Re: Carnivore - Matt Blaze testimony

[Reese]

At 12:29 PM 25/07/00 -0400, Agent Bronson wrote:
 >At 12:14 PM 25/07/00 -0400, James A. Donald wrote:

 >> The US got along fine without ANY equivalent of the FBI through most of
 >> its
 >> history.
 >
 >That's very true. But we have future Oklahoma Cities to contend with now.
 >Remember the y2k Seattle thing? Where foreigners were trying to sneak bomb
 >shit across the canadian border so they could kill the new-year's crowd
 >there? The FBI may have prevented uncounted deaths there and in other
 >places as well, where they are on the lookout for people like the
 >Al-Queda.
 >
 >I don't know about your local cops, but mine are definately not capable of
 >protecting me from this kind of stuff.

That's because they eat too many donuts and rely on 3-letter types to keep 
their ass out of a sling.  The friggin border cops should have caught 
that.  Actually, the canadian border cops did catch much of it, but let it 
on through, forcing us to deal with it.  I guess it isn't illegal to export 
improvised explosives from canuck land.

Note - you munged the quotes - I fixed them.  Idiot.

Reese

RE: Carnivore - Matt Blaze testimony

[Tim May]

At 12:06 AM -0400 7/26/00, Ernest Hua wrote:
>  > > > are you saying that the 3rd amendment grants congress the power
>>  > > to make law for hte quartering of troops in private homes outside
>>  > > of war?
>>  >
>>  > My read is that they can make allow allowing quartering but only in
>>  > times of war.
>>
>>  And since the U.S. has not been in a state of war since 1945, being
>>  unwilling to admit to being in a state of war, this is unlikely to
>>  ever arise again.
>
>I thought recent presidents have been declaring a state of emergency
>for who knows how long. 

But that's not what is being talked about. You are not reading 
carefully. The Third refers to war, and this is what we are talking 
about.


--Tim May
-- 
-:-:-:-:-:-:-:
Timothy C. May  | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.

Re: Carnivore - Matt Blaze testimony

[Bill O'Hanlon]

John Bronson <[EMAIL PROTECTED]> wrote:

> 
> First, I hope it's understood that I'm undecided whether I'm for carnivore
> or against it. The more I read on this list, though, the more I agree with
> you guys. Some of arguments against it are unfounded though, like this 3rd
> amendment thing.
> 
> I didn't mean to quip went I asked about the electricity. I was responding
> to Sunder, who likened the carnivore box to a hungry British infantryman.
> At the risk of sounding ignorant, in my understanding a computer causes a
> negligible burden in air-conditioning. And it doesn't use the UPS
> batteries unless the power goes out. And since carnivore is a passive
> system, it doesn't add to your network's traffic burden. Besides, you know
> that it's not the rack space and heat that upsets ISP owners about the
> box.

As Riad Wahby states well in another message, you're way way off
base with your electrical assumptions.  The AC burden is not
negligible.  And when an ISP is small enough to not own generators,
what the UPS buys is time when the power cuts out.  The more machines
sitting on those batteries, the less time you have to run in at 2
am and bring things to a smooth halt.

What's worse, your network assumption is also erroneous.  My network
fabric is switched.  In order to accomodate a Carnivore, I've got
to make the port leading to the Carnivore "unswitched", or else it
won't see the traffic that they want to see.  That puts a load on
the switch, and completely defeats having the switch there in the
first place.  (In other words, I've spent several thousand dollars
making sure that all traffic ISN'T visible to all devices on the
local net, and this damn thing would not only undo it, but it would
make the box responsible for the switching work twice as hard!)




> 
> As an ISP owner, you have the responsibility that comes with providing
> communication and information to people. It's the same responsibility that
> the telcos have. So if it's in the interest of the people to stop a creep
> that's using your service to commit crimes, it's your duty to help the law
> enforcement guys out (for a moment, let's put away the omnipresent
> assumption law enforcement is inherently evil, and assume that it is
> actually interested in capturing bad guys).

I don't agree with anything you've just said there.  Either you're
really on the wrong list, or I'm feeding a troll.  Do you honestly
believe that part about responsibility?  I don't work for "the
interest of the people", and I don't agree that I have ANY duty to
help out law enforcement, except in the case of a legal and SPECIFIC
court order.

When you casually propose to "put away the omnipresent assumption
that law enforcement is inherently evil", you are pretty much
ignoring one of the underlying purposes of the email list you are
posting to.  Are you SURE you're in the right place?  Most of the
assumptions that you take as givens are hugely in opposition to
the people you're posting to.  There's a big disconnect here.


> 
> administrated. It would be interesting if an ISP somehow detected and
> reported activity coming from one of the things. As for back doors in the
> commercial part of the software, I hadn't thought of that, and that's
> definately a real concern.
> 
> Does anyone know if Carnivore is remotely administrated, and therefore
> subject to hacking?


It doesn't have to be remotely administered to be subject to hacking.
Windows 9X is not remotely administer-able, and it is hacked all the
time.


To put things in a proper cypherpunks perspective, John, consider:
As an ISP owner, what would my "responsibility to the interest of
the people" be if all email (and other) traffic across my system
was encrypted?


-Bill


--
Bill O'Hanlon   [EMAIL PROTECTED]
Professional Network Services, Inc. 612-379-3958

Re: Jim Und Dave?

[Kevin Elliott]

At 11:38 -0400 7/25/00, David Honig wrote:
>At 12:32 AM 7/25/00 -0400, Kevin Elliott wrote:
>>were unconstitutional.  Another way of putting this would be for the
>>government to outlaw brushing ones teeth.
>
>Simple.  Outlaw possession of toothbrushes.  Intercept at customs.
>Teach children in public schools that clean teeth are bad.  Make
>the teaching of dental hygene or dentifrice manufacture illegal.

No, no, the activity is illegal, not the tools.  Your free to 
purchase toothbrushes where ever you like (after all toothbrushes are 
a common cleaning instrument.
-- 

Kevin "The Cubbie" Elliott 
 ICQ#23758827
___
"As nightfall does not come at once, neither does oppression. In both 
instances, there is a twilight when everything remains seemingly 
unchanged.  And it is in such twilight that we all must be most aware 
of change in the air--however slight--lest we become unwitting 
victims of the darkness."
-- Justice William O. Douglas

Re: Carnivore - Matt Blaze testimony

[Kevin Elliott]

At 13:12 -0400 7/25/00, Me wrote:
>are you saying that the 3rd amendment grants congress the power
>to make law for hte quartering of troops in private homes outside
>of war?

My read is that they can make allow allowing quartering but only in 
times of war.
-- 

Kevin "The Cubbie" Elliott 
 ICQ#23758827
___
"As nightfall does not come at once, neither does oppression. In both 
instances, there is a twilight when everything remains seemingly 
unchanged.  And it is in such twilight that we all must be most aware 
of change in the air--however slight--lest we become unwitting 
victims of the darkness."
-- Justice William O. Douglas

Re: Carnivore - Matt Blaze testimony

[John Bronson]

> > > Yes, the 3rd ammendment isn't really about the soldiers spying on
> you,
> > > it's about them eating up your resources.  But a box at an ISP
> sniffing
> > > traffic IS eating up the ISP's resources.  In the least it's eating
> up
> > > electricity and bandwith to report back and be controlled.
> > 
> > The 1st amendment explicitly grants freedom of press. Are you upset
> that
> > the Carnivore box is using _electricity_?? The third amendment was
> about
> > having some Infantryman sleeping in your bed, eating your food, and
> > messing around with your daughter/wife/livestock. The Carnivore box is
> no
> > more intrusive or expensive to the ISP than a wiretap is to a telco.
> 
> I think all of the reasons that others have posted relating why
> Carnivore
> is a bad thing are more important than what follows, but I thought I'd
> jump in here.
> 
> As an ISP owner, I'd be very uncomfortable with a Carnivore-style box on
> 
> my premises.  Here's why:
> 
>   Not only does it use electricity, but any such box adds to the load
>   on my air condtioning and my UPS batteries.
> 
>   There's no way to be sure that it's not cataloging other email, as
>   others have mentioned.
> 
>   There's no way to be sure that it's not storing clear text passwords
>   of things I do on my network for maintenance.  This would allow the 
>   feds to trivially hack their way back in at any time in the future,
>   if I'm foolish enough not to have my entire staff change all of their
>   passwords on all routers and servers after the Carnivore box is gone.
> 
>   There's no way to determine that the Carnivore box is safe from being
>   hacked.  So, once it has gatherered all the passwords, there's nothing
>   to prevent a clever-enough script kid from hacking their black box
>   and scooping the good stuff. 
>   
>   These last two remind me a lot of the Clipper debate  Matt Blaze
>   was able to show that the NSA folks could blow it on security.  Does
>   anyone think that the FBI will do better on their black box?
> 
> 
> As I said, all of these are less important than the real reasons for
> disliking Carnivore, but they're also valid.  The Agent's quip about
> "using _electricitry_" irks me.

First, I hope it's understood that I'm undecided whether I'm for carnivore
or against it. The more I read on this list, though, the more I agree with
you guys. Some of arguments against it are unfounded though, like this 3rd
amendment thing.

I didn't mean to quip went I asked about the electricity. I was responding
to Sunder, who likened the carnivore box to a hungry British infantryman.
At the risk of sounding ignorant, in my understanding a computer causes a
negligible burden in air-conditioning. And it doesn't use the UPS
batteries unless the power goes out. And since carnivore is a passive
system, it doesn't add to your network's traffic burden. Besides, you know
that it's not the rack space and heat that upsets ISP owners about the
box.

As an ISP owner, you have the responsibility that comes with providing
communication and information to people. It's the same responsibility that
the telcos have. So if it's in the interest of the people to stop a creep
that's using your service to commit crimes, it's your duty to help the law
enforcement guys out (for a moment, let's put away the omnipresent
assumption law enforcement is inherently evil, and assume that it is
actually interested in capturing bad guys).

administrated. It would be interesting if an ISP somehow detected and
reported activity coming from one of the things. As for back doors in the
commercial part of the software, I hadn't thought of that, and that's
definately a real concern.

Does anyone know if Carnivore is remotely administrated, and therefore
subject to hacking?

__
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

Act Now # F0C

[Kevin Hess]

  
WE MAKE IT EASY & AFFORDABLE TO ACCEPT CREDIT CARDS FOR YOUR BUSINESS
!
 
INTERNET (Auction Vendors & Online Mall Stores Too!)
STOREFRONT OR MAIL ORDER MERCHANTS

WE SPECIALIZE IN APPROVING YOU!
 

APPLY TODAY AND START FOR JUST $9.95!

FREE APPLICATION!!
FREE PROGRAMMING!!

DON'T LOSE ANOTHER SALE!

APPLY TO ACCEPT CREDIT CARDS 
AND CALL (888) 264-9272 
 

DON'T FORGET TO ASK ABOUT OUR WEB DESIGN AND HOSTING PACKAGE !!!




If you receive this message and have never joined one of our 
email lists you can be removed  by replying to:
mailto:[EMAIL PROTECTED]?subject=remove

Re: Carnivore - Matt Blaze testimony

[Bill O'Hanlon]

> >
> > Yes, the 3rd ammendment isn't really about the soldiers spying on you,
> > it's about them eating up your resources.  But a box at an ISP sniffing
> > traffic IS eating up the ISP's resources.  In the least it's eating up
> > electricity and bandwith to report back and be controlled.
> 
> The 1st amendment explicitly grants freedom of press. Are you upset that
> the Carnivore box is using _electricity_?? The third amendment was about
> having some Infantryman sleeping in your bed, eating your food, and
> messing around with your daughter/wife/livestock. The Carnivore box is no
> more intrusive or expensive to the ISP than a wiretap is to a telco.

I think all of the reasons that others have posted relating why Carnivore
is a bad thing are more important than what follows, but I thought I'd
jump in here.

As an ISP owner, I'd be very uncomfortable with a Carnivore-style box on 
my premises.  Here's why:

Not only does it use electricity, but any such box adds to the load
on my air condtioning and my UPS batteries.

There's no way to be sure that it's not cataloging other email, as
others have mentioned.

There's no way to be sure that it's not storing clear text passwords
of things I do on my network for maintenance.  This would allow the 
feds to trivially hack their way back in at any time in the future,
if I'm foolish enough not to have my entire staff change all of their
passwords on all routers and servers after the Carnivore box is gone.

There's no way to determine that the Carnivore box is safe from being
hacked.  So, once it has gatherered all the passwords, there's nothing
to prevent a clever-enough script kid from hacking their black box
and scooping the good stuff. 

These last two remind me a lot of the Clipper debate  Matt Blaze
was able to show that the NSA folks could blow it on security.  Does
anyone think that the FBI will do better on their black box?


As I said, all of these are less important than the real reasons for
disliking Carnivore, but they're also valid.  The Agent's quip about
"using _electricitry_" irks me.


-Bill


--
Bill O'Hanlon   [EMAIL PROTECTED]
Professional Network Services, Inc. 612-379-3958

Re: Carnivore - Matt Blaze testimony

[David Honig]

At 03:11 PM 7/25/00 -0400, Agent Bronson wrote:
>I still say it's a moral failure to allow terrorism to be accepted as
>warfare and foolishness not to protect our land from it.

Those land mines along the .mx border really have the latino votes
pissed off...


A freedom fighter is just a terrorist whose got James Carville working
for him.  

Evolution of nations and weapon$ leads to distributed violence.  As
inevitably as gunpowder bankrupted chain mail.

What's Osama to do?  Bitch to the UN?  Yeah, right.  

What's the US to do?  Stop colonizing?  Yeah right --check out
Kuwait's begging to be a parasite^H^H^H^H satellite like, they say, Taiwan
or Israel.  

Go Orwell?  Seems to be the plan, but it won't stop the devoted.

Have a nice day.








  

RE: Carnivore - Matt Blaze testimony

[Trei, Peter]

> --
> From: Agent Bronson[SMTP:[EMAIL PROTECTED]]
> > 
> > Yes, but that doesn't make it legal.  Hey, they've done black bag jobs
> > too, and got caught.  See Watergate.
>  
> These are abuses that got exposed. But the threat of abuse is a poor
> reason to leave the FBI helpless in the face of modern threats to the USA.
> This is akin to the argument that the death penalty should be banned
> because of the failings in the judicial system. Sure, every mote of power
> you give to a public servant is subject to misuse, but a cop needs his gun
> and a surveyor needs his tripod. The FBI needs to be able to do its thing
> so buildings don't start blowing up. 
> 
The US would not have a problem with foreign based terrorism if the US
government did not meddle in the affairs of other countries. Does
Switzerland
have a problem with foreign based terrorism? Does Sweden? In the words of
Malcom X: "I think it's a case of the chickens coming home to roost."

As for domestic terrorism - let's not forget that the McVeigh and his
cronies don't appear to have used the Internet at any point in their
activities.

Past abuse, and the threat of future abuse are definitely factors to
consider 
when the people decide whether or not they wish to grant a power to 
government. As the Founders said: '...a long chain of abuses and usupations
 
[grants the people the right and duty] ...to throw off such government" 

The FBI has repeatedly demonstrated that it will abuse its powers, and there
is
no convincing evidence that it actually cares to clean up it's act - if it
did, a 
lot of FBI agents would be finishing their careers in jail. The FBI has a
persistant, 
institutionalized and recidivist tendency to abuse, and abuse again, 
all the while in denial "It's just a few bad apples - we promise it'll never
happen
again (until next time)". Such a history of illegality, along  with a
constant 
denial of responsibility, would land a *person* in jail, or force the
disbanding of a 
corporation. The FBI, on the other hand, seems to be above the law. The
conclusion of many people is that the FBI is, in toto, untrustworthy, out of
control, and dangerous to our liberties.

[It's off-topic, but I and many others DO hold that the death penalty should
be
abolished - as it has been in nearly all the civilized nations of the world]

Your arguments fall perilously close to "the end justifies the means".

> I know it's laughable when an FBI spokesman says "Hey just trust us,
> guys!" But even if we don't trust the FBI, we have to trust the watchdog
> groups and government that guarantees balances. Remember, the FBI's
> primary purpose is to protect the masses - not to read your letters to
> grandma.
> 
That may be the stated purpose for which it was chartered, but it's
behaviour
for most of it's history makes it clear that the operational goals include
the
acquisition, expansion, and retention of power for the agency, regardless of

law, morality, or ethics.

Peter Trei
Disclaimer: The above represents my personal opinion only.

Re: Carnivore - Matt Blaze testimony

[Agent Bronson]

> > The 3rd amendment argument is a losing argument. The purpose of that
> > amendment is to prevent repeating something that happened during the
> > Revolutionary War. It pertains to soldiers shacking up in civilian's
> > houses, not to a civilian law-enforcement organization hooking a
> computer
> > up to your ISP's network.
> 
> I don't think so. The analogy is very clear.  There isn't any extra 
> ammendment or law that guarantees any extra rights to the Press.  The
> 1st
> is good enough.
>
> Yes, the 3rd ammendment isn't really about the soldiers spying on you,
> it's about them eating up your resources.  But a box at an ISP sniffing
> traffic IS eating up the ISP's resources.  In the least it's eating up
> electricity and bandwith to report back and be controlled.

The 1st amendment explicitly grants freedom of press. Are you upset that
the Carnivore box is using _electricity_?? The third amendment was about
having some Infantryman sleeping in your bed, eating your food, and
messing around with your daughter/wife/livestock. The Carnivore box is no
more intrusive or expensive to the ISP than a wiretap is to a telco.
 
> > I don't know the specific laws, but this is something the spooks have
> > always done anyway. Like Donald Kerr said (if FBI spooks like him and
> me
> > can be trusted), the FBI routinely orders ISPs to do this surveillance
> > themselves anyway, when the ISP has the resources to do it.
> 
> Yes, but that doesn't make it legal.  Hey, they've done black bag jobs
> too, and got caught.  See Watergate.
 
These are abuses that got exposed. But the threat of abuse is a poor
reason to leave the FBI helpless in the face of modern threats to the USA.
This is akin to the argument that the death penalty should be banned
because of the failings in the judicial system. Sure, every mote of power
you give to a public servant is subject to misuse, but a cop needs his gun
and a surveyor needs his tripod. The FBI needs to be able to do its thing
so buildings don't start blowing up. 

I know it's laughable when an FBI spokesman says "Hey just trust us,
guys!" But even if we don't trust the FBI, we have to trust the watchdog
groups and government that guarantees balances. Remember, the FBI's
primary purpose is to protect the masses - not to read your letters to
grandma.

> Not at all.  A kid fucker leaves solid physical evidence.  A kid that's
> been fucked.
--snip other examples--

You've convinced me on this point. If the FBI suspects someone of doing
illegal shit with his computer, why don't they just get a warrant and
search the computer?
 
> > If the FBI has court-approved
> > probable couse, which means they've already turned up good evidence,
> then
> > it's fine with me - especially in the case of a suspected terrorist -
> if
> > they monitor said suspected terrorist's emails.
> 
> Yeah, like there were never any illegal wire taps before.

See above, death penalty, etc.

> > Hey - maybe the whole carnivore thing is just a red herring to
> distract us
> > while some real heinous snooping is going on at the ISP level.
> 
> By what? The NSA?

Hey, why not?

__
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

Re: Carnivore - Matt Blaze testimony

[Agent Bronson]

> >I don't know about your local cops, but mine are definately not capable
> of
> >protecting me from this kind of stuff. Someone recently posted that
> >"Terrorism is the future of warfare." That's _very_ spooky, especially
> if
> >we are morally ambiguous enough to condone terrorism as a form of
> >"warfare". If terrorism is the future of warfare, the FBI, or some
> other
> >counter-terrorist group, is going to be our only real defense.
> 
> That wasn't "someone," that was _me_.

Okay...

> And if you don't understand the point, this is unsurprising. 
> Education ain't what it used to be.

WTF...Anyone can say "sigh - you just don't understand." Whatever weighty
truth I 'missed', perhaps you could clarify or at least repeat it before
you resort to insults?

I still say it's a moral failure to allow terrorism to be accepted as
warfare and foolishness not to protect our land from it.

__
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

Re: Carnivore - Matt Blaze testimony

[Tim May]

At 12:29 PM -0400 7/25/00, Agent Bronson wrote:
>
>I don't know about your local cops, but mine are definately not capable of
>protecting me from this kind of stuff. Someone recently posted that
>"Terrorism is the future of warfare." That's _very_ spooky, especially if
>we are morally ambiguous enough to condone terrorism as a form of
>"warfare". If terrorism is the future of warfare, the FBI, or some other
>counter-terrorist group, is going to be our only real defense.

That wasn't "someone," that was _me_.

And if you don't understand the point, this is unsurprising. 
Education ain't what it used to be.


--Tim May
-- 
-:-:-:-:-:-:-:
Timothy C. May  | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.

Re: Wired News : FBI Gives a Little on Carnivore

[Tim May]

At 1:32 PM -0400 7/25/00, x wrote:
>
>  From Wired News, available online at:
>http://www.wired.com/news/print/0,1294,37765,00.html
>
>FBI Gives a Little on Carnivore 
>by Declan McCullagh 
>
>9:35 a.m. Jul. 25, 2000 PDT
>WASHINGTON -- The FBI says it will conduct a privacy audit of a
>controversial surveillance system, but the agency won't release key
>information about how Carnivore works.
>
>On Monday, FBI officials told a congressional panel that they hope to
>assuage the fears of civil libertarians through "an independent
>verification and validation" of the Carnivore eavesdropping system.


There are many aspects of Carnivore which have _nothing_ to do with 
the specifics of the box, the OS, the code, etc., and everything to 
do with basic principles of search warrants and the First, Third, 
Fourth, and other parts of the Constitution.

For example, even if a valid court-ordered intercept is gotten 
against John Doe, and the court orders installation of equipment, 
that installation should be removed as soon as the court order 
expires.

"FBI, this is Ace Internet Service. Your John Doe no longer has an 
account with us, so please get your rack of equipment out of our cage 
by the end of business today."

Requiring a permanent installation is most certainly a "taking." A 
taking of floor space, a taking of security, a taking of time to 
manage issues arising from the installation, etc.

And it is of course no different from requiring that a video camera 
or microphone be installed permanently (with the camera or whatever 
"turned on only with a valid court order"). (Ignoring for the moment 
the issue of whether one trusts the camera to be used thusly, or 
trusts that Carnivore will only be used for court-ordered purposes.)

Why not require that all restaurants mike their tables, with the 
mikes only turned on with a valid court order? How about discreet 
video cameras in all hotel rooms?

This whole business of insinuating government surveillance equipment 
into businesses, hotels, restaurants, etc. is everything written 
about in "1984. And not to surprising that the techno-military state 
America is leading the way.

(Not counting the bugging of every seat in Air France aircraft. At 
least we may learn from the SDECE monitoring tapes what those German 
passengers were observing and screaming about as that Concorde went 
down today.)


>
>"This notion of opening up the code I think is a very good one," said
>Alan Davidson, staff counsel at the Center for Democracy and
>Technology. "I think if there needs to be a preliminary step of
>getting an independent panel in here, that's not the same and it
>wouldn't be as good as opening it up to the public."

To reiterate, this is focussing on the minute details and missing the 
big picture: why is a government agency being allowed to essentially 
permanently install something in a piece of private property?

I'm tempted to set up my own ISP just so I can tell them to fuck off 
and wave a shotgun at them as they try to install their equipment on 
my property. And even if they do manage to get a court-ordered 
wiretap, to tell them to get the rack of equipment off my premises as 
soon as the specific reason for the wiretap has ended.

Permanent installations on private property are not part of any 
reasonable court order to assist with surveillance.


--Tim May

-- 
-:-:-:-:-:-:-:
Timothy C. May  | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.

Wired News : FBI Gives a Little on Carnivore

[x]

A note from x:

   Interesting.



 From Wired News, available online at:
http://www.wired.com/news/print/0,1294,37765,00.html

FBI Gives a Little on Carnivore  
by Declan McCullagh  

9:35 a.m. Jul. 25, 2000 PDT 
WASHINGTON -- The FBI says it will conduct a privacy audit of a
controversial surveillance system, but the agency won't release key
information about how Carnivore works. 

On Monday, FBI officials told a congressional panel that they hope to
assuage the fears of civil libertarians through "an independent
verification and validation" of the Carnivore eavesdropping system.  

"What we're going to do is very akin to what, for example, NASA does
with software developed for their launch operations," said Donald
Kerr, director of the FBI Labs. "Ask some independent party to verify
that the software we have, and deploy, will in fact do those things
that we say it will, and not provide capabilities that we should not
have."  

But the FBI flatly refused to release the source code to Carnivore, a
move that would allow programmers to review the program to see if its
appetite needs to be curbed.  

"We would have a problem with full open disclosure, because that, in
fact, would allow anyone who chose to develop techniques to spoof what
we do an easy opportunity to figure out how to do that," Kerr told a
House Judiciary subcommittee.  

Because Carnivore chews up all the information flowing through part of
an Internet provider's network -- and reportedly digests only data
relevant to an investigation -- critics have called for more details
about its operation.  

"This notion of opening up the code I think is a very good one," said
Alan Davidson, staff counsel at the Center for Democracy and
Technology. "I think if there needs to be a preliminary step of
getting an independent panel in here, that's not the same and it
wouldn't be as good as opening it up to the public."  

The American Civil Liberties Union has filed a freedom of information
act request for the source code, and some prominent cryptographers
also have asked for its release.  

During the hearing, some House Republicans questioned the Clinton
administration's commitment to privacy.  

"I have heard all sorts of assurances that this won't fall in the
wrong hands, that there are safeguards," said Rep. Spencer Bachus
(R-Alabama). "Well, today there are safeguards on FBI files, only
certain people have access to those files."  

"Yet a few years ago, we found out that 1,000 of those files were over
at the White House," Bachus said.  

Rep. Bob Barr (R-Georgia) pointed to the continuing flap over the
White House email messages that seemed to disappear after being
subpoenaed.  

"We've been having a series of hearings, the conclusion of which from
the Clinton administration standpoint is, we don't even know how to
keep track of our own emails," Barr said. "And now we have a very
sophisticated system for tracking other people's emails."  

"The FBI's Carnivore program represents a dangerous and unprecedented
invasion of online privacy," said Rep. J.C. Watts (R-Okla.), chairman
of the House Republican Conference, in a statement. "Despite repeated
inquiries, the Clinton-Gore administration continues to offer only
vague responses and little enlightenment."  

A top Justice Department official promised that the privacy audit
would prove reassuring.  

"A report generated from the review will be publicly disseminated to
interested groups within industry, academia, and elsewhere, and should
alleviate any concerns regarding unjustified intrusions on privacy
from the use of this tool," said Kevin DiGregory, deputy associate
attorney general.  

The FBI describes Carnivore as a "well-focused" system that has been
used in only a small number of cases: 16 this year, including six
criminal and 10 national security investigations. Each case, however,
could involve dozens of wiretaps. The FBI didn't offer details.  

Although Carnivore has been described as an email surveillance system,
the FBI said it could also intercept files that were transfered. "We
have, in at least one case, been able to intercept using a different
protocol, file transfer protocol, but with relatively small files,"
Kerr said.  

The FBI also said state and local police do not currently have access
to Carnivore.  

Internet service providers do not have to install the Carnivore system
and have the option to perform their own secret surveillance of users,
the FBI said.  

"We have found that at times the Internet service provider has been
unable or even unwilling to supply this information," DiGregory said.
"It is for that narrow set of circumstances that the FBI designed
Carnivore. Law enforcement cannot abdicate its responsibility to
protect public safety simply because technology has changed."  

But an attorney representing one ISP said the FBI insisted on
installing Carnivore.  

"In this case, the solution that the ISP put i

Re: Choate proposing Dropping toad.com

[William H. Geiger III]

In , on 07/24/00 
   at 03:07 PM, Tim May <[EMAIL PROTECTED]> said:

>We should honor his request and, as a side effect, get rid of all of  the
>unclued 
>"[EMAIL PROTECTED]"
> types of "suscrivers."

>Good riddance.

I agree 110%. I do not pull toad.com for my openpgp.net node but still get the traffic 
via the other nodes. If ssz.com and others decide to drop toad.com I will not miss 
them one bit. I will not filter out toad.com messages though so long as they are on 
the CDR backbone.

-- 
---
William H. Geiger III  http://www.openpgp.net  
Geiger Consulting

Data Security & Cryptology Consulting
Programming, Networking, Analysis
 
PGP for OS/2:   http://www.openpgp.net/pgp.html
E-Secure:   http://www.openpgp.net/esecure.html
---

Re: Carnivore - Matt Blaze testimony

[Me]

> Amendment III
> No Soldier shall, in time of peace be quartered in any house,
without the
> consent of the Owner, nor in time of war, but in a manner to be
prescribed
> by law.
>
> Carnivore is not a soldier. Carnivore is a computer. It just
doesn't
> apply. Besides, even if the 3rd amendment did apply to
Carnivore, it could
> be legally employed anyway, "in a manner prescribed by law."

are you saying that the 3rd amendment grants congress the power
to make law for hte quartering of troops in private homes outside
of war?

Re: British Authorities May Get Wide Power to Decode E-Mail

[Tom Vogt]

Marcel Popescu wrote:
> > how about actually encrypting two texts, in such a way that they combine
> > into one ciphertext, and depending on which key you choose, one or the
> > other gets decrypted from that.
> 
> I think the main problem is laziness; the user would have to find a suitable
> "innocent" cleartext, with a length approximately equal to that of the
> "guilty" one. I think it could be done, though, by having the client use a
> copy of a Gutenberg-available book, and making the "innocent" text something
> like: "Look what I found in this A.C.Doyle story on the internet: bla, bla,
> bla".

or just let the user supply a keyword or two and grab something from the
www via a search engine until you have enough bytes.


> However, the actual algorithm that enables one to "combine" two texts into
> one cyphertext, and also enables one to retrieve the "guilty" text if he
> knows the key, might be a little beyond my abilities. [Or I'm just too
> lazy.]

same here. I feel confident that I could come up with an algorithm, but
it's cryptographic value would be, ehm... minimal.

Re:

[Tom Vogt]

Nomen Nescio wrote:
> Cringeley had a good point.  Properly deployed, Carnivore can shut down the net.
> 

the *US* part of the net. while this would, due to certain archaic
us-centric structures, do immense damage to the non-us part of the web,
I'm more than certain that the remainder would survive. and use the
"opportunity" to get rid of those outdated reliances.

Re: Carnivore - Matt Blaze testimony

[Agent Bronson]

>  > I don't know the specific laws, but this is something the spooks
>  > have always done anyway. Like Donald Kerr said (if FBI spooks like
>  > him and me can be trusted), the FBI routinely orders ISPs to do this
>  > surveillance themselves anyway, when the ISP has the resources to do
>  > it.
 

 
> They have the legal authority and the power to tap lines.  They do not
> have 
> the authority or the power to make me tap lines for them.

According to Kerr, that's why Carnivore exists - The FBI takes up the
"technical and financial burden" so the ISP doesn't have to tap the lines
for the FBI.

Besides, doing a line-tap requires the cooperation of the phone company in
much the same way. Carnivore is the computer equivilant to a reel-to-reel
recorder in a van.

__
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

Re: Carnivore - Matt Blaze testimony

[Agent Bronson]

> >The 3rd amendment argument is a losing argument. The purpose of that
> >amendment is to prevent repeating something that happened during the
> >Revolutionary War. It pertains to soldiers shacking up in civilian's
> >houses, not to a civilian law-enforcement organization hooking a
> computer
> >up to your ISP's network.
> 
> Wrong.  The 3rd amendment was about stopping the Government from
> shifting
> the cost of the Army from the Government to individual families.  It was
> about not taking people's resources without representation and due
> process.
> It certainly applies in this case.  Now whether some brain-dead Supreme
> Court agrees is a separate unrelated matter.

Amendment III
No Soldier shall, in time of peace be quartered in any house, without the
consent of the Owner, nor in time of war, but in a manner to be prescribed
by law. 

Carnivore is not a soldier. Carnivore is a computer. It just doesn't
apply. Besides, even if the 3rd amendment did apply to Carnivore, it could
be legally employed anyway, "in a manner prescribed by law."

I'm not saying that I like Carnivore or even that it's legal. But the 3rd
amendment doesn't have anything to do with it whatsoever.

__
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

Re: ZKS: how EXACTLY does this protect privacy?

[William H. Geiger III]

In <[EMAIL PROTECTED]>, on 07/23/00 
   at 10:25 PM, Harmon Seaver <[EMAIL PROTECTED]> said:



>[EMAIL PROTECTED] wrote:

>>
>> So WTF is going on?
>>
>> You say you received it, which list node are you subscribed to?  Did
>> anyone else receive it?

> Ah, maybe only openpgp.net is getting them? That's the one I'm
>subscribed to -- and I got, I think, 5 copies now of that post.

>Speaking of openpgp.net, tho, how come it wipes out the header stuff
>-- like I can't filter the mail for posts from toad because they all only
>say openpgp.net -- is that because of what is done to get rid of the CDR
>thing?

No it's the ListServ software I am running for that node. It strips out all the 
Received: lines from incoming messages before they are distributed to the list.

-- 
---
William H. Geiger III  http://www.openpgp.net  
Geiger Consulting

Data Security & Cryptology Consulting
Programming, Networking, Analysis
 
PGP for OS/2:   http://www.openpgp.net/pgp.html
E-Secure:   http://www.openpgp.net/esecure.html
---

Re: Carnivore - Matt Blaze testimony

[James A. Donald]

 --
At 11:58 AM 7/25/2000 -0400, Agent Bronson wrote
 > The 3rd amendment argument is a losing argument. The purpose of that
 > amendment is to prevent repeating something that happened during the
 > Revolutionary War. It pertains to soldiers shacking up in civilian's
 > houses, not to a civilian law-enforcement organization hooking a
 > computer up to your ISP's network.

This reminds me of the argument that the first amendment, freedom of the 
press, only covers actual presses, not modern electronic communications 
that allow anyone to spread dangerous information at the speed of light.

The general implication of the third is that the government goons cannot 
command the use of private property for government purposes, except in time 
of war.

 > I don't know the specific laws, but this is something the spooks
 > have always done anyway. Like Donald Kerr said (if FBI spooks like
 > him and me can be trusted), the FBI routinely orders ISPs to do this
 > surveillance themselves anyway, when the ISP has the resources to do
 > it.

If I received such an order, I would tell them such an order was illegal, 
and ask them to take it to court.  I think it most unlikely they would take 
it to court.  Instead they would threaten me with personal harm.

They have the legal authority and the power to tap lines.  They do not have 
the authority or the power to make me tap lines for them.

 --digsig
  James A. Donald
  6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
  FUob6oZW62F1Isle/7SwOXseY9/M9jKhDPG3zWR8
  4LJQ2CucdXebczqC8Iyb1g7sfAgvjsUEslltvYotJ

caymen govt bends over for Fedz

[Anonymous]

Cayman Islands passes anti-money-laundering laws



Updated 12:33 PM ET July 25, 2000

  GEORGE TOWN, Cayman Islands (Reuters) - The Cayman Islands
  government has passed four anti-money-laundering bills in an effort to
  confront critical scrutiny by international financial regulatory agencies
  and the U.S. Treasury Department.

  The bills were hurried through parliament Monday despite objections
  from some members of parliament and lawyers that they were not given
  enough time to examine or debate the bills.

  The move came just one week after the U.S. Treasury Department issued
  an "advisory" to U.S. banks about the Caymans' lack of
  money-laundering regulation, and one month after the Financial Action
  Task Force (FATF), a Group of Seven (G7) watchdog, listed the country
  as lacking in financial controls to deal with criminal money-laundering.

  The Cayman Islands, a tiny British territory in the Caribbean, is the
  world's fifth-largest banking center with more than $500 billion of assets
  at its 590 banks and trust companies.

  The Financial Action Task Force (FATF), created a decade ago by the G7
  economic powers to coordinate international efforts to halt
  money-laundering, put the Caymans on its June 21 blacklist of 15
  financial centers it deemed uncooperative in stemming the flow of
  ill-gotten cash.

  BILLS SAID FILLING GAPS

  Cayman Islands Finance Minister George McCarthy said the bills passed
  Monday will help the Cayman Islands "fill what overseas authorities have
  expressed as significant gaps in (our) anti-money-laundering system."

  At the same time, said McCarthy, the bills will prevent "fishing
  expeditions" from other jurisdictions while allowing the Cayman Islands
  Monetary Authority access to private banking information when
  necessary.

  Without the legislation, the Monetary Authority must obtain a court order
  to inspect banking records, McCarthy noted.

  In addition to the Monetary Authority law, other bills address the use of
  computers and electronic mail for banking transactions. In addition, parts
  of the Code of Conduct for the banking industry have been made
  mandatory by law, rather than voluntary under the old system.

  Not everyone was pleased with the speed that the government moved the
  measures through.

  Backbench Member of Parliament Kirk Tibbetts said he and his
  colleagues "would have liked more time to peruse what was involved."

  The Cayman Islands was "doing what it was doing to please another
  entity (the U.S. Treasury)," Tibbetts added.

  Alden McLaughlin, the president of the Caymanian Bar Association,
  blasted the measures, saying the damaging advisories by the U.S.
  Treasury and FATF had already been issued and both bodies
  acknowledged that the Cayman Islands "was actively working to address
  the alleged deficiencies and to be cooperating with the FATF," he said.

  Attorney General David Ballantyne, who drafted and introduced the
  measures for government, replied that the country had no "guarantee"
  from the United States or the FATF that these measures would result in
  favorable ratings on the financial regulation ladder, but "these steps were
  taken to support the Cayman Islands' position." 

Re: Carnivore - Matt Blaze testimony

[Matt Elliott]

>The 3rd amendment argument is a losing argument. The purpose of that
>amendment is to prevent repeating something that happened during the
>Revolutionary War. It pertains to soldiers shacking up in civilian's
>houses, not to a civilian law-enforcement organization hooking a computer
>up to your ISP's network.

Wrong.  The 3rd amendment was about stopping the Government from shifting
the cost of the Army from the Government to individual families.  It was
about not taking people's resources without representation and due process.
It certainly applies in this case.  Now whether some brain-dead Supreme
Court agrees is a separate unrelated matter.

Re: Carnivore - Matt Blaze testimony

[Agent Bronson]

> t 01:58 AM 7/25/2000 -0400, John Bronson wrote:
>  > Just watched this hearing. I just subscribed to this list, so while
>  > I don't want to piss anyone off, I question what seems to be a
>  > knee-jerk reaction against Carnivore. In theory, I positively agree
>  > with the need for such a tool. I want the FBI to be able to check
>  > out the pedophile next door who's preying on my daughter or the
>  > terrorist that wants to blow up the office building I work at -
>  > that's what the FBI is there for.
> 
> That is not what the FBI is there for.
> 
> That is what your local cop is there for.
> 
> The FBI is there to maintain the power of the state and spy on whichever
> 
> factions are politically incorrect this time around.
> 
> The US got along fine without ANY equivalent of the FBI through most of
> its 
> history.

That's very true. But we have future Oklahoma Cities to contend with now.
Remember the y2k Seattle thing? Where foreigners were trying to sneak bomb
shit across the canadian border so they could kill the new-year's crowd
there? The FBI may have prevented uncounted deaths there and in other
places as well, where they are on the lookout for people like the
Al-Queda.

I don't know about your local cops, but mine are definately not capable of
protecting me from this kind of stuff. Someone recently posted that
"Terrorism is the future of warfare." That's _very_ spooky, especially if
we are morally ambiguous enough to condone terrorism as a form of
"warfare". If terrorism is the future of warfare, the FBI, or some other
counter-terrorist group, is going to be our only real defense.

__
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

Re: Carnivore - Matt Blaze testimony

[James A. Donald]

 --
t 01:58 AM 7/25/2000 -0400, John Bronson wrote:
 > Just watched this hearing. I just subscribed to this list, so while
 > I don't want to piss anyone off, I question what seems to be a
 > knee-jerk reaction against Carnivore. In theory, I positively agree
 > with the need for such a tool. I want the FBI to be able to check
 > out the pedophile next door who's preying on my daughter or the
 > terrorist that wants to blow up the office building I work at -
 > that's what the FBI is there for.

That is not what the FBI is there for.

That is what your local cop is there for.

The FBI is there to maintain the power of the state and spy on whichever 
factions are politically incorrect this time around.

The US got along fine without ANY equivalent of the FBI through most of its 
history.
 --digsig
  James A. Donald
  6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
  IQ8AEsttxzK9yKNQqoobxb5OARTZfmi6dAN6dzQ3
  4qThHvK0m/+VZdFtxx5nNTwI93bpiAlud22rQ4TcZ

Re: Carnivore - Matt Blaze testimony

[Agent Bronson]

> > Do You Yahoo!?
> > Get Yahoo! Mail ^V Free email you can access from anywhere!
> > http://mail.yahoo.com/
>
> Fucking government troll!  Does anyone else think it's odd that Agent
> Bronson here is coming from rocketmail.com, yet it seems yahoo
> automatically put a signature for yahoo mail on the end?
> 
> And notice the ^V in the signature?

You're onto me. My mission is to turn this entire list into a bunch of
government-friendly drones merely by posting persuasive emails! (Actually,
Rocketmail was bought out by Yahoo some years back, and I still have the
old addy. The ^V is a carriage-return that your email software messed up.)
 
> To address your points Herr Bronson:
> 
> 1. It is illegal based on the 3rd ammendment to quarter troops of any
> kind
> by force into someone's home.  By extension, place of work.

The 3rd amendment argument is a losing argument. The purpose of that
amendment is to prevent repeating something that happened during the
Revolutionary War. It pertains to soldiers shacking up in civilian's
houses, not to a civilian law-enforcement organization hooking a computer
up to your ISP's network.

> 2. The mass interception of email, or any internet traffic by a network
> of
> carnivore (or anything) is an invasion of privacy.

I don't know the specific laws, but this is something the spooks have
always done anyway. Like Donald Kerr said (if FBI spooks like him and me
can be trusted), the FBI routinely orders ISPs to do this surveillance
themselves anyway, when the ISP has the resources to do it.
 
> 3. Criminals such as kid fuckers, drug dealers and the like do not
> commit
> their crimes by using bits.  Ultimately, they must do their deeds in the
> real world - in a bed with a minor, or face to face for a drug deal.

That's true, but you're conviniently ignoring that 'kid fuckers,' drug
dealing rings, etc have to communicate to commit their crimes. This goes
double for child pornographers, online stalkers, credit fraud, etc. who
use the internet itself to commit the crime. If the FBI has court-approved
probable couse, which means they've already turned up good evidence, then
it's fine with me - especially in the case of a suspected terrorist - if
they monitor said suspected terrorist's emails.

The probable cause thing is where I agree, after watching the C-Span
rerun, that carnivore _is_ being used to invade privacy. The rep with the
big face that got there late (sorry, forgot his name) said it best. The
FBI is using Carnivore WITHOUT probable cause, and getting email addresses
just because a suspect sent or recieved emails from non-suspects. And
afterward, they don't notify the non-suspects that their privacy has been
violated.
 
> 4. Nothing stops criminals from doing business WITHOUT using email, and
> so
> this isn't a silver bullet.  That leaves the criminals that are outright
> stupid.  So is this why the Feds are doing this?  To catch the stupid?
--snip--
> *BUT* all are in danger from the
> smart ones, or the ones that don't use email?

Carnivore is a pretty weak tool. This is the best that the FBI can do, and
it's already getting into trouble trying to impliment the thing. That's a
scary thought. Apparently, the FBI is not invading our privacy; it's too
inept to do so.

Hey - maybe the whole carnivore thing is just a red herring to distract us
while some real heinous snooping is going on at the ISP level.

__
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

Re: Jim Und Dave?

[David Honig]

At 12:32 AM 7/25/00 -0400, Kevin Elliott wrote:
>were unconstitutional.  Another way of putting this would be for the 
>government to outlaw brushing ones teeth.  

Simple.  Outlaw possession of toothbrushes.  Intercept at customs.
Teach children in public schools that clean teeth are bad.  Make
the teaching of dental hygene or dentifrice manufacture illegal.

Any questions?








  The constitutionality of this framework, 
>however, is very questionable.  Clearly the right is not enumerated. 
>Clearly the sweeping ruling in Roe vs. Wade has caused untold 
>problems of constitutionality and legislation.  Those sorts of 
>problems are generally seen as being caused by overly broad decisions 
>that take the power to lead on an issue from the legislature and 
>instead force the courts to spend the next several rulings trying to 
>make law, a roll they are very poor at.
>
>However that is all besides the point, the crucial point is this- 
>like all the "rights" in the constitution this absolutely does not 
>apply to any organization other than the government.   Their is 
>absolutely no constitutional requirement that a business follow any 
>of the points layed out in the constitution (at least in regards to 
>the first 10 amendments).  They simply do not apply.  All are 
>"rights" in the constitution are not truly rights of the typical sort 
>"you can expect to be treated this way, you can demand that others 
>not do this to you"  but are of the sort "GOVERNMENT is absolutely 
>forbidden, under any circumstances, from doing X".   If China were to 
>invade tomorrow and push the California border back to the 
>Mississippi, the government can still not force you to put soldiers 
>up in your house.  They can buy it for a reasonable, fair market 
>value, and they can force you to sell, but as long as that house is 
>owned by you, you get to say who if and when government agents live 
>there.  Substitute employer for government in the previous scenario, 
>however, and the situation is quite different.   Then can ask, they 
>can demand, they can even force you to house marketing droids, and 
>still, not a single one of your constitutional rights was ever 
>violated.  It may be illegal based on the laws this land is run by 
>but it is certainly not unconstitutional.  And so, in answer to your 
>original question, neither, the two rights (right to privacy and 
>freedom of the press) are NEVER in opposition because neither of them 
>apply to non-governmental agencies.
>-- 
>
>Kevin "The Cubbie" Elliott 
> ICQ#23758827
>___

>"As nightfall does not come at once, neither does oppression. In both 
>instances, there is a twilight when everything remains seemingly 
>unchanged.  And it is in such twilight that we all must be most aware 
>of change in the air--however slight--lest we become unwitting 
>victims of the darkness."
>-- Justice William O. Douglas
>
>
>






  

Re: Carnivore

[Eric Murray]

On Tue, Jul 25, 2000 at 08:40:32AM -0400, Nomen Nescio wrote:
> 
> Cringeley had a good point.  Properly deployed, Carnivore can shut down the net.


I love a government conspiracy theory as much as the next
cypherpunk, but there's too many technical holes in this one
to ignore it.

First off, as we all know, the Internet routes around damage.  If one node
goes down, the traffic that went through it goes elsewhere.  That makes it
really hard to "shut down the Internet" from any small number of points.
Unless you redefine the "Internet" as aol.com, yahoo.com and cnn.com,
there's just too many nodes that can carry traffic to allow anyone to
shut it all down.

To be able to "shut down the Internet", the Carnivore boxes would have
to be placed at the main interchanges like MAE-WEST, rather than at
ISPs. They'd have to contain malware that can disable many different types
of switches and routers.  Even then, there would have to be many more than
the 25 or so Carnivores that the FBI claims to have, and they would need
to be physically placed at many points, both within large networks like
AOL's and at all the main interchanges and second-tier peering points.

Even then, the FBI's reach only (legally) extends throughout the US.
Even with all the major US nodes dead, there's still a lot of connections
to the rest of the world, especially on the two coasts.  A lot of
sites would be able to route through Japan or Europe.

So, could "shutting down the Internet" really mean shutting down
the major ISPs that many Americans use to connect to the Internet?
That's a lot different from actually shutting down the Internet
but, if it could be done, it might achieve some shadowy FBI goal.
But is it technically feasible with a Carnivore planted in each ISP?
Not really.  Large ISPs have large internal networks with many nodes,
all connected with switches.  They're essentially miniature Internets.
Like the Internet, it's hard to kill an entire large ISP from one point.

If the Carnivores are placed at major ISPs, they could disable part of
each ISP.  But think about what happens when the FBI turns the remote
switch that says "kill the ISP".  Each ISP had sysadmins who deal with
network problems.  They'd find the source of the problem-- the Carnivore
box-- and then call up the FBI agent who placed it and say "Dude, your
box was sending out bad packets and flooding our network.  We figured
that it's crashed, so we unplugged it from the network.  You might
want to come down and reboot it."

So I don't think that the FBI could even shut down a portion of
a large ISP for very long with one Carnivore box, let alone
"shut down the Internet" with a few boxes sprinkled in ISPs.

To do a good job of shutting down the Internet, they'd need thousands
of boxes all acting in concert.  These boxes would need to be able
to implement attacks on many different types of routers, and those
attacks would need to be such that they can incapacitate each router.
That's difficult to do with current router designs- they' have already
been under attack from the hacking community, and for the most part the
holes have been fixed.  In order to perform this attack the FBI would
need to be able to write attacks that are a significant leap over what
the public hacking community can do, and that's unlikely to happen.

Then there's the number of machines that would need to participate in
the attacks.  Since there's many peering points to target, it would
be too difficult and time consuming to place a Carnivore at each one.
So the attacks would have to be done remotely.  If the FBI can do that,
then they don't need the Carnivore boxes placed inside ISPs-- a group
of boxes connected to multiple points in the Internet would suffice to
launch the attack.  Like with the recent DOS attacks on Yahoo et.al.
those boxes don't even need to be owned by the FBI  at this point
it'd be hard to differentiate the FBI from a group of crackers.  Even if
they did try to mount this sort of attack, they wouldn't need Carnivores
to do it.  The Carnivores would in fact be a failure point for the FBI's
attack, as in the ISP discussion above ("Dude...") a number of them
would be removed from the network soon after the attack started.


Besides, the FBI already has a way of shutting down ISPs that _would_
actually work: a court order.  Sure it's slow, but it uses a system
that the FBI hacks better than the Internet: the legal system.

-- 
  Eric Murray http://www.lne.com/ericm  ericm at lne.com  PGP keyid:E03F65E5
Security consulting: secure protocols, security reviews, standards, smartcards. 

Re: CDR: Re: Re: cryptome.org?

[sunder]

John Young wrote: 
> 
> We've been trying to get into the site to do just that, but haven't
> been able to. The munged URL is weird. back-to-back URLs,
> but we were told how to set that up as a page which would bring
> up the correct info or direct to it.

Yeah, it only takes on fuckup to mess things up badly. :)  Once you get
slashdotted et al, unless you have the bandwith, your box will got tits
up -- but at least if they had the URL right, all those zillions of hits
would time out, or get the right content.

Meanwhile if the pipes are clogged, yup, you won't be able to change the
404 error message to redirect.. :(


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Protected speech

[Marcel Popescu]

Someone mentioned "encrypting" a text as speech. I have just found this
address: http://www.scramdisk.clara.net/play/playmaker.html

Mark

---
All inventions or works of authorship original to me,
herein and past, are placed irrevocably in the public
domain, and may be used or modified for any purpose,
without permission, attribution, or notification.

Re: Carnivore - Matt Blaze testimony

[Marcel Popescu]

X-Loop: openpgp.net
From: "Sunder" <[EMAIL PROTECTED]>

> Fucking government troll!  Does anyone else think it's odd that Agent
> Bronson here is coming from rocketmail.com, yet it seems yahoo
> automatically put a signature for yahoo mail on the end?

Yahoo bought rocketmail some time ago. I know, I have a rocketmail address,
too. Yahoo also bought geocities, btw.

Mark




__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Re: British Authorities May Get Wide Power to Decode E-Mail

[Marcel Popescu]

X-Loop: openpgp.net
From: "Tom Vogt" <[EMAIL PROTECTED]>

> how about actually encrypting two texts, in such a way that they combine
> into one ciphertext, and depending on which key you choose, one or the
> other gets decrypted from that.

I think the main problem is laziness; the user would have to find a suitable
"innocent" cleartext, with a length approximately equal to that of the
"guilty" one. I think it could be done, though, by having the client use a
copy of a Gutenberg-available book, and making the "innocent" text something
like: "Look what I found in this A.C.Doyle story on the internet: bla, bla,
bla".

However, the actual algorithm that enables one to "combine" two texts into
one cyphertext, and also enables one to retrieve the "guilty" text if he
knows the key, might be a little beyond my abilities. [Or I'm just too
lazy.]

Mark




__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

No Subject

[Nomen Nescio]

John Bronson <[EMAIL PROTECTED]> said:

>The
>FBI is under so much scrutiny that it would be career suicide for an agent
>to misuse it. 

You need to be introduced to the concept of a "disposable agent".

>Add to that the fact that the configuration of the thing is
>recorded as evidence and publicly accessible once it's used in court
>against someone, and I don't see the danger to my privacy.

And the FBI *never* lies about such things, does it?

Cringeley had a good point.  Properly deployed, Carnivore can shut down the net.





__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Re: British Authorities May Get Wide Power to Decode E-Mail

[Tom Vogt]

Bill Stewart wrote:
> >From: "Esteban Gutierrez-Moguel" <[EMAIL PROTECTED]>
> >> a solution that problem could be a cipher where a key (K1) decrypts the
> >> ciphertext to the real text and a key (K2) decrypts the ciphertext to a
> >> meaningful text, but not the real one. In that way if the police requires
> >> the key you can provide K2 and nothing is lost.
> 
> Systems like this have been discussed occasionally, but nobody's got a good
> one.
> Problems include:
> - need twice as much cyphertext to store the real plaintext and the cover
> plaintext
> - software that does this encryption/decryption tends to be obvious about it,
> so if they find the software, they'll look for the hidden message.
> - Doing this without obviousness in the decryptionware is much harder -
> the cover text tends to be gibberish, and what you need is plausible
> deniability.

how about actually encrypting two texts, in such a way that they combine
into one ciphertext, and depending on which key you choose, one or the
other gets decrypted from that.