Top Guns Want to Probe Carnivore
by Declan McCullagh
11:00 a.m. Aug. 21, 2000 PDT
WASHINGTON -- An eminent group of security experts has offered to undertake an independent review of the FBI's controversial Carnivore surveillance system.
Attorney General Janet Reno said in early August that the Justice Department would commission a study of Carnivore from a major university, but she has not yet come to a final decision as to which institution she will recruit for this purpose.
The ad-hoc association of 13 security experts, who have dubbed themselves the Open Carnivore group, includes individuals such as AT&T Research's Matt Blaze and Tom Perrine of the San Diego Supercomputer Center, both of whom testified before Congress about Carnivore in July.
"We've put a great group of people together who are credible," Perrine says. "None of us has an axe to grind."
Justice Department spokesman Chris Watney said on Monday that officials were "still in the process of selecting a university to review Carnivore."
News reports have suggested that researchers from MIT and Purdue University independently contacted the Justice Department and also offered to perform reviews. The government hopes a review will satisfy critics who say Carnivore violates the privacy of innocent Internet users.
One Justice Department source said that Open Carnivore is "doing their own thing" and the agency isn't giving them much thought.
Other members of the Open Carnivore group include Peter Neumann of SRI International, "Mudge" of @stake, Tsutomu Shimomura, who helped track down convicted hacker Kevin Mitnick, and David Wagner of the University of California at Berkeley.
Carnivore has come under fire on technical and legal fronts.
Privacy groups have said that, when installed at an Internet service provider, Carnivore could be programmed to snack on more traffic than it should. They also say that even if it works as described -- intercepting massive amounts of data and discarding what's not relevant -- Carnivore could violate the Fourth Amendment's prohibition on unreasonable searches and seizures.
"Even the independent university review won't answer all the questions, because the reviewers won't know how the FBI has employed it in past investigations and will employ it in future investigations," says David Sobel of the Electronic Privacy Information Center. "They're going to be looking at a static piece of software."
Government officials hope to complete the investigation to send a report to Reno by December 1, but have steadfastly refused to release source code to the public.
EPIC has sued to obtain that information under the Freedom of Information Act, and last Thursday asked a federal judge to speed up the FBI's response.
The FBI on Monday said it's trying to be upfront about Carnivore.
"We've endeavored to be as open as possible on the Carnivore issue," said FBI spokesman Bill Carter. "We've briefed reporters on its capabilities, we've testified before Congress. What else can we say?"
"You have to understand that as a law enforcement organization, there are certain things that we have to do to uphold the law. If monitoring someone's email is what we have to do, then we're going to be as open as possible with the process," Carter said.
Open Carnivore's Perrine said that he is drafting a memorandum of understanding to circulate among members of the group, and then forward to the Justice Department.
Perrine said the Open Carnivore members have agreed not to release the Carnivore source code. "The kinds of conditions we're looking for are that we'll agree not to release the source code, we'll agree not to divulge who wrote it," he said. "Any vulnerabilities we find, they'll get the same treatment as any other vendor: They'll get advance notice and a chance to fix it."
Assistant Attorney General Stephen Colgate, who is heading an internal Carnivore review committee, recently said he wants to finish a report that includes the panel's recommendations and the outside review by December 1.
MIT and Purdue did not immediately return phone calls asking for comment.
The members of the Justice Department committee include the head of the FBI labs, the department's top privacy officer, and a representative from the criminal division.
Nicholas Morehead contributed to this report
The story can be found HERE.
I strongly suggest you visit this site for more links if you're interested!
------------------
God, Guns and Guts made this country a great country!
oberkommando sez:
"We lost the first and third and now they are after the Second!(no pun intended)"
by Declan McCullagh
11:00 a.m. Aug. 21, 2000 PDT
WASHINGTON -- An eminent group of security experts has offered to undertake an independent review of the FBI's controversial Carnivore surveillance system.
Attorney General Janet Reno said in early August that the Justice Department would commission a study of Carnivore from a major university, but she has not yet come to a final decision as to which institution she will recruit for this purpose.
The ad-hoc association of 13 security experts, who have dubbed themselves the Open Carnivore group, includes individuals such as AT&T Research's Matt Blaze and Tom Perrine of the San Diego Supercomputer Center, both of whom testified before Congress about Carnivore in July.
"We've put a great group of people together who are credible," Perrine says. "None of us has an axe to grind."
Justice Department spokesman Chris Watney said on Monday that officials were "still in the process of selecting a university to review Carnivore."
News reports have suggested that researchers from MIT and Purdue University independently contacted the Justice Department and also offered to perform reviews. The government hopes a review will satisfy critics who say Carnivore violates the privacy of innocent Internet users.
One Justice Department source said that Open Carnivore is "doing their own thing" and the agency isn't giving them much thought.
Other members of the Open Carnivore group include Peter Neumann of SRI International, "Mudge" of @stake, Tsutomu Shimomura, who helped track down convicted hacker Kevin Mitnick, and David Wagner of the University of California at Berkeley.
Carnivore has come under fire on technical and legal fronts.
Privacy groups have said that, when installed at an Internet service provider, Carnivore could be programmed to snack on more traffic than it should. They also say that even if it works as described -- intercepting massive amounts of data and discarding what's not relevant -- Carnivore could violate the Fourth Amendment's prohibition on unreasonable searches and seizures.
"Even the independent university review won't answer all the questions, because the reviewers won't know how the FBI has employed it in past investigations and will employ it in future investigations," says David Sobel of the Electronic Privacy Information Center. "They're going to be looking at a static piece of software."
Government officials hope to complete the investigation to send a report to Reno by December 1, but have steadfastly refused to release source code to the public.
EPIC has sued to obtain that information under the Freedom of Information Act, and last Thursday asked a federal judge to speed up the FBI's response.
The FBI on Monday said it's trying to be upfront about Carnivore.
"We've endeavored to be as open as possible on the Carnivore issue," said FBI spokesman Bill Carter. "We've briefed reporters on its capabilities, we've testified before Congress. What else can we say?"
"You have to understand that as a law enforcement organization, there are certain things that we have to do to uphold the law. If monitoring someone's email is what we have to do, then we're going to be as open as possible with the process," Carter said.
Open Carnivore's Perrine said that he is drafting a memorandum of understanding to circulate among members of the group, and then forward to the Justice Department.
Perrine said the Open Carnivore members have agreed not to release the Carnivore source code. "The kinds of conditions we're looking for are that we'll agree not to release the source code, we'll agree not to divulge who wrote it," he said. "Any vulnerabilities we find, they'll get the same treatment as any other vendor: They'll get advance notice and a chance to fix it."
Assistant Attorney General Stephen Colgate, who is heading an internal Carnivore review committee, recently said he wants to finish a report that includes the panel's recommendations and the outside review by December 1.
MIT and Purdue did not immediately return phone calls asking for comment.
The members of the Justice Department committee include the head of the FBI labs, the department's top privacy officer, and a representative from the criminal division.
Nicholas Morehead contributed to this report
The story can be found HERE.
I strongly suggest you visit this site for more links if you're interested!
------------------
God, Guns and Guts made this country a great country!
oberkommando sez:
"We lost the first and third and now they are after the Second!(no pun intended)"