In the humble opinon of this author, the program "Carnivore" should be the number one issue on the war to take away our freedoms..

Think about it. A new program that will allow the FBI, through the suspect's ISP, to identify and read anyone's email.

I cannot belive we are not screaming at the top of our lungs.

Of course, the FBI claims it will be selectively used and only on suspects where a judge has approved. Well doesn't that make me feel so much better. This is a country where a prosecutor could get a loaf a bread indicted, let alone get a judge to approve surveillance on any human being living in America.

Not withstanding a judge's permission, are we to believe the FBI can be trusted with such technology? Hell, the program has not been out 6 months and already the FBI is investigating its own to determine if any of there agents have been involved in illegal eavesdropping.

I strongly urge any American to get on the horn to their elected crook, errrr, I mean politician. Write letters, call, do whatever it takes.

If we as a country are unable to stop this in its infancy, we will have taken one more giant step towards losing what little privacy we have left.

Hi kkohut,

Maybe we should all just send them keys to our houses too and any keys to our daughters chastity belts.

Since they can read mail anytime with the technology, what permission would they NEED and why would they bother to get it. Only when they find something of INTEREST to use in court, in my opinion. That’s the only time they will actually get permission.

Not only Americans, but Canadians too should be raising stink. Do you think these cops will stop at borders with their invasive acts. No way.

I use a STRONG FIREWALL which they cannot easily penetrate with this technology and I recommend that we all make the firewall companies rich to combat this additional unbelievable intrusion into our lives.

But how many people are just too dumb to care about what the Government can do till it INFRINGES their rights in a bad way?
http://www.legal-rights.org/images/niceday.gif
Thanks,

To The REAL King!!
-----------------------
Freedom has nothing to fear from the truth!

http://www.legal-rights.org/images/lrbanner.gif
Now open with lots of useful resources at your disposal AT:
http://www.legal-rights.org

TTRK,

Firewalls will be no defense against this technology.

The FBI will be setting up Carnivore boxes at the main computers of Internet Service Providers. The boxes can intercept any email you send. So unless you do not use an ISP or send any email, your email is open as the rest of us.

I agree it is a matter of time before this hits the territory up north and we have already seen what the RCMP are capable of.

The amazing part of it all is how willing some people are to just sit idly by and accept it as a useful crime-fighting tool. Well torturing suspects would be useful in getting confessions as well, yet people would frown on that.

In an amazing piece in the USA Today, one of the columnist actually puts in print " When it comes to privacy of my personal information, I trust the government, which is bound by laws, a whole lot more than I trust multinational corporations."

Well, I've got nothing to hide. But, if they want to read my email and SUPPOSEDLY will get a warrant to do so (my @ss) then get a warrant to come in my home and read it off my computer! Thats just a little too creepy for me. Guess I'll stop asking my wife to send me nudies when I'm out of town :(

yet another argument for pgp encrypted email. Also individuals who truly wish to remain anonymous could always dial a long distance number to reach an isp overseas (SeaLand for instance) and initiate emails through that hookup. Since the FBI has no jurisdiction outside the country they would not be able to travel and set up a carnivore at ISP's all over the globe.

I suggest they install carnivore at the White House ISP and monitor those transmissions for a while and then see if its such a good idea.

While the White House mail would be interesting, I suggest they monitor all of the Congressmen and Senators first... they could create a Jerry Springer-like show and probably be #1 in prime time!

Miked - pgp is a good idea... but I suspect it would only slow them down a little. If you know much about the workings of places like Ft. Meade, you know they already have the ability to look at whatever they want. The amount of data they collect each day boggles the mind... it would surprise me if they aren't already scanning most net traffic.

PGP might slow them down, but I thought in order for PGP to export they had to hand over the alogorithum of master key so the GOV could un-encrypt emails.



[Edited by sk33t3r on August 9th, 2000 at 06:50 PM]

Is there a .gov or similair website that has more info on the awful infringment of our rights? I am looking for as many specifics as possible. I want to ensure that the canadian public is aware of the implications this will have on their freedoms such as the the right to free speech (unless the liberals have plans for that as well, Like they do for the right to free assembly. remember the pepper spray??) I plan to ensure seeing it in the news on a national level so all Canadians are aware of what "Big Brother" has in store for us. Working for a large canadian news organization parttime has it's advantages i guess. any help is appreciated to bring this to the forfront of how our (US and CDN) Governments rape us on a daily basis, and we pay them to take it up the ASS!!!!. I for one am tired of it and plan to make sure they are exposed as the money hungry cowards that they really are. It is time to see their agendas changed to the things that really affect us as being people of this earth, Such as child poverty & violence. This goverment needs to open it money clouded eyes and realize they are dragging our countries into a downward spiral in which we may never recover. How many deaths will it take before Clinton and Cretian realize where their priorities are? If this Carnivore thing is real I will ensure the people of our countries hear about it and are aware just what our politions are spending our taxes on.


sorry for my ranting......things need to change in this country before we all have to bend over and take it up the hoop whenever the goverment tells us to.

Hi Everyone,

I disagree that Firewalls wont help. People can be sure that their mail is routed right through their ISP into their OWN mail server and NOT stored on the ISP’s computer at all. So your mail will reside ONLY on your own computer and a good firewall will keep them invisible to carnivore. I stay connected to the Internet 24 hours a day and I don’t have a cable modem. Just a crappy dial up.

I also agree with MikeD that a good form of (and easier to use) PGP encryption will become MUCH more valuable. STRONG 4096 PGP encryption is very difficult to hack into and could be used in a low cost , easy to use version instead of the FREE one. The appalling thing is that in this age of EASY TO USE programs, the front end on PGP is so obtuse as to keep people away in droves.

Network solutions could make it so that PGP could be as trivial as clicking on a PGP icon in your E-mail program. The PGP program could look at the addressee, find his public key in your key list or on their own servers by E-mail address and encrypt that E-mail with your private key. The whole thing would be sent PGP encrypted with no further input from the user. The receiver, on realizing its PGP encrypted initiates the opposite response by clicking the PGP icon. It would get the senders Public key from its list or PGP’s servers and then decrypt it with your private key. Result a readable E-mail in seconds and complete security while in transit on the net OR at a ISP site.

Instead its so obtuse that virtually nobody uses it except the knowledgeable few.

I now use it so infrequently (because people cannot decrypt it) that I forget how to between uses.

There is no need however and its a perfect aid in fighting the privacy issues today and some SMART company who did the RIGHT front end could make a VERY BIG bundle by making that a easy to use standard for all time in the future. It would be SO simple to do and SO valuable to have. And nothing would be compromised as these keys already reside on the computers and so security is NOT lessened at all.

Short-sighted software companies. A PGP package as described with a GOOD firewall and a computer access program that Encapsulates the hard disks would be a wonderful package to market as one.

Wouldn’t be perfect but it WOULD be about 10,000 times better than the NON-Security that’s currently is the state of affairs for most folks.

http://www.legal-rights.org/images/niceday.gif
Thanks & Good Luck,

To The REAL King!!
-----------------------
Freedom has nothing to fear from the truth!

http://www.legal-rights.org/images/lrbanner.gif
Now open with lots of useful resources at your disposal AT:
http://www.legal-rights.org


[Edited by To The Real King!! on August 14th, 2000 at 04:27 AM]

It already is that easy to use. It integrates into Eudora and Outlook nicely. Of course, 99% of the people I send to don't have public keys so most of what I do is just signing. :(

Another thing I'm wondering....is the software going to monitor only the mail server at the ISP, or *ALL* SMTP/POP3 traffic? Since there are business which run their own mail server and still go through an ISP, my guess is that running your own mail server would be no more secure than using the ISPs. It probably sniffs for any TCPIP traffic on ports 25 or 110. Oh yea, probably on whatever port IMAP uses, too. And for good measure, maybe port 80 and 443 for those people who have web mail. :)

[Edited by dervari on August 14th, 2000 at 05:11 AM]

Well here is what my local media is saying about this injustice.......


Carnivore is a program that the FBI has been developing for three years, and it allows federal law enforcement agents to monitor e-mail communications in criminal investigations once the software is attached to the network of an Internet Service Provider.

During Monday's hearing, FBI officials acknowledged that Carnivore had been deployed 25 times since its inception, 16 times during the current calendar year.

It has been used to gather evidence in six criminal cases and 10 national security cases, FBI officials testified. E-mail messages were scrutinized in all cases but one when Carnivore was used to monitor an FTP packet.

Now you tell us
Despite the FBI's and DOJ's assurances, committee members raised questions about everything from Carnivore's predatory name, to the checks and balances the agency has in place to prevent potential misuse of the system.

Rep. Melvin Watt, D-Calif., asked FBI and DOJ officials what took them so long to come forward with information about Carnivore.

The FBI acknowledged that Carnivore has been deployed 25 times since its inception, 16 times this year.



"You've engaged in 25 uses ... but only now are attempting third-party verification?" Watt said.

"The essence of a development program is to learn as you develop and deploy," said Donald Kerr, assistant director of the FBI's lab division, who said a number of DOJ and Judiciary committee members had received briefings on Carnivore months ago.

Another committee member, Rep. Robert Barr, R-Ga., was even more combative in his line of questioning. "This is new legal ground you are trying to make here," Barr told FBI and DOJ witnesses at Monday's hearing. "You can go in and harvest large quantities of information and harvest out what you want. ISPs have indicated they can do the very same thing ... but with more protection of users' privacy."

FBI on the defensive
The FBI said that all uses of Carnivore had been reported in the agency's annual wiretap report in the "other" category.

"We have the legal authority to do what we're doing today," testified Kevin DiGregory, a deputy associate attorney general with the DOJ. E-mail "addressing information on the Internet is a useful and appropriate analog to phone numbers," he added, when asked how Carnivore compares with the FBI's existing wiretapping techniques.

FBI and DOJ officials stated that without Carnivore, federal law enforcement would be unable to fight growing numbers of Net-related crimes -- from child porn to online fraud.



Only Friday, after repeated media reports and industry questions, did the FBI hold a press conference to explain Carnivore and how it works. The FBI subsequently posted some information on Carnivore to its Web site.

FBI officials testifying on Monday told House Judiciary members that the agency had agreed to submit the source code for the Carnivore software to an independent, academic third-party body for review. The results will be distributed to government, academia and industry.

Kerr, of the FBI, hinted outside the hearing room that the source code might go to either the San Diego Supercomputer Center or NASA some time within the next few months.

But FBI and Department of Justice officials held fast to their position that supplying Carnivore's source code to a larger industry group could risk exploitation of the program by Internet criminals.

ACLU wants a look inside
Several of the third parties testifying during Monday's hearing, including the American Civil Liberties Union, have filed for access to the FBI's Carnivore source code under the Freedom of Information Act.

In a statement released during the hearing, the ACLU characterized Carnivore as the latest piece of evidence that the FBI "is engaged in an 'unprecedented' power grab that threatens the privacy of all Americans."

Both FBI and DOJ officials emphasized that without Carnivore, federal law enforcement officials would be unable to combat the growing number of Internet-related crimes, ranging from child pornography to hacking and online fraud.

DiGregory, of the DOJ, went so far as to claim that if the government "fails to make the Internet safe," e-commerce could be in jeopardy.

The FBI's Kerr said the structure of Carnivore wasn't very different from commercial packet-sniffing programs. Filters that are part of the program allow the agency to sniff only the "To" and "From" lines in e-mail messages or entire e-mail threads "if we have an order to capture all the packets," he explained.

Carnivore vs. EarthLink
He added that the FBI had deployed Carnivore with the permission and cooperation of ISP's, only if the providers were too small or not technically savvy enough to produce information requested by the agency as part of criminal investigations.

"In every case, a court order is required" to deploy Carnivore, he reassured House committee members repeatedly. "We don't do broad surveillance."

But Rep. Charles Canady, R-Fla., wanted to know more about the EarthLink Network's (Nasdaq: ELNK) experiences with Carnivore, specifically whether the software had caused a crash and disruption of service for the ISP's customers. Kerr attributed the problem to EarthLink's failure to supply the FBI with e-mail information without the installation of Carnivore.

Robert Corn-Revere, an attorney with Hogan & Hartson representing EarthLink in an FBI lawsuit over Carnivore, also testified Monday. He advocated a "more cautious approach" when it comes to expanding electronic surveillance. Corn-Revere said Carnivore goes far beyond the "very limited surveillance authority provided by a trap and trace order," since it allows both content and header information for all messages received or sent by ISPs to be collected.........



So we need Carnivore or the entirety of e-commerce is threatened? Wow, that's news to me. What does the FBI expect hackers to do, send out email along the lines of "Let's go hack the Charles Schwab web trading system tomorrow night"?

If the FBI wanted to truly encourage e-commerce and prevent cyber crime, then it would encrouage what is beneficial to users and is supported by the entire academic community: the development of secure transaction mechanisms and the education of end users on Internet safety. The FBI could work with e-business companies and academics, for exmple, to set crypto standards and ensure that consumers know what to expect from a reputable online merchant.


Instead, as with the American "war on drugs", instead of focusing on education and prevention, law enforcement's involvement in this is characterized by ignorance and fear. There are export restrictions on encryption software, the one thing that would help consumers have a secure way to exchange money. Not only do these restrictions not work (I was taught RSA by at my US university by a European professor so there, we just broke the law!), but they prevent secure online trade across international borders.


As for the people who go "Hey, FBI, welcome to my house, I have nothing to hide!" You should be ashamed. Your right to liberty was hard won by people who died 220 years ago, and you're so ready to give it up to feel a little secure (and believe me, you're not - your open email will be sniffed by the FBI and criminals alike).


I don't believe in a constitutional right to privacy - it should be an individual's job (mostly) to close the blinds if someone is watching. If you want to be a good citizen and baffle criminals, do the most sensible thing: encrypt your email! And if you want to help the FBI in a criminal investigation, feel free to hand over your personal correspondance to them, but don't force that on your neighbors.

Just my two sense.......

Concerning Carnivore, please excuse a seemingly dumb question:

Considering how many isps there are and how many ongoing criminal investigations there might be, how does the gvt know which isp to intrude to catch a particular person's email?

Do they constantly send out inquiries to ALL isps asking "Does Joe Blow have an account with you...?" and then, and only then, send in Carnivore?

If there are a gadzillion on-going investigations, won't it be necessary to have the beast connected full time?

I mean, it's not like they crawl up the pole outside your house and monitor only YOUR phone line. It seems more like they have a court order to use a surveillance satelite to watch "Joe Blow" down below, but 'accidently' catch everybody else next to him. Did the court order cover what they see them doing also??

This is worse than scary!
(To TTRK... Good health to you and yours. Our prayers are there for ya!)

darthvader

The introduction of Carnivore is not only a threat to the freedom of an American Citizen, but potentially a threat to the Canadian citizen.

Assuming that Kkohut is correct in claiming that the American officials intend to use this technology on those who the judge approves. Ideally, this isn’t too bad of an idea, however nobody lives in an ‘ideal’ society.

The argument used for this technology would be that if we had nothing to hide then we shouldn’t really care. Well, I’m sure that everybody has skeletons in their closet, and will not be necessarily be willing to pull them out. For example: in various states, to my knowledge adultery is illegal, and yet few people will be willing to admit that they committed it. Such an instance, would be of great detrament to the entire family.

Such technology will most definitely be abused. Kkohut writes:

"the program has not been out 6 months and already the FBI is investigating its own to determine if any of there agents have been involved in illegal eavesdropping"

The fact that the FBI is actually investigating it’s own members for illegally eavesdropping, suggests that the technology possesses greater detrament than benefit. There is a history of criminal investigation abuses in both Canada and the U.S. Such a technology would potentially enhance that abuse.

With the R.C.M.P arresting people for committing a crime which is not considered a crime legally. (i'm referring to encrypting D*&#'s programming), then slowly, society is developing into the dystopia presented in Kafka's "The Trial".

Even if your mail server is behind a firewall, when you send or receive a message, it is routed through many ISP's to reach it's final destination (checkout the tracert command for yourself). Each ISP/Network along the way can easily sniff the traffic as it passes by. A firewall may protect messages/files stored on the server, but will not help protect them during transmission.

Sorry to bring up this dead topic.....but there is going to be an online discussion with a top Ottawa Lawyer on Canoe.ca
here is a snip of the article...


How private is your e-mail? What rights do you have? Ottawa lawyer Michael Power, an expert on the new federal law that governs privacy and data on the Internet, joins us Friday, Jan. 26 at 2 p.m. EST to discuss this hot issue



I suggest all those concerned join and possibly get his views on the subject...

Simple.

You are correct SammyBoy, firewalls will not help in making your e-mail more secure. The FBI does not even have to have a box located at any ISP. Unfortunately all our e-mail is sent via public line in one form or another, being POTS(plain old telephone system), cable ISDN etc. The FBI could just use vampire taps on any line(except fibre optic, as I believe there is no way to tap it yet, even if you could it is a huge job. Also it interupts the light passing by which would break the transfer at any rate) Anyway, vampire taps can be connected to a line in seconds and anywhere, ouside the house, down the block another city, etc. Firewalls main purpose is to block or allow certain traffic though certain port of your computer, and does not help protect any data outside its boundry. I can have a tap 2 inches from your computer and your firewall will not help. One thing that will help is a digital certificate authority. This is a third party company that assigns digital keys for your encryption. Using public and private keys, you can secure who is able to read your mail that you send out. It would be a long post to explain this so I won't try. I don't know if the FBI or any other law enforcement agency can obatin these without your knowledge from the security authority, but I am almost positive that they are entitled to have you authorize there distribution. Either way I am sure 128 bit encrytion can be easily decrypted by the US government. I knew that Network Certification would come in handy some day. :)