Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Answers from Carnivore Reviewer Henry H. Perrit, Jr.

Roblimo posted more than 13 years ago | from the reviewing-the-reviewers dept.

The Courts 203

On October 5th we put out a call for questions about the FBI's Carnivore boxen that we could send off to Dean Henry H. Perrit, Jr. of the Illinois Institute of Tech [IIT] Chicago-Kent College of Law, who is overseeing the legal side of the Carnivore review. If you didn't read the call for questions, please check it now, and even follow a few of the links. Then read Dean Perrit's answers, which were not written or checked by the FBI or DoJ, whose agents can read them here for the first time just like anyone else, assuming they have nothing better to do than read Slashdot.

1) Ethical question
by Devolver42

Is it fair for an individual or group with clear political ties to a system to give that system a review? In other words, how can you be unbiased while still being politically tied to the situation?

Perritt:

Members of the review team do not have "clear political ties" to the Carnivore "system." I was last employed by the Federal Government 24 years ago in an Administration of the opposite party. Dean Krent was last employed by the Federal Government in the Reagan Administration, and has spent more time suing the Justice Department than he has working for it.

The notion that past federal employment or consulting with federal agencies, no matter how remote their connection to a particular program, disqualifies one from undertaking an independent review is preposterous. Certain expertise in technology and the functioning of government agencies is prerequisite to a competent review of Carnivore.

2) Is a whitewash inevitable?
by Jay Maynard

There's been a lot of comment on how the conditions the DoJ has put on the reviewers make a fair review impossible. Things like the right to edit before release, the right to veto participants, and the need to only use cleared personnel cast a cloud over the impartiality of the process. Many prestigious institutions were invited to submit proposals,and yet only two - yours and one other lesser-known - did. The backgrounds of the people atIIT and their past ties with the DoJ don't give any more reason to be comfortable.

How do those of us concerned about Carnivore's immense power for invasion of privacy have any reason to believe what you and your institution produce will be other than a whitewash designed to make Carnivore appear in the most favorable light?

Perritt:

Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States. It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

The existence of limitations on personnel and on disclosure do not suggest a "whitewash."

It is very unusual for a federal agency to acquiesce in a third party review of an important system. Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."

3) Political or Technical Review?
by Anonymous Coward

Is the substance of this review to be political or technical?

To wit, is this review to determine if Carnivore performs actions that are within the scope of the law (political), or is it to define the complete potential of Carnvore (technical)?

Perritt:

The review will not be political in the sense that the term "politics" ordinarily is used. It will be technical in the sense that term is used in the RFP.

Because Carnivore is a tool, just as a hammer or a firearm is a tool, which conceivably could be used outside the limits permitted by law, the review appropriately will consider the operation of human, organizational, and judicial controls to limit Carnivore's use.

4) Your impressions.
by M-2

Can you give us your first impressions of the concept of the Carnivore concept when you initially heard about it?

Can you give us your initial feelings as to the legal standings under the Fourth Amendment that allows Carnivore to be used for the purposes stated, which it would appear technically violates the Electronic Communications Privacy Act?

What is your impression of the amount of interest the Internet community at large is taking in the entire Carnivore concept?

Do you feel there is too much paranoid fantasy going on, or do you feel there is some justification?

Perritt:

Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy. It is appropriate for the public to be concerned about how this balance is struck.

The Internet community appropriately has been concerned about technological developments that may affect the balance, including restrictions on encryption, development of new telecommunication systems that facilitate or hamper electronic eavesdropping and devices such as Carnivore.

In this respect, interest in Carnivore and a certain amount of controversy over it is healthy.

On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.

5) Who would Carnivore Really Affect?
by drenehtsral

In the end a system like carnivore will only work for a while, and only against fairly unintelligent users because end-to-end strong encryption is no longer compuationally infeasable. Joe Schmoe with the middle of the road prebuilt gateway could easily handle the processor load of encrypting all his e-mail with 2048 bit RSA (which is now freely available, and even exportable). Not only that, but even with existing (and reasonably near-term) quantum computers, we are not even near enough qbits to start tackling these cyphers, since they can't be broken down when being fed to a quantum computer.

So in short, is this whole thing just a moot point? Who would Carnivore really catch?

Perritt:

Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.

6) Are you willing to lose everything for your rights
by anticypher

If you found that carnivore did more than the FBI is claiming, would you stand up to their threats if you published your results to counter their "edited" report? Would you be willing to lose everything you have to stand up for the rights of Americans, your property, your retirement, your liberty, and your professional reputation? You would be vilified and persecuted by the FBI for your actions, even though you would win the admiration of liberty loving individuals all over America.

Or...

Would you shrug your shoulders, and knowing that some day the truth will out, say nothing if the FBI completely changed your report, and hope that when exposed your reputation is not too badly tarnished?

Perritt:

Neither the Justice Department nor the review team has any interest in a process that will not report conclusions of the review honestly and candidly.

I have seen no indication of any intent by the Justice Department to block the review team from expressing its views completely.

Given the level of interest in the Carnivore review, it is unlikely that an effort by the FBI to "completely change" the review team's report would succeed.

I am not willing to speculate as to what action I would take if inappropriate control is exercised.

7) Is this a real review?
by Apuleius

Jeff Schiller of MIT has declined to review Carnivore, saying that "what they want is a rubber stamp."

Obviously, you will say you intend to do a genuine review.

Why should anyone take your word over Schiller's?

Perritt:

I don't know how Mr. Schiller has any knowledge of what the Justice Department wants. I have been assured by senior officials at the Justice Department that a complete review, with honest conclusions freely expressed, is desired.

It may be that what Mr. Schiller wants is a soapbox, and I don't see why he should use a government-funded review for that purpose.

8) Carnivore vs. Sniffer vs. Altivore
by RobertGraham

I'm the author of Altivore and a long time sniffer user. The RFP was for a "technical" review to validate that Carnivore captures only the data allowed by the court order. Yet reading the resumes of the members of your team, I don't see anybody with sufficient techical experience in sniffing technologies.

Packet reassembly and state-based protocol analysis are critical to the minimization function. My believe is that Carnivore is essentially stateless, just like my own Altivore. I can create real-world scenarios where Altivore fails the minimization test. Sure, they occur less than 1% of the time; I don't know how that fits within the law. However, software can be written to meet minimization requirements 100% of the time (e.g. BlackICE does this for detecting cr/hacking).

My question is: will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data? Moreover, is there really somebody on your team that understands even what I'm talking about?

Perritt:

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

9) Comparing to wire-tapping laws
by VP

During the congressional hearing on Carnivore, the FBI stated that current wire-tapping laws are adequate for the use of Carnivore. Further more, they revealed that the uses so far of Carnivore had been according to the regulations of optaining a "pen-register" wire tap. Are you aware that (from what we know) technically Carnivore is much closer to the concept of trunk-tapping, as most, if not all the traffic at the ISP has to go through Carnivore? AFAIK, trunk-tapping is illegal - would you be of the opinion that Carnivore automatically falls under the same illegal category of wire-tapping?

Perritt:

Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment. It is far from clear that such limited acquisition of network packets at lower levels of the OSI stack constitutes interception under the law. Indeed, if appropriate filters are used in a sniffer or other network monitoring device, preventing human knowledge of material that is filtered out, there may be less threat to privacy interests than if human beings must review content in order to apply minimization requirements, as is commonplace with telephone wiretaps.

We will review whether Carnivore acquires information not permitted by law or in a manner prohibited by law.

10) Oversight of this interview
by Col. Klink (retired)

Are you free to answer questions posted here, or does the FBI review your answers first?

Perritt:

Neither the FBI nor any other government agency reviewed my answers to these questions.

cancel ×

203 comments

too bad (1)

Anonymous Coward | more than 13 years ago | (#707985)

I thought for sure someone would ask something similar to: "What is to prevent the FBI from changing the Carnivore code in the post installation phase" I.E. It runs the evaluated system until the FBI feels they have just cause to violate constitutional rights, such as another WTC bombing.

Huh? (1)

Anonymous Coward | more than 13 years ago | (#707987)

"Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility." 1.) My understanding was that the review was court-ordered. 2.) "Censoring" and "compromising the integrity of the review" was what got them in trouble with Waco and Ruby Ridge.

The Answers.... (1)

Anonymous Coward | more than 13 years ago | (#707988)

Question 1. Will you lie?

Yes.

Question 2. You will Lie. Right?

Not only will I lie on the report, I'm lying to you right now.

Question 3. You have no integrity...right?

What would you like my answer to be?

Question 4. You are a government shill...right?

They're paying me $20 not to answer this.

Question 5. Why should I believe you...You are a liar...right?

Would I lie to you?

Question 6. How will Natalie Portman be affected by carnivore?

I ... mhmhmhmmhhmhhmmhmhmmhm ... uh ... mhmhhhmmmmhhmhm ... question & answer is over.

You missed the non-sequitur (something's rotten) (1)

Anonymous Coward | more than 13 years ago | (#707990)

Here's the part of the question which throws Perrit's non-answer into sharp relief:
Question:
How do those of us concerned about Carnivore's immense power for invasion of privacy have any reason to believe what you and your institution produce will be other than a whitewash designed to make Carnivore appear in the most favorable light?

Perritt: It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

The answer had no response to that part of the question. Perrit was completely unresponsive and evasive; the details of who is the subject of a criminal investigation has nothing to do with the Constitutionality of the use of a given technical device. Talk about confidentiality of "methods and procedures" doesn't excuse unlawful behavior or any cover-up for it. The question is if Carnivore is limited to probing the communications of exactly specified targets, or if it includes capabilities for "fishing" (either in the contents of messages being watched under "pen register" warrants [which do not allow interception of content], or scanning any part of messages not going to or from the target).

Another important question that wasn't touched by anyone: The verifiability of the Carnivore systems in the field. Can we be sure that they are using the same software as the system being reviewed by IIT? How? With a tap on a specific phone line, or a diversion of a specific user's packets by the ISP, it is known that no other traffic is being intercepted. With something like Carnivore, it could be doing anything... and we would never know.

Something is definitely rotten in Washington, and this latest fetid emission is proof enough to convince any reasonable person. It is time to rescind CALEA and get our government out of the population-surveillance business.

Dismissive was what came to mind (1)

Cardinal (311) | more than 13 years ago | (#707991)

Bland is one way to put it, but what sprung to my mind while reviewing the Q&A was that he was largely as brief as possible, generally dismissing the question as being silly or ignorant.

Re:One thing is clear... (1)

pod (1103) | more than 13 years ago | (#707992)

I, for one, have to applaud him for answering these questions without resorting to calling us the paranoid delusionals we really are.

In not those words exactly, but combined with previous (and following) answers this snippet should give you an idea of what he thinks about the people whose questions got submitted:

On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.

I guess it's a nice way of saying 'you're a bunch of paranoid idiots, stop whining'.

Writing in the present tense?? (1)

CmdrChalupa (2516) | more than 13 years ago | (#707999)

Carnivore is used in sensitive criminal and foreign intelligence investigations.


I'm just curious...why is he using the present tense here??? Carnivore is?? That's frightening....

Re:Ummmm....yeah (1)

markhb (11721) | more than 13 years ago | (#708007)

Try splitting the clauses at "for" and "against", and it will make more sense. IOW,
Any electronic surveillance involves balancing needs
for effective enforcement of the criminal laws and protection of national security
against threats of invasion of privacy.

Re:Perrit's mind may already be made up. (1)

qnonsense (12235) | more than 13 years ago | (#708008)

He's claiming that once you've worked for an agency, you can no longer be impartial, not that you cannot be a good person anymore.

Exactly. Full impartiality means no (zip, zero, zilch, past, present or future) relationship with any of the parties.

Re:You're missing the whole point! (1)

qnonsense (12235) | more than 13 years ago | (#708010)

Perrit's job is to verify that the DoJ has accurately represented the functionality of Carnivore and to verify that Carnivore does not collect any more information than the DoJ says it does.

Except that the DoJ has never said what exactly Carnivore does collect. All they have said is that it does so legally. Perrit's job is to see what is being collected. He seems to have stated that if the DoJ wants him to, it wouldn't be "unreasonable" for him to LIE about it. That's what gets me.

Not clear on something.. (1)

Xerithane (13482) | more than 13 years ago | (#708011)

He said "We will review whether Carnivore acquires information not permitted by law or in a manner prohibited by law."
Maybe I'm misunderstanding, but could someone clarify what he meant? Seems to me like he said we're just going to find out what illegal information it acquires - I know that's not the intent (hope) but just not clear on it.
All in all, I think he has a justifiable stance. He handled the questions remarkably well, especially about sniffing. I think that people really need to put some faith in other people. I used to work for the government myself - but I have strong ties to freedom and liberty. However if I were on this review team I'd be in the same group. Forget i work on open source software, because I worked for the government I must be a tyrant. I suppose this is a reverse-flame. Just try to be more reasonable and dont attack people because of a job they took. People need to pay the bills, and it was 24 years ago.
Get over it.
Personally I have faith in Perrit's answers and his abilities to conduct a fair review of carnivore. Not like I have a choice if I dont anyway.

Re:A bit snippy? (1)

Xerithane (13482) | more than 13 years ago | (#708012)

He could have been busy - I know that I usually dont have time to answer an interview when I'm trying to save the world from the ugly claws of the tyrants of the United States of America.
that was a joke by the way

Re:A bit snippy? (1)

Teancom (13486) | more than 13 years ago | (#708013)

LOL. I've already seen posts claiming that the answer to the question "are you being edited" was not a complete answer, so there he must be being edited, so therefore the short answers are a result of his complete answer being "chopped". I'm sorry, but if conspiracy theorists are going to be reading what you write, there is *NO* way to completely "idiot-proof" what you say. We are talking about people who think the black helicopters are coming for them every time their neighbor starts up the lawn mower...

A bit snippy? (1)

Teancom (13486) | more than 13 years ago | (#708014)

Maybe it was just a bad day for him, but did anyone else get the idea that he was feeling a bit snippy when he answered these? Most answers are a bit *too* short and to the point to be merely an efficent way of communicating, bordering on "I think this is a stupid question, so I'll give it a stupid answer". On the other hand, if I had complete strangers impunging my professional reputation and personal morality, I would probably be snippy too. Far too many people on this site and on the web in general forget that there are real people on the other end of every email and post that we send out. </end of degrading personal politeness in today's society rant>

Re:Your intentions are good... (1)

Sloppy (14984) | more than 13 years ago | (#708015)

For instance, the people who wrote the US Constitution believed it.

This is further evidenced by the Bill of Rights. The whole thing is about putting limitations on what the government is allowed to do.


---

Re:Does it bother me? Not too much I guess. (1)

JonnyRotten (17401) | more than 13 years ago | (#708018)

I like how that lost all its formatting when I hit post.

Pretty.

Re:Perrit's mind may already be made up. (1)

galen (24777) | more than 13 years ago | (#708027)

What the hell are you babbling about?

Do you honestly think that everyone who has ever received a paycheck from the US Govt is some brainwashed zombie who can't be trusted to tie his own shoes without somehow involving himself in a conspiracy? Man, you've got to be outrageously paranoid.

Big Brother? Man, there's so much stumbling over red tape and procedure, I seriously doubt the white hairs that run our govmt could organize anything so conspiratorial as a Big Brother scenario.

Re:Your intentions are good... (1)

egon (29680) | more than 13 years ago | (#708028)

How on earth would we know to trust a report when we have no direct information on the item being reported on?

Without that piece of information, all we have available to make a judgement with are impressions on the circumstances surrounding the report. (And of course, whether or not the final report agrees with what we all think. ;) )

Re:All network cards tap? (1)

BRTB (30272) | more than 13 years ago | (#708030)

And besides, I'd hope most (if not all) ISPs use switches, which isolate Ethernet transmissions to only the MAC address of the destination and not "dumb" hubs which blindly broadcast everything everywhere - definite security improvements there, besides the speed jump and lack of collisions...

BRTB

Re:A bit snippy? (1)

dead_penguin (31325) | more than 13 years ago | (#708031)

Most of the answers seemed to be written in a style meant for dealing with the press and "dumb public" as a whole, and not for geeks/nerds reading slashdot. From my perspective, most of what he says seems pretty vague and possibly even somewhat condescending. Maybe he didn't even write all of this, but got a secretary to put together and edit answers he quickly dictated or something.

Re:I'm glad they know how to use a sniffer. (1)

Zurk (37028) | more than 13 years ago | (#708033)

no..they are all clueless fuckwits. trust me - i know one when i see one or read his answers. he deliberately avoided that one since he didnt understand the question.

Re:My Carnivore review... (1)

infodragon (38608) | more than 13 years ago | (#708036)

"Suuuper Geeeenius."

It's Supra Geeeenius!

Re:My Carnivore review... (1)

MustardMan (52102) | more than 13 years ago | (#708040)

Point taken... but you have me confused with another species... I am actually Karmicus Whorus Post-fastus

:)

Re:Your intentions are good... (1)

mjackson14609 (69635) | more than 13 years ago | (#708046)


The US government is set up to do as little as possible.

Nonsense. The Framers were replacing the Articles of Confederation, under which the US government had been permitted to do too little. The Constitution describes a system under which the US government can do a useful (and not wholly inflexible) collection of things, with safeguards that enable, but do not automatically guarantee, protection of individual liberties.

Re:Foreign Intelligence Investigations?? (1)

Stonehand (71085) | more than 13 years ago | (#708049)

Foreign intelligence may mean gathering SIG/ELINT on foreigners either in or with connections in the US, as well. They'd have to be careful not to accidentally listen to unrelated conversations between citizens that just happen to be using the same line, which may be tricky at times.

You may want to capture e-mail going to saddam.hussein@yahoo.com (No, I didn't check to see whether that's a valid address...). Sure, he isn't guaranteed full protections under the law. But your system better not result in a human being ever accidentally reading mail sent to bclinton+monica@yahoo.com, so you have to be careful designing, implementing and using whatever devices and methods are needed. Plus, the ISP has certain rights, too...

Re:Perrit Interview (1)

Keelor (95571) | more than 13 years ago | (#708054)

> the people doing this review become unemployable if they piss the Feds off

Huh?

Last I checked, Dean Perrit is quite comfortable with his job as the Dean (hence the title) of the Chicago-Kent College of Law. I'm pretty sure that he isn't leaving that position just to do a review of Carnivore. Besides, in today's society, if he pisses of the Feds he could be more employable. Definitely not the other way around.

~=Keelor

Re:The Question: (1)

Keelor (95571) | more than 13 years ago | (#708055)

*cough*

Are you free to answer questions posted here, or does the FBI review your answers first?

The implication of the question was that if the answers to the questions aren't reviewed, then he is free to post whatever he wants.

~=Keelor

You're missing the whole point! (1)

bwoodring (101515) | more than 13 years ago | (#708058)

Perrit's job is *NOT* to determine whether or not Carnivore is "fine and perfectly legal", nor is it make any moral or ethical judgements about Carnivore. He never said he liked Carnivore or endorsed it.

Perrit's job is to verify that the DoJ has accurately represented the functionality of Carnivore and to verify that Carnivore does not collect any more information than the DoJ says it does.

Bruno

Sounds good, clean. Honest even. (1)

chancycat (104884) | more than 13 years ago | (#708059)

So why don't I feel completely assured? The words all ring true, but there's a lack of content and effort behind them.

Re:A bit snippy? (1)

tjgrant (108530) | more than 13 years ago | (#708060)

After reading the questions, I'd be snippy too. While I understand the need for answers to the questions, it seemed that many of them were quite adversarial, and that the review team's integrity was being called into question pre-review.

We need to give these people the benefit of the doubt until the review comes out, then make judgements about what is said.

Stand Fast,

Re:Here's one they forgot to ask... (1)

Donavan (116398) | more than 13 years ago | (#708062)

LOL I'd pull the gaming link out of your sig... Unless of course you're trying to point out what a little twit Maynard was in that article.

Re:wrong answer? (1)

demaria (122790) | more than 13 years ago | (#708065)

He's not exactly wrong on that one, if you invision every port on the switch as a seperate network segment.

But that doesn't change that the NIC on the computer itself sees all the traffic on the line that it is connected to, whether traffic is intended for it or not.

Re:Foreign Intelligence Investigations?? (1)

dlapine (131282) | more than 13 years ago | (#708067)

Uh, you have that just backwards. They can use any methods they like against foreign nationals, but must strictly apply rigorous standards when investigating US citizens. What this means in practice is that they collect everything, and officially ignore that which pertains to US citizens.

Unofficially, who knows... which is what makes this investigation important.

Good answer.. (1)

bdigit (132070) | more than 13 years ago | (#708068)

" Perritt: A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools. " Sure sounds like it considering you gave a definition write out of a dictionary and no further answer to the question. It seems as though he completely tried to avoid the question or had no clue what he was talking about and wanted to move onto the next question already.

Try reading some english (1)

bapink01 (137229) | more than 13 years ago | (#708069)

Try reading some precedent.

Imagine that someone calls the cops because there is screaming or shooting noises coming out of your house (even if it is the TV). You can be sure that the cops are going to take a look-see without waiting for a warrant. Exclaimation!

Even the Strict Contstructionists (on the supreme court) are likely to agree with that practice.

If you don't want to read, watch more Law and Order. It is accurate enough to make canadian leaders mad because teens learn more about the US justice system than the canadian justice system.

Why do we need Federal Law Enforcement? (1)

mmccune (139567) | more than 13 years ago | (#708070)

Most of the crimes are covered by local laws. Are murder and rape a Federal crimes? (no, the states have their own laws). Also, the states have cooperated with each other for decades and it is becoming even easier with modern communication and databases.

The only thing Federal law enforcement does is increasingly trample our constitutional rights. There are too many examples to go into: The "War on Drugs", civil seizures, Waco, Ruby Ridge, BATF and so on ....

Re:A bit snippy? (1)

avandesande (143899) | more than 13 years ago | (#708074)

I think his answers mirrored the politeness of the question

Re:Dodged the question (1)

schatten (163083) | more than 13 years ago | (#708077)

actually I believe they will be reviewing a different version of the system. Lets put this into perspective from what we are most familiar with. They will be reviewing a compiled version of DOS 5.0 as Windows ME (the POS edition) is on the shelves.

I agree, the question was entirely avoided. "Network management tools" - that only tells me he looked it up in hacking for dummies or on webopedia.com. ugh!

www.buymeaferrari.com [buymeaferrari.com]

Re:I have it up to here (1)

NevDull (170554) | more than 13 years ago | (#708080)

Implicit in allowing the government to do something which you don't believe will work is the validity you grant to their intentions.

If they were somehow to fix all the technical issues related to encryption, etc., then they could say, "You already gave us permission to do this. We just fixed things."

Oh, and as for the stance those who do nothing wrong have nothing to fear... remember that what is wrong depends on who does the judging. That'll be changing in January, and again in 2004 or 2008.

"I [may] disapprove of what you say, but I will defend to the death your right to say it."
-Voltaire

-Nev

Re:A bit snippy? (1)

lpontiac (173839) | more than 13 years ago | (#708082)

Most answers are a bit *too* short and to the point

Keep in mind the number of conspiracy theorists that are going to be reading this... he was probably being pedantic regarding extra verbal fluff, because the more he said the more chance he'd have of saying something that things could be read into, that he didn't actually intend to imply.

Re:Your intentions are good... (1)

InfinityWpi (175421) | more than 13 years ago | (#708083)

I'm not going to bash him, but I believe he's not suspicious enough. I might trust him as a person, but I'm still not going to trust his report.

..... Since he's not suspicious enough? You don't need to be suspicious to be thorough. Simply because he doesn't have the preconcieved notion that Carnivore is bad doesn't mean his report will state "Carnivore is fine." Are you saying that if his report details a list of thirty ways that Carnivore is illegal, you'll still not trust it? Why? Because you'll think there's more things wrong? You've already pre-judged the report withotu even having a look at it or the equipment the report is based on, just on what you've gotten from /. and the 'net. That would be as bad as voting for or against a president based on late-night talk-show monologues.

Let the report come out, read it, then judge if you can trust it or not.

WTF moderated this as 'funny'? (1)

InfinityWpi (175421) | more than 13 years ago | (#708084)

I liked 'Insightful'. I was expecting 'flamebait'. But 'funny'? Geeze...

Re:My Carnivore review... (1)

GungaDan (195739) | more than 13 years ago | (#708087)

"First we will examine the Tyranosaurus Rex, here forward referred to as T-Rex. The Tyranosaurus has two main attack methods."

Now we will examine the Posterus Slashdoticus Ignoramus, hereafter known as Mustard. Posterus Slashdoticus Ignoramus are often seen ignoring the stuff they say in the sentence right before the one they're writing at present.

No personal offense intended, Mean Mr. Mustard. I rather enjoyed your post, actually.

I have it up to here (1)

chenry007 (211197) | more than 13 years ago | (#708090)

I dont know about anyone else but I am tried of reading about Carnivore, the way I see is that the FBI is fighting a loosing battle since any half decent crook would probably encrpty there email anyway. And the way I see it is that if you arent dont anything illegal then you should have nothing to worry about, think of the number of emails that passes through an ISP's mailserver each day, do you really think that the FBI will waste their bandwidth scaning all those emails? I would be more worried if the FBI wanted everyone to to turn over a copy of their PGP key. -

Carnivore might become as abused as wiretapping. (1)

AFCArchvile (221494) | more than 13 years ago | (#708093)

Think of it: 24 hours a day, 7 days a week, 52 weeks a year, the NSA and the FBI use wiretapping all over the US. Wiretapping is usually the very first action taken against a suspect to attempt to incriminate him/her. The same might happen soon with e-mail and submitted forms. Perhaps the CIA has already developed a way to crack 128-bit encryption for the purpose of enlarging Carnivore's scope. If this is the case, I fear that some hackers might isolate this utility and use it against other sites.

Re:Well that was rather... bland (1)

MidnightLog (225857) | more than 13 years ago | (#708094)

The proof should be "in the pudding". You can't do an unbiased review if you're already biased.

Re:Dismissive was what came to mind (1)

MidnightLog (225857) | more than 13 years ago | (#708095)

... dismissing the question as being silly or ignorant.

IM(NS)O, most of the questions were silly. The one question that I wish he had answered in more depth was number 8 ( Carnivore vs. Sniffer vs. Altivore ). His answer consisted of:

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.
Using a sniffing tool is not the same as developing one. He should have (at least) mentioned the years of development experience that the members of the review team have.

email posts to piss off Carnivore (1)

TWX_the_Linux_Zealot (227666) | more than 13 years ago | (#708096)

Well, if we don't like what we get out of the review, maybe we should all just start sending emails with "bomb", "machine gun", "kill", "sniper", etc, to the point that carnivore intercepts traffic that it isn't supposed to get to make it useless...

Re:One thing is clear... (1)

gashbot (235367) | more than 13 years ago | (#708098)

We the People are supposed to beleive that the gov't is 'inherently evil' and 'trying to screw us over.' That's what the Founders of this nation beleived and that assumption is the foundation for the structure of the federal government. (See, e.g., U.S. Constitution, @nd Amendment) There is hardly anything more patriotic than distrusting the government. Slashdotters are not paranoid delusionals only red-blooded Americans.

Re:Here's one they forgot to ask... (1)

config.sys (243118) | more than 13 years ago | (#708105)

Whatever. Just glad I run Windows. That whole thing looked downright crass. Linux is heading for the BIG FALL

Re:Perrit Interview (2)

Anonymous Coward | more than 13 years ago | (#708106)

One thing I find amusing, is that thie person whose job security depends 100% on the goodwill of the FBI-- which controls his security clearance-- brushes off any consideration of bias, with the false statement that the review team's ties with the Federal government are in the past.

Another thing I find amusing, is that the review is already over and done with. The gentleman sees "no reason" why the FBI should want anything other than a fair & impartial review. That's the exact same thing, as saying that Carnivore's software does exactly what we have been told, neither more nor less.

So... the Feds are paying for this review, the people doing this review become unemployable if they piss the Feds off, and the Feds get to edit the final report to suit themselves.

Am I the only one who refuses to take this matter seriously??

Re:Hmmm (2)

Dasein (6110) | more than 13 years ago | (#708109)

Or... "I think that I might get removed from the review team if I said that I'd fight them tooth and nail. So I'm not saying anything."

It's seems to me that this guy is walking a fine line. He's answering questions in a hostile environment. That takes guts and speaks a little to his credibility.

By my view, this sort of system is an affront to our liberties. The fact that he's answering questions here make me think that he believes that there is a balance to be had (a hardliner wouldn't bother). I expect that he'll discharge his duties in accord with his beliefs.

Incongruent conspiracy theories (2)

FallLine (12211) | more than 13 years ago | (#708114)

One of my nagging issues with these conspiracy theorists is that their beliefs don't seem to match. Ok, so you believe the NSA and/or the FBI is trying to hide features in Carnivore? If you believe these agents are that evil, that intelligent, and that motivated, why would they bring the press and _any_ academic scrutiny upon themselves to begin with? Why couldn't they just go behind everyone's back? Why couldn't they just give MIT a dummy machine and let them say whatever they will? The fact of the matter is that no review, be it academic or media, is going to completely obviate the need for trust.

As this guy said, Carnivore is a tool, it can be used for good or bad. You trust our intelligence services with agents and sattelites and what not. You trust our law enforcement agents with guns. You trust our military with a staggering amount of weaponary. All these can be used for great evil. But that doesn't mean we would be better off sticking our head up our ass and abolishing them entirely simply because there is potential for abuse. Question them? Sure. Nail them where they abuse? Certainly. Abandon all reason? Never.

Re:Not clear on something.. (2)

Xerithane (13482) | more than 13 years ago | (#708117)

That is called at-will employment. Come to california and try to get an assurance on your job.
Works both ways.. and I personally love at-will. It got me out of a bad situation in which I was able to just walk out and say screw it, I'm gone. Just because someone can terminate you at any time for any reason including abscence doesn't mean they are evil.

Re:wrong answer? (2)

kevlar (13509) | more than 13 years ago | (#708118)

While thats true, you can still hook up a machine at the uplink level for an ISP and be able to "see" traffic. Technically this can be done. Whether its a violation of peoples rights or not is in an extremely gray area. It scares me that the FBI would invade such an area.

Re:Incongruent conspiracy theories (2)

kevlar (13509) | more than 13 years ago | (#708119)


Why couldn't they just go behind everyone's back?


Because they are still restricted by law. Civil rights groups have sued to make the details of Carnivore public. As a result, the FBI was ordered to have an independent review of the system.

They already tried to go behind everyones back when they claimed it was the "Internet equivalent of a wire tapping". I know you see this as a blatently false statement.

Re:Foreign Intelligence Investigations?? (2)

kevlar (13509) | more than 13 years ago | (#708120)

True. But by using just that section of law, then the police could tap every phone in the country and target whomever they wanted without a court order.

The reason why this is illegal is because they are thus spying on everyone, regardless of whether or not it will be used in court. Imagine technology like this being used in Nazi Germany. Holy hell would resistence not stand a chance.

I know thats an extreme example, but its best to understand power limitations in extreme situations. Then you can see how power is abused.

Re:Foreign Intelligence Investigations?? (2)

kevlar (13509) | more than 13 years ago | (#708121)

You're missing my point. The restrictions on Carnivore are based on what the Constitution allows (in theory).

If they're using this against foreign nationals as well, then they'd be alotting them the same rights as American citizens. That is of course, unless Carnivore has the ability to not play by the rules.

I take his statement practically as admittion that Carnivore does not play by the rules.

Foreign Intelligence Investigations?? (2)

kevlar (13509) | more than 13 years ago | (#708122)


Carnivore is used in sensitive criminal and foreign intelligence investigations.


Interesting... so when they conduct foreign intelligence investigations, they must provide the target with the same rights as an American citizen? What a load of crap!

One thing I hadn't considered... (2)

dinotrac (18304) | more than 13 years ago | (#708125)

Personal disclaimer: I graduated from Chicago-Kent and do not believe that the folks there would "turn over" for the government. That would, in the end, be bad for them and bad for the Law School. Remember: Lawyers often make their money and reputations by fighting against misbehaving elements of the government. Besides, the first time Carnivore generated data gets used in trial, the defendants will claim that it is unconstitutional. Case goes out the door if the judge agrees.

anyway...

The part that interested me:

If appropriate filters are used in a sniffer or other network monitoring device, preventing human knowledge of material that is filtered out, there may be less threat to privacy interests than if human beings must review content in order to apply minimization requirements, as is commonplace with telephone wiretaps.

I don't know how we feel warm and fuzzy about it, but digital eavesdropping at least has the theoretical capability to be digitally filtered, with only relevant info ever seeing human eyes. Analog phone taps don't have that.

Re:The Questions.... (2)

Black Parrot (19622) | more than 13 years ago | (#708126)

> If I was that guy I would have refused to answer attacks on his integrity after the third or fourth time.

Only honest people take offence at attacks on their integrity.

--
Give me a candidate who speaks out against the war on drugs.

Slashdot is a tool (2)

dkfn (20359) | more than 13 years ago | (#708127)

Since we all know that the FBI runs Slashdot, most of these questions were redundant anyway.

Re:Or it might just be... (2)

dead_penguin (31325) | more than 13 years ago | (#708128)

Right; I think that his reply to this was purposely vague. Assuming the conspiracy theorists *are* correct, you'd better believe the powers that be are reading all his answers to questions here, and all of our replys.


If he had come up with an answer that stated that he *would* go against the FBI and anyone else trying to cover up the final report, I doubt they'd even give him much of a chance to put his input into the report-- i.e. "We're sorry, Mr. Perrit, but you're now responsible for checking grammar and spelling of the background section of the report!"

It's unbiased because we say it is! (2)

M-G (44998) | more than 13 years ago | (#708130)

Well, you can tell he's a lawyer by his content-free answers...

It is very unusual for a federal agency to acquiesce in a third party review of an important system. Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."

Justice has every incentive to cover up anything that may be damaging to their case. Given government abuses of the past, it's not out of the question that Justice has commissioned this review simply to create the impression that we have nothing to worry about from Carnivore. And the fact that the review team does not want to compromise their reputations, etc. is a pretty poor guarantee of a proper review. If they present a whitewash report (or Justice turns it into one), the truth will likely be hidden for many years, until long after the team members' careers are over.

I have been assured by senior officials at the Justice Department that a complete review, with honest conclusions freely expressed, is desired.

And senior government officials tend to get to their levels of power by officially saying one thing and then doing another.....

Answer the frickin' questions. (2)

TheTomcat (53158) | more than 13 years ago | (#708134)

So in short, is this whole thing just a moot point? Who would Carnivore really catch?
---
Any electronic eavesdropping technique or system is subject to frustration by new technologies.

It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.


Uh, it would be nice if he would answer the question, I'd really like to know. It's pretty obvious that law enforcement and national security agencies will keep up on technology, but he didn't make ANY reference to the practicality of a system like carnivore.

Way to play safe...

Re:Ummmm....yeah (2)

Performer Guy (69820) | more than 13 years ago | (#708138)

You read it wrong, it says "balancing ..A.. against ..B..". item "..A.." was double barreled with an "and" which confused your English parser but it made sense to anyone with reasonable interpretive skills.

Confidentiality? (2)

Noryungi (70322) | more than 13 years ago | (#708139)

Perritt:

Carnivore is used in sensitive criminal and foreign intelligence investigations. The
need for confidentiality in such investigations long has been recognized by the
Congress and Supreme Court of the United States. It is not unreasonable for the
Justice Department to assure that the details of confidential criminal investigations
or of foreign intelligence methods and procedures will not disclosed to the public.


Isn't that "Security by obscurity"?

If it is, I am afraid it has been shown not to work... Script Kiddies are going to have a field day with this.

Just my US$ 0.02...

Re:I have it up to here (2)

Stonehand (71085) | more than 13 years ago | (#708140)

Many criminals aren't terribly clued, and few are careful to the extreme. The World Trade Center bombers come to mind as cardinal examples -- returning to claim a refund on the Ryder Truck wasn't the smoothest of possible moves.

There used to be a "Moron Muster" listing people who posted, publicly (on USENET, in plaintext) blatantly requesting pirated software (usually caught via a fake FTP w4r3z S1t3 announcement followed by a request for public "add me to the list" posts. Sure, they got added to a list...) The list was alarmingly large, but IIRC is no longer maintained.

The Algerian who got caught with explosives at the Canadian border 'round New Years -- apparently he or somebody in his cell made a pretty hefty mistake. Perhaps t'was infiltrated -- ISTR that once upon a time, a very, very large number of "members" of various extremist orgs like Weathermen, Klan spin-offs, and such, were actually Feds.

As for legality, well, that is a concern. Frankly, even for a "good cause" (counterrorism), I would not want to accept a precedent which said that existing statutes should be ignored when it is expedient to do so; it is too easy to cynically manufacture "good causes".

Consequently, current privacy guarantees should be maintained... and whether that is true may be based upon how good Carnivore's filtering system is. If the architecture guarantees that only specifically targetted communications will be visible to human observers (Ever. Not on tape; not shown on screen; but INVISIBLE as far as Carnivore's users and the users of its product are concerned), then it could be permissible. But ignoring existing Constitutional protections, or those granted by laws consistent with such, simply due to expedience is intolerable.

what a load of crap. (2)

photozz (168291) | more than 13 years ago | (#708147)

5) Who would Carnivore Really Affect? by drenehtsral In the end a system like carnivore will only work for a while, and only against fairly unintelligent users because end-to-end strong encryption is no longer compuationally infeasable. Joe Schmoe with the middle of the road prebuilt gateway could easily handle the processor load of encrypting all his e-mail with 2048 bit RSA (which is now freely available, and even exportable). Not only that, but even with existing (and reasonably near-term) quantum computers, we are not even near enough qbits to start tackling these cyphers, since they can't be broken down when being fed to a quantum computer. So in short, is this whole thing just a moot point? Who would Carnivore really catch? Perritt: Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.

So far as I can see, he has not realy answerd anything.... my confedence in all this is still in the toilet.

Well that was rather... bland (2)

mr.ska (208224) | more than 13 years ago | (#708151)

Is it just me, or do those answers not really change anything? I think the proof will be "in the pudding", so to speak, when the actual report is published. Until then, it's all just words.

Question 11 (2)

Ndog (230982) | more than 13 years ago | (#708153)

11. Mr. Perritt, what did you have for lunch today?

A cheeseburger and fries.

Post: He clearly didn't answer that question. What kind of cheese? Did he have mayonnaise or ketchup? I know he didn't eat without a drink. He's clearly avoiding the question.

Does it really matter what the answers are? The proof is in the pudding. The review should be judged by the methods with which it was conducted and the results. All these posts remind me of someone's wife (not my wife...really). "Well, I want to be mad, and since you haven't done anything wrong yet, I'll just get mad at you for something I think you're going to do in the near future."

Here's one they forgot to ask... (2)

config.sys (243118) | more than 13 years ago | (#708154)

What are you going to do when IPV6 and IPSec/ESP become standard in all networking stacks? When you can't read the decrypt the packet, never mind reading the header, how do you "filter" out only the right email headers???

Oh yeah, clipper... I guess that's the solution.

Re:Story submitted to slashdot ( more information) (3)

Anonymous Coward | more than 13 years ago | (#708155)

I should also mention that this bill will allow them to bypass the normal court order, and the government would be allowed to search your records if you even had known somebody who might be under investigation. The bill also protects the party doing the investigation from any litigation resulting from their misuse of your information. What this means is that they can take your private information ( bank records, and so on), and give them to anybody without being prosecuted.

I submitted this story to slashdot, but I have yet to see anything, so I thought I'd post it here.

Scanning for whitewash .... found! (3)

Sloppy (14984) | more than 13 years ago | (#708157)

Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States.

The question posed to this guy was not about a specific investigation or case; it was about the general process used for investigating. There is a huge difference between law enforcement not wanting to go public about the details of an investigation, and them not wanting to talk about how this new investigation tool will be used.

It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

This falls under "foreign intelligence methods and procedures"? If that were true, then wouldn't they only need to tap into the backbones that connect USA to other countries, rather than tapping into domestic ISPs' LANs? If tapping into domestic networks is justified as an "intelligence method or procedure" that need not be disclosed to the public, then there is absolutely no limit as to what sorts of surveillence can be used against US Citizens. They could require that a microphone be surgically implanted in every US Citizen, and the application of this justification would be just as valid.


---

Re:I'm glad they know how to use a sniffer. (3)

twdorris (29395) | more than 13 years ago | (#708158)

I'd agree 100%. I had already developed a sense that this guy might not be qualified for the task at hand before I read his answer to that particular question. After I read his answer, I knew he wasn't qualified. Great, he can use a freakin' sniffer. So can I, so can my MOM with a couple minutes of teaching. That wasn't the question. I believe this guy is attacking this problem from a very simple angle...he's going to check that they have some basic filtering mechanisms in place at the protocal stack level and rubber stamp the system as safe. Yippee.

(OT) what about the NSA interview? (3)

fReNeTiK (31070) | more than 13 years ago | (#708159)

Some time ago, this slashdot interview [slashdot.org] was posted in which we were given the oportunity to ask some questionst to a guy from the NSA. It looks like the answers to the questions were never posted. What happened? Did I miss the followup?

Looking at his answers to my question... (3)

M-2 (41459) | more than 13 years ago | (#708160)

Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy. It is appropriate for the public to be concerned about how this balance is struck.

In the past, the FBI and the other groups in the Federal Government have tried to shove the balance completely to their own side. This has given us a significant amount of distrust in their motives. From the CDAs to Operation Sundevil, they have shown a lack of comprehension of the issue they have to deal with, instead avoiding the hard questions for the easy ones. And more and more often, they've gotten slapped down, and I think that's starting to make them very very cranky. And they want something that'll move the balance the way they want, and that no one can take away from them. And they think Carnivore is it.

The Internet community appropriately has been concerned about technological developments that may affect the balance, including restrictions on encryption, development of new telecommunication systems that facilitate or hamper electronic eavesdropping and devices such as Carnivore.
The FBI has, in every case, tried to push to have back-doors put into encryption methods that they can access. Into IPsec. Let's not forget Clipper all those years ago. While I can understand there are potentially pressing reasons for these restrictions in the name of National Security, what's going to keep these people who would use encryption from snagging a half-dozen comp-sci majors from India and having them write a half-dozen different quick-and-dirty encrypts that you can use once or twice and then throw away. Even if it takes 24 hours to crack, some of these drug shipments will be done by then if they time it right and get it on the way. And they won't have the back-doors. Even if they use something like DES, they still need to figure the key for it... Which is something that hasn't been put forth. One-shot encryption is possible for the big criminal cartels, because they can afford to pay some people for it in order to make a profit in an illegal business.
In this respect, interest in Carnivore and a certain amount of controversy over it is healthy.


On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.

I'm going to go out on a limb here and think this means that he feels that our desire for a completely objective peer review by individuals who have no connection with the Federal administrative process is a bad thing. I'm not sure there's really anyone available who meets the criteria:

  • Not having performed any work for the Federal government on a for-pay basis
  • Having the technical expertise that the FBI would have see as the 'minimum' for their review.

Would Lawrence Lessig? He's testified in a number of trials, and the fact that he's been mostly against the Federal requests may be a big red mark. Can anyone think of someone who's got the technical chops AND managed to avoid either annoying the Feds OR working for them?
----

I'm glad they know how to use a sniffer. (3)

nonya (65503) | more than 13 years ago | (#708161)

He answers Question 8:

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

My reading of this is members of the team have used sniffers. What the question asked is if the team has any skills in implementing a sniffer. Does anyone know the answer?

boxen (3)

sean@thingsihate.org (121677) | more than 13 years ago | (#708163)

"On October 5th we put out a call for questions about the FBI's Carnivore boxen that we could..." I can not tell you how much it makes me want to kill when people say "boxen."

Ummm...looking for an excuse? (3)

YU Nicks NE Way (129084) | more than 13 years ago | (#708165)

Blockquoth the poster
"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and
protection of national security against threats of invasion of privacy."

The second clause (in bold) doesn't appear to be written in English. What would it mean to threaten to invade the privacy of national security?
(Emphasis added by previous poster)

He's right, it isn't in English. That's because he parsed the sentence wrong. The correct (and syntactically and semantically valid) parse is
"Any electronic surveillance involves balancing
needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy."
In formal English, one "balances" a "against" b -- in this case, needs against threats -- and one does not "balance" a "and" b.

foreign intelligence investigations (3)

e_lehman (143896) | more than 13 years ago | (#708166)

Peritt had two sentences that I think explain why the Carnivore review is being conducted in such cloak-and-dagger style:

  • Carnivore is used in sensitive criminal and foreign intelligence investigations.
  • It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

These are the first overt admissions I've seen that Carnivore is not just a law-enforcement tool. I suspect that the foreign intelligence gathering aspect is what the DoJ, FBI, etc. don't want publicly revealed or even discussed.

For example, perhaps Carnivore does something special with packets that are headed overseas or to foreign embassies. I bet these can be legally tapped at will, much as the NSA is allowed to monitor international (but not domestic) phone calls. I'd guess that scraps of intelligence could frequently be gleaned in this way. Say a Moscow embassy functionary emails his girlfriend back in St. Petersburg and says a tad more than he should to make himself look cool and important. Perhaps Carnivore would gobble this down.

I'm not sure whether NSA conducts industrial espionage as, apparently, some western European intelligence services do. If so, emails from foreign business travelers back home would be a gold mine. This would defintely be hush-hush to a vastly higher degree than banal packet sniffing related to a criminal investigation.

(Of course, why they wouldn't just watch overseas pipes instead of local ISPs isn't clear to me... okay, NO ONE BRING THAT UP, all right? I like my theory.)

wrong answer? (3)

Spider-X (159360) | more than 13 years ago | (#708167)

"Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment. It is far from clear that such limited acquisition of network packets at lower levels of the OSI stack constitutes interception under the law. On the contrary, not all of them. On switched networks, which are pretty common, especially at ISP's, you only get what's destined for you, or the broadcast address. It may be a moot point, but I *hate* it when I see an error such as this in a published article.

Perrit Interview (3)

herwin (169154) | more than 13 years ago | (#708168)

As a security engineer, I saw nothing in Dr. Perrit's answers to suggest that the review will be anything but conscientious, professional, and independent. I'm willing to wait for the results before making my final judgment.

The Question: (3)

abe ferlman (205607) | more than 13 years ago | (#708169)

10) Oversight of this interview by Col. Klink (retired) Are you free to answer questions posted here, or does the FBI review your answers first?

Perritt: Neither the FBI nor any other government agency reviewed my answers to these questions.

Non-responsive. Only the second half of the question was answered.

Hmmm (3)

arothstein (233805) | more than 13 years ago | (#708171)

I am not willing to speculate as to what action I would take if inappropriate control is exercised.

In other words, "I'm pretty sure I don't have the balls to make any waves."

Ummmm....yeah (3)

OlympicSponsor (236309) | more than 13 years ago | (#708172)

Didn't run it past the FBI--because it is content-free. Check this:

"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy."

The second clause (in bold) doesn't appear to be written in English. What would it mean to threaten to invade the privacy of national security?

The first clause is more frightening: We (the people) allow laws to be created that "can't possibly be enforced" and then his first clause comes into play: "effective enforcement of the criminal laws". First you define the criminals, then figure out how to catch them.

This is EXACTLY why we (in the US) have a Bill of Rights. It says that, no matter what "criminal laws" you think you have to enforce, you can't do X, Y and Z. There is no "balancing"--the Fourth Amendment says you cannot search/seize my property without a warrant PERIOD. Carnivore violates that amendment, therefore it is unconstitutional. Catch your "criminals" another way.
--
An abstained vote is a vote for Bush and Gore.

Story submitted to slashdot (4)

Anonymous Coward | more than 13 years ago | (#708173)

I submitted a story to slashdot, which I don't think is going to go through. Here is the text of that post:

The government is going to be voting on a bill today that may give them the right to search records without a warrant, in secret. This bill has already passed the Senate! HELP!!!

The full story is at http://www.defendyourprivacy.com/ [defendyourprivacy.com]

I have some other urls as well to go along with this:

http:/ /wo rldnetdaily.com/bluesky_poole_news/20001011_xnpol_ senate_bil.shtml [worldnetdaily.com]
http://thomas.loc.gov/cgi-bi n/b dquery/z?d106:s.02516: [loc.gov]
http://www.nationalreview.co m/k opel/kopel101000.shtml [nationalreview.com]

Perrit's mind may already be made up. (4)

qnonsense (12235) | more than 13 years ago | (#708174)

From reading Perrit's answers, it looks like his mind is already made up. Dismissing serious concerns over the constitutionality of Carnivore as conspiracy theories, and the overall tone of his answers makes it pretty darn clear that he's going to say that Carnivore's just fine and perfectly legal.

And even if he comes to the opposite conclusion,
It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

That sounds to me like he's willing to be censored. This whole thing is a bit more than fishy if you ask me.

And yes, if you worked for the Feds at any time (even 24 years ago), much less the DoJ (Krent), then that sure as hell disqualifies one from undertaking an independent review. That's what impartiality means.

Oh well. Big Brother knows best I guess.

Re:Perrit's mind may already be made up. (4)

Xerithane (13482) | more than 13 years ago | (#708175)

I worked for the government at one point, I had a great time there. It was a good job, pay sucked but it was fun.
But am I an evil person? Hell no, I am more for freedom than you are -- you know why? You are trying to censor him - I'd be willing to bet you haven't lived 24 years, so how do you know how long of a time that is? It's a long time, and a lot can change. Even if he did work for the DoJ, NSA, CIA, FBI or whatever - he still is a person with his own beliefs, not of the government.

Very formal and cautious... (4)

stienman (51024) | more than 13 years ago | (#708176)

Very formal and cautious...

The FBI didn't need to review this interview, since they know that he is very careful with his wording. He answered every question by either determining not to answer, or by being very terse and formal. Oh well, it's better than nothing, and gives us a peek into how their minds operate. We'll end up with a report that is worded very carefully and scholarly. They won't leave anything out, but they aren't going to speculate or probe the possibilities. More of a technical specification than a discussion of Carnivore.

-Adam

But roses don't eat people... do they?

Or it might just be... (4)

devphil (51341) | more than 13 years ago | (#708177)

...that "Since I can't see into the future, I'm not going to guess how I might react to any of an infinite number of possibilities, especially in a public forum famous for roasting alive anybody who doesn't swear by the Linux Party Line."

Don't you think that what action he takes might, just might depend on exactly what kind of "inappropriate control" is exercised?

Seemed a fair answer to me. What were you expecting? "I shall immediately flood the DoJ with complaints even though I haven't read the edited report!"??

All network cards tap? (4)

lpontiac (173839) | more than 13 years ago | (#708178)

Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment.

You could say that.. but you could also say that the Wire itself taps all the traffic, and so does the T-connector...

The entire *point* of having that layer model is that a clear hierachy is specified as to what has access where, and the NIC is an integral part of the network layer itself. By default a network card doesn't generate an interrupt for packets that aren't addressed to itself, and I'm fairly sure that if I placed a card onto someone else's network and set it to promiscuous mode against their wishes I'd be violating a law or two.

I concede there are a few ambiguities... one of the reason that strong encryption by default is a good idea, so only the source and recipient can read that data? (Every web session over SSL, every shell over SSH etc...) Ooops, the government doesn't like widespread crypto either.

Your intentions are good... (4)

spam-o-tron mk1 (237603) | more than 13 years ago | (#708179)

... but your conclusions are dead wrong.

This man does not share the belief that most /.ers have, that being, the government in inherently evil and trying to screw us over.

Ok. Maybe you don't believe this. But I believe it. And many other people believe it.

For instance, the people who wrote the US Constitution believed it. That's why they set up three branches of government specially designed to frustrate and impede each other. The US government is set up to do as little as possible. And for very good reasons: bureaucracies (and governments) expand to fill all available space. Go down to the DMV some afternoon and see for yourself.

It would be easy to say that he's just a governmen patsy, but that wouldn't be true.

Correct. He's not doing anything he knows to be wrong.

The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.

Ah.... I don't know. "Security" and "avoidance of embarassment" are very easily interchangeable.

The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.

I'm not going to bash him, but I believe he's not suspicious enough. I might trust him as a person, but I'm still not going to trust his report.

Bruce

Damn moderators (5)

roystgnr (4015) | more than 13 years ago | (#708180)

The most important question [slashdot.org] I saw only got moderated to a 4, in favor of repetitious "Can we really trust you? Really, really?" BS.

To paraphrase, the question was something like "How do you know the software you are reviewing will be the (only) software installed on the FBI's black boxes?"

Perritt did admit in question 9 that Carnivore would need to physically tap all traffic on a subnet, then apply software to reject packets not related to a particular investigation.

So how does he know that the software actually going into use will be the same as the software he is being asked to review? Since the FBI will need encrypted remote access to operate the Carnivore boxes, what is to stop them from uploading whatever software they want, without any judicial review or ISP knowledge, after the fact?

Of course, the answers have to be "he doesn't know", and "nothing", but I would have liked to hear it from Perritt himself.

Let's not forget the second most important question [slashdot.org] , which only got moderated to a 3:

In Marshall v. Barlow's, US Supreme Court 1978, the court found that businesses are subject to the same Fourth Amendment protection as individuals are, in regard to Administrative agencies. How will the FBI install these boxes in ISPs when there is no ongoing investigation, and no warrant?

Really, what happens when an ISP says, "No, we aren't going to violate our customers' privacy." Do they get hit with a "sure, we're investigating someone, and it's going to take an awful long time so we'll have to leave this box here indefinitely" warrant? Do they get pressured into accepting Carnivore installations in spite of the 4th amendment?

Not exactly encouraging answers (5)

EQ (28372) | more than 13 years ago | (#708182)

He was almost Clintonesque in his responses. Answered without supplying anything truly substantial.

For example
Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States. It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

This is a dodge - he was asked to address why the secrescy about the functioning of the device, not its actual in-operation placement. Let "regular" people see the source - the system is effective by its placement not by its function.

q:will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data?

And the answer?
A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

Yes, we know that about sniffer - anyone here that has run Network General product to diagonose packet problems is aware that they are used routinely.
  • Dont talk down to us, we probably know more than you do!
Are your team members going to ensure that it captures only the authorized intercepts and not infringing on the innocent? We are still waiting for a clear and definite answer on that one

After reading his evasive and non-responsive answers, its pretty obvious that Mr Perrit (or should I say " Mr Parrot ") appears to be a shill, a disengenuous legal weasel, and is quite obviously comfortable at being kept firmly in the government's pocket.

My Carnivore review... (5)

MustardMan (52102) | more than 13 years ago | (#708183)

For this review, I have chosen to compare the merits of two well known carnivores:
1. The Tyranosaurus Rex, Common name T-Rex.
2. The Eatius Roadrunnerus, Common name Wile E. Coyote.

For the purpose of this review, I will be dealing with five categories: Attack method, Persistance, Cyclic Preference (Day or night?), Natural tools, and Success rate.

I.) Attack method.
First we will examine the Tyranosaurus Rex, here forward referred to as T-Rex. The Tyranosaurus has two main attack methods. The first and primary method is its enormous, powerful jaws. This attack allows a very quick kill of the quarry and is effective in preparing the meal for easy digestion. The second attack method of the T-Rex is its long tail, which can be used to knock over or stun the quarry at range. This attack has one major disadvantage, namely that it puts the T-Rex off balance, leaving it vulnerable.

The Coyote, on the other hand, has many attacks, but tends to focus on two: The Trap, and the Pursuit. In both cases, the attack is augmented by techological means, showing the cognitive abilities of the Coyote, also known as its "Suuuper Geeeenius."

II.) Persistance
In this case, the coyote is a clear winner. The coyote has been known to stalk the same prey for well over twenty years, showing that it is a very vicious and persistant hunter.

The T-Rex, on the other hand, shows limited persistance, generally giving up on any given quarry within ten to fifteen minutes, and not possibly re-attempting the attack more than an hour and fifteen minutes or so later.

III.) Cycle
Here, again, the Coyote is a clear winner. It has been known to stay up all night preparing for the next day's hunt. The T-rex, on the other hand, basically only attacks something near it, and has only been known to hunt during the day, unless it's raining.

IV.) Natural Tools.
In this case, the coyote is a sore loser at best. Its only natural tool is its mind, which, having no physical presence, does not really satisfy this category. The T-Rex, on the other hand, has many natural tools, including its attacks (see I. above), and its large, well formed muscles and skeletal structure, designed for the pursuit.

V.) Success rate
This, being the deciding factor between the two, determines who is the superior carnivore. So far, the contestants are fairly evenly matched, with the T-Rex excelling at attack methods and natural tools, while the Coyote is both persistant and follows a more effective day/night cycle. This makes the final category, the Success Rate, the tie breaker. In this category, the T-Rex clearly excels. It is able to make regular meals of many varieties of woodland creature, ranging from goats to Pondus Scumus, the modern Lawyer. The Cotote, however, has not once been seen to successfully capture and consume its prey. More often than not, it severely injures itself in the course of its hunt.

Therefore, the clear winner is: The Coyote, because it is much more entertaining.

Thank you and good night.

The Questions.... (5)

TheReverand (95620) | more than 13 years ago | (#708184)

Question 1. Will you lie?

Question 2. You will Lie. Right?

Question 3. You have no integrity...right?

Question 4. You are a government shill...right?

Question 5. Why should I believe you...You are a liar...right?

Question 6. How will Natalie Portman be affected by carnivore?

*ahem* half those questions were absolutely redundant. If I was that guy I would have refused to answer attacks on his integrity after the third or fourth time.

rev

Re:All network cards tap? (5)

TheCarp (96830) | more than 13 years ago | (#708185)

> (Every web session over SSL, every shell over
> SSH etc...)

I have to agree.

One of the battle cry's we have used at work is
"Plaintext Passwords must die" (they wont die soon but we are working on it).

I am in favor of doing it up right. Phase out http in favor of https. I know my webserver will soon have a rewrite rule to redirect all http traffic to https.

I like the analogy used in the PGP manual the best. Would you send all your personal mail on psotcards? If everyone did, then sending something in an envelope would look weird - suspicous even.

So encrypt it all. Everything. ALL traffic in and out of everywhere. What is really needed is a free public CA, who can sign ssl certs for people. Or, better yet, come up with a "web of trust" system and build support for it into the web browsers...then into everything else.

Crypto needs to be made painless to use. Simple and default.

-Steve

One thing is clear... (5)

InfinityWpi (175421) | more than 13 years ago | (#708186)

This man does not share the belief that most /.ers have, that being, the government in inherently evil and trying to screw us over.

I, for one, have to applaud him for answering these questions without resorting to calling us the paranoid delusionals we really are.

It would be easy to say that he's just a governmen patsy, but that wouldn't be true. The man's being asked to do a job. He'll do it. And he honestly believes that there will be no problems with issuing his report afterwards. And, you know? He's right.

The government isn't always out to screw us, people. Don't go bashing the guy for his point of view.

Question #8 (5)

gscott (187733) | more than 13 years ago | (#708187)

Interesting to me that the question by Mr. Graham, a well known and respected technical expert, was answered in a two sentence response as follows: "A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools." This looks like a deliberate attempt to avoid answering the question in any way, shape, or form. Who has experience? What type? How much? I am FAMILIAR with Linux, and have installed it one time, but I am sure not an expert who is qualified to make any sort of judgement on any Linux device. Similarly, how do we know whether these people are truly qualified in the manner that Mr. Graham asks? And network management is a LOT different than performing a critical review of something like Carnivore. I will be totally honest, I cannot even begin to understand the second paragraph of Mr. Graham's question. Why does Mr. Perritt neglect to even attempt to respond to any part of that, or if he is not qualified, even mention forwarding it to someone who is qualified to respond as to whether or not it is relevant? Seems like this is a very deliberate avoidance of the truth. Let the whitewash begin!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...