBI's cybertechnology section, told the Wall Street Journal that the bureau has about 20 Carnivore systems, which are PCs with proprietary software. He said Carnivore meets current wiretapping laws, but is designed to keep up with the Internet. ``This is just a specialized sniffer,'' Thomas told the Journal, which first reported details about Carnivore. If the FBI says that it's a sniffer, rather than something that looks at spool files, I'm not really in a position to argue...
Re: FBI announcement on email search 'Carnivore'
I suspect that the reason they would want Carnivore as opposed to looking at spool files is that it is less invasive then looking at spool files, isn't dependent on the technology choices made by the ISP and finally its operation is beyond the ISP's examination. "Here just connect this to your network and we'll take it from there." I wonder how we find out more (FOIA), the descriptions I have heard so far (its a sniffer) seems a bit onerous. Big Brother at his best! -Jeff
Re: FBI announcement on email search 'Carnivore'
At 10:58 AM 7/12/00 -0400, Steven M. Bellovin wrote: There's been speculation about NSA black boxes in such facilities for years. The FBI, however, isn't quite as "above the law" as the NSA likes For $500/monthly you too can have a box in various NAPs. You can run your NIC in Bill Clinton mode, e.g., to measure certain things about traffic. I know of a corporation doing this (they are only interested in infrastructure traffic, not content).