FC: More on FBI demo of Carnivore -- and when it's used

[Declan McCullagh <declan () well com>]

[I copied the FBI's Marcus Thomas on my original post 
(http://www.politechbot.com/p-01448.html) but have not heard back. He or 
the appropriate person at the agency is welcome to reply and I will 
distribute the comments unedited. --Declan]

*******

Declan,
I was there for the presentation. There was a heated exchange between
Marcus and one ISP operator over whether or not the FBI would deploy
Carnivore without the ISP's agreement. Actually, heated is an
understatement, he called Marcus a "bald faced liar" (exact words).
If you use this, please keep my name confidential.
Thanks,
[snip]

********

> Date: Tue, 24 Oct 2000 22:16:46 -0700
> From: Troy Davis <troy () nack net>
> To: Declan McCullagh <declan () well com>
> Subject: Re: FC: FBI agent reportedly gives public demo of Carnivore
>
> This sounds like every other packet sniffer available -- Ethereal,
> Netboy, and Microsoft's NT resource kit one one come to mind.
>
> If, as it appears (and as they claim, based on the email below), Carnivore
> operates the same as any other traffic sniffer, the FBI's closed-source
> policy doesn't provide any added protection against those trying to thwart
> it.  Everyone who doesn't want to have their data read will use PGP.  I've
> yet to see why the FBI needs its own sniffer application (let alone its
> own closed-source sniffer).
>
> Cheers,
>
> Troy

**********

> To: "'declan () well com'" <declan () well com>
> Subject: Carnivores can sniff but they can't crack
> Date: Wed, 25 Oct 2000 09:52:54 +0200
>
> Declan,
>
> I have one answer to the Carnivore ruckus: free and strong encryption.
>
> By free I mean readily available PKI or single sided encryption without 
> key escrow or backdoors.
>
> By strong I mean, at the very least, 128bit key length but ultimately much 
> stronger key lengths.
>
> I continue to wonder why privacy advocates do not push the implementation 
> of IPSec and S/MIME and demand wider adoption of SSL/HTTPS as urgent needs 
> on the Internet.
>
> Where is the general information campaign on this subject?  Where are the 
> articles exposing the weakness of the open HTTP mail session transmissions 
> of Yahoo, MSN Hotmail and others?  Why is the general public so in the 
> dark on this subject and nothing is being done about it?  Why is this 
> e-mail readable to anyone on the wire?
>
> With the introduction of Carnivore, the government has managed to draw 
> attention and resources away from their biggest Internet fear and the 
> general public's biggest Internet need: encryption.  I believe they know 
> it will not be easy to break strong encryption in (near) real time.
>
> The good reasons for encryption (the first amendment, economic prosperity, 
> individual privacy, and keeping a micromanaging government at bay) far 
> outweigh the few and far between criminals that will use this technology 
> for evil ends.  Let us catch terrorists and criminals through other more 
> appropriate means rather than through mass invasion of privacy.
>
> Without free and strong encryption, not only will the privacy of America 
> be compromised, but ultimately the economic effectiveness of American 
> companies will be compromised.
>
> I suppose that when Carnivore advances beyond sniffing it will have to be 
> called Crackhead.  Or can the American Internet community make Pipe-dream 
> a more appropriate name?
>
> ====
> Please remove name and e-mail before any redistribution, thanks.
>
> Regards,
[someone in a non-police government agency]

*********

> Date: Wed, 25 Oct 2000 00:48:50 -0400 (EDT)
> From: Charles Platt <cp () panix com>
> To: Declan McCullagh <declan () well com>
> Subject: Re: FC: FBI agent reportedly gives public demo of Carnivore
>
> Anyone know if the accused Silicon Valley child molester, who made a deal
> to avoid going to jail, has been helping with Carnivore 2.0? Supposedly he
> promised to help develop tools to monitor pedophiles online.
>
> The timing would fit.
********




-------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------