Anti-Carnivore FUD or Brave New Internet?
Secret Squirrel
secret_squirrel at nym.alias.net
Sat Jan 20 11:36:34 PST 2001
http://www.pbs.org/cringely/pulpit/pulpit20000713.html
JULY 13, 2000
Meet Eater
The FBI's Plan for Digital Wiretaps Raises More Questions Than It
Answers
By Robert X. Cringely
There is this moment toward the otherwise forgettable end of "Star
Trek V: The Final Frontier" when this alien creature patterned after
the Wizard of Oz has even Spock convinced that it is God with a
capital "G." They are just about to fire-up the Enterprise and take
"God" back to Earth when Kirk -- probably hoping to avoid the
military protocol involved with having a deity on the bridge -- asks
a pivotal question: Why would God need a starship? Couldn't God just
blink and instantly be in Times Square looking up at the NASDAQ
sign, wondering why they cut windows into a video screen?
This scene of the skeptical Kirk flashed in my mind this week as I
read about Carnivore, the FBI's system for reading the e-mail of bad
guys. Carnivore is a sealed box that is installed at the network
operations center of an Internet Service Provider. It filters
packets, finds e-mail going to and from identified criminals, and
saves that e-mail for later decryption and analysis. What bothers
the Internet Service Providers is they have no control over the
Carnivore box, and no way of protecting the privacy of all the
customers who aren't drug lords or escaped felons. What bothers the
American Civil Liberties Union is the likelihood that individuals
will not only lose their right to privacy, but lose it in a new and
insidious way.
What bothers me is the damned box. Why would the FBI need a box?
Here's all the FBI will say about Carnivore. It sits on the network
at the ISP, is PC-based, is "a kind of a sniffer," identifies and
saves packets associated with suspected criminals, is installed
under a court order, and doesn't itself act as a decryption device.
There are supposed to be around 20 Carnivore boxes, and they have
been in use since early this year. You don't need a sealed box to do
any of these tasks, most of which are already being done for
completely legal reasons right inside the router at every ISP.
Routers look at every packet, determine what type of packet it is,
where it is coming from and where it is going to, then the router
delivers the packet to its intended destination. This is what
routers do. Adding the Carnivore task is a simple matter of blind
copying every packet to or from a bad guy to a third address at the
J. Edgar Hoover FBI Building in Washington, DC. It's at most a few
lines of code and requires no additional hardware.
So why the box?
The probable reason is because cops like to be in control. They LIKE
boxes, like delivering them in unmarked cars, like the satisfying
click of the RJ-45 connector as it slides home. Maybe they don't
know that it could all be done without a box. Heck, it IS being done
without a box all the time, and that's where the ACLU is missing the
point. Sniffers have been running on networks ever since Harry Saal
invented the device. Every packet at every ISP already goes through
a sniffer at least part of the time. An ISP could do at any time
what we fear the FBI might do with Carnivore read the e-mail and
follow the surfing habits of every pretty blonde customer. Good
ISPs, which is to say nearly all ISPs don't do this, of course, but
it happens.
So why doesn't the FBI just get a court order making the ISP do the
dirty work? That's what the ISPs wonder, too, especially since
that's how phone taps are handled. Cops don't really climb poles and
attach alligator clips to hear phone calls. That's all done at the
central office by telephone company technicians.
The FBI, through the use of Carnivore, is trying to grab a little
more power. And by doing it themselves with Carnivore, the FBI
doesn't have to reveal the identity of the bad guy or extent to
which it is using the box. Yeah, right.
But wait, it gets worse. There are aspects of this case that the
ACLU hasn't even considered. The Carnivore boxes are what's called
"co-located" at the ISP. This isn't a rare thing. Many organizations
like to control their own Web or mail servers and so co-locate them
at an ISP. Colocation puts your server closer to the Internet
backbone, eliminates typical T-1 line costs, allows the ISP to
monitor and reboot the server, and usually comes with nifty things
like redundant backbone connections and diesel generators in case
the power goes out. Companies in the co-location business include
well-known names like AT&T, IBM, and Intel. So there are tens of
thousands -- maybe hundreds of thousands -- of computers already
installed just like the FBI installs its Carnivore boxes. What keeps
those co-located computers from being sniffers, too? Nothing at all.
For $300 per month, you too could install your own Carnivore box at
the ISP of your choice. Co-location facilities don't really care
what you do with your co-located server as long as you keep paying
the bill.
More technically astute readers may take exception to this idea of
private Carnivore boxes since there are ways to isolate ISP traffic
and keep one box from seeing all the packets on the ISP network. But
at most ISPs, THOSE TECHNIQUES AREN'T USED.
This still leaves us wondering why the FBI insists on this program
that isn't really necessary to do what they say they want to do.
Beyond my overzealous cop theory, the most obvious possibility is
that Carnivore is actually intended to do something else, some
different task than the FBI is saying. Privacy advocates and the
ACLU seem fixated on the idea that the Feds will use Carnivore to
eavesdrop on non-criminals. It makes sense to worry about this,
given past FBI anti-privacy campaigns like the Clipper Chip fiasco
of several years ago that was supposed to have made it possible for
the FBI to tap up to 10 million simultaneous telephone
conversations, even though there are only an average of 1500
court-ordered phone taps each year in the U.S.
But I have my own theory about Carnivore. From a network
architecture standpoint, the best location for Carnivore is right
after the ISP's router. This puts Carnivore in the path of every
packet entering or leaving the ISP. It's also a major reason why
ISPs might not want to install Carnivore boxes -- it's the network's
point of greatest vulnerability. In this position, Carnivore can act
as a listening and recording device, OR IT CAN ACT AS A SWITCH. If
we ever hear a proposal from the FBI in which it plans to install
Carnivores at all 6000 ISPs in the U.S., we'll be giving the
government the power to do something it can't do right now.
Shut the Internet down.
"We've got a Carnivore^h^h^h^h^h^h^h^h^h ChildSavor box, we're using
the case as a radio antenna, and we know that's not allowed!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Shit Disturbing: Anarchy in the streets,
Brain's Moral Compass | digital money-laundering, zero-knowledge
W.A.S.T.E.D - Proud Author of| gun purchases, collapse of Federal buildings
many prompt checks to the IRS| "Nuts like me give Orrin Hatch wet dreams"
"When the Revolution comes, they'll start working their way through Tim's Killfiles."
More information about the cypherpunks-legacy
mailing list