Home page logo
/

nanog logo nanog mailing list archives

Re: Just Carnivore (was: Yahoogroups and Carnivore)
From: "Larry Diffey" <ldiffey () technologyforward com>
Date: Mon, 17 Sep 2001 17:58:38 -0700


I concede my first inaccuracy.

Your second point however is inaccurate.  When you use SafeWeb for example,
it's encrypted right from the browser. I've sniffed this traffic on my own
machine.  There is nothing but gibberish.  In order for anyone to see what
you're doing a keystroke logger would have to be installed on your computer.
That would of course defeat PGP as well.

Now it is possible that the FBI has a backdoor into SafeWeb; that's a
problem but you can always encrypt your messages beforehand.

Encryption is so wide-spread now that it's all but impossible to stop.  If
we educated people on the uses of encryption, law enforcement would be too
overwhelmed to deal with it.  Again, it would have no teeth.  Added to that,
if we (the American people) pressured our politicians enough because of our
loss of civil liberties, the laws would be reversed.

I know the FBI wants an escrow key for all encryption keys but that's just
not going to happen.  There are too many encryption tools out there.

Besides, encryption isn't the only way to hide information.  The real
purpose for putting restrictions on crypto is just to spy on normal law
abiding citizens.

Laws are for those that obey the law.  Locks only keep out honest people.
I'm sure you all can come up with more analogies.

Regards,

Larry Diffey







----- Original Message -----
From: "Stafford, Todd" <Todd.Stafford () wwireless com>
To: "'Larry Diffey'" <ldiffey () technologyforward com>; <nanog () merit edu>
Sent: Monday, September 17, 2001 5:23 PM
Subject: RE: Just Carnivore (was: Yahoogroups and Carnivore)


Supposedly Carnivore only targets specific kinds of traffic and doesn't
really monitor everything at once.  It's not like (again, supposedly)
Echelon that examines everything and then red flags certain items.
Carnivore is only looking for certain things.  Also, there is no outside
access to it.  Someone has to physically come in and remove the mass
media
(what ever that may be: more than likely a hard drive).

Afraid I'd have to say that in this instance your conclutsions are
inaccurate.  For more information, see the FBI's Carnicore site at
http://www.fbi.gov/hq/lab/carnivore/carnivore2.htm

Let's see, I want to send email to someone but I want it to be
completely
anonymous.  I go to safeweb.com or any other anonomizer and get myself a
hotmail address.  I then send it to the recipient with PGP encoded text.
He
logs on to hotmail through anonomizer and retrieves it, decodes it and
reads
it.  If I was really smart I'd bounce around a couple of other proxies
while
I was at it.

Again, check out the above link.  Your idea of going to an anonmizer would
be useless as Carnivore scans the traffic directly from your
ISP.....before
it ever gets to the anonmizer.  Granted, encrypting your message before
ever
logging onto your ISP and then sending it via it's encrypted format would
prevent it from being read in cleartext but considering what Congress is
proposing, the sending of encrypted messages could be just what the FBI
would need to start looking deeper into your life.

Carnivore? Toothless!

No breach or attempted breach of one's civil liberties is
toothless....especially the right to privacy.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]