If this weren't an advertisement for new encryption technologies, I don't know what is.
I think I'll run off and install ssh now.
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>
Carnivore: Just Say No?
Can a service provider refuse to let the FBI's surveillance system onto their network? One ISP already tried.
By Jennifer Granick
August 14, 2000 12:08 AM PT
As the dust begins to settle following the swirl of reports about Carnivore -- the FBI's recently-disclosed tool for surveilling digital communications -- Internet service providers are wondering whether they can Just Say No when federal agents come knocking with their black box in tow.
The public has voiced great concern about the surveillance capabilities of Carnivore, as did some members of the U.S. Congress during a hearing convened last month. But ISP's may have another reason to worry about the technology: no one knows if Carnivore is secure.
The FBI can configure Carnivore remotely though a dial-up. If an attacker can get a Carnivore box's unlisted phone number, call it up and crack it, they'd have access to all the communications on the ISP's network. An expensive firewall does no good when the FBI strolls in waving a rubber-stamped court order, plugs in a modem and says, 'trust us.'
The Bureau has been characteristically mum about how Carnivore works, and how it's protected from attackers. Current proposals to allow a University to review the code for errors haven't put ISPs' fears to rest. The FBI has said it would not allow further audits, even as the code is modified and developed in the future.
But network administrators who are reluctant to embrace the government's philosophy of 'security through obscurity' may not have much of a choice in the matter.
Good Faith
The one lawyer who's challenged Carnivore in court says there is little motivation for ISPs to fight law enforcement efforts to install the packet sniffing technology. Attorney Robert Corn-Revere, who recently represented an ISP, rumored to be Earthlink, in its challenge to the FBI, says providers cannot be sued for permitting law enforcement to intercept, access or otherwise monitor communications on their network, so long as the ISP relied in good faith on the court warrant or order for the information request.
The FBI convinced a federal judge that only Carnivore would do.
As government requests to install Carnivore multiply, that may change. "The issue isn't so much Carnivore," opines Corn-Revere, "as it is how we apply outdated legal theories to new technologies." New surveillance technologies give law enforcement access far beyond the scope of what the court order may authorize.
In that case, ISPs may court legal liability if they allow the government to install Carnivore, even when the government promises they'll only look at what they're allowed to see.
ISPs who don't want Carnivore on their system may not have any choice. The most efficient way to avoid the forced installation is to give the government what it wants some other way. Nothing in the law says that ISPs have to use the technology offered by the FBI, and in fact, during recent Congressional hearings on the matter, the FBI asserted that so long as ISPs were able to comply with lawful court orders, they would not insist on using their own black box.
Earthlink tried this tactic in its recent battle with the FBI, and developed its own software to scan for information responsive to the court order. The FBI wasn't satisfied with the software's performance, however, and convinced a federal judge that only Carnivore would do.
But today, with the spotlight of public scrutiny focused on Carnivore's privacy-eating abilities, and with Congressional testimony on the dangers of this surveillance system backing them up, ISPs may have better luck next time in the courts.
[/quote]
This story can be found HERE.
------------------
God, Guns and Guts made this country a great country!
I think I'll run off and install ssh now.
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>
Carnivore: Just Say No?
Can a service provider refuse to let the FBI's surveillance system onto their network? One ISP already tried.
By Jennifer Granick
August 14, 2000 12:08 AM PT
As the dust begins to settle following the swirl of reports about Carnivore -- the FBI's recently-disclosed tool for surveilling digital communications -- Internet service providers are wondering whether they can Just Say No when federal agents come knocking with their black box in tow.
The public has voiced great concern about the surveillance capabilities of Carnivore, as did some members of the U.S. Congress during a hearing convened last month. But ISP's may have another reason to worry about the technology: no one knows if Carnivore is secure.
The FBI can configure Carnivore remotely though a dial-up. If an attacker can get a Carnivore box's unlisted phone number, call it up and crack it, they'd have access to all the communications on the ISP's network. An expensive firewall does no good when the FBI strolls in waving a rubber-stamped court order, plugs in a modem and says, 'trust us.'
The Bureau has been characteristically mum about how Carnivore works, and how it's protected from attackers. Current proposals to allow a University to review the code for errors haven't put ISPs' fears to rest. The FBI has said it would not allow further audits, even as the code is modified and developed in the future.
But network administrators who are reluctant to embrace the government's philosophy of 'security through obscurity' may not have much of a choice in the matter.
Good Faith
The one lawyer who's challenged Carnivore in court says there is little motivation for ISPs to fight law enforcement efforts to install the packet sniffing technology. Attorney Robert Corn-Revere, who recently represented an ISP, rumored to be Earthlink, in its challenge to the FBI, says providers cannot be sued for permitting law enforcement to intercept, access or otherwise monitor communications on their network, so long as the ISP relied in good faith on the court warrant or order for the information request.
The FBI convinced a federal judge that only Carnivore would do.
As government requests to install Carnivore multiply, that may change. "The issue isn't so much Carnivore," opines Corn-Revere, "as it is how we apply outdated legal theories to new technologies." New surveillance technologies give law enforcement access far beyond the scope of what the court order may authorize.
In that case, ISPs may court legal liability if they allow the government to install Carnivore, even when the government promises they'll only look at what they're allowed to see.
ISPs who don't want Carnivore on their system may not have any choice. The most efficient way to avoid the forced installation is to give the government what it wants some other way. Nothing in the law says that ISPs have to use the technology offered by the FBI, and in fact, during recent Congressional hearings on the matter, the FBI asserted that so long as ISPs were able to comply with lawful court orders, they would not insist on using their own black box.
Earthlink tried this tactic in its recent battle with the FBI, and developed its own software to scan for information responsive to the court order. The FBI wasn't satisfied with the software's performance, however, and convinced a federal judge that only Carnivore would do.
But today, with the spotlight of public scrutiny focused on Carnivore's privacy-eating abilities, and with Congressional testimony on the dangers of this surveillance system backing them up, ISPs may have better luck next time in the courts.
[/quote]
This story can be found HERE.
------------------
God, Guns and Guts made this country a great country!