The Carnivore program has gotten a lot of press recently. While it’s said that it would only be used by the appropriate law enforcement officials, I think it should not be allowed at all. Who knows who is getting into your email until it’s too late? Even if the police think that they need to search your home for something, they must produce a search warrant.
While they say it is only to be used in conjunction with a court order, who’s to stop someone from looking in at all the email? Without a court order, it just can’t be used in court.
Is it a valid tool for Law Enforcement? Or is the chance of misuse to great?
Who’s to stop someone from searching your house or tapping your phone line without a court order? Nobody. Happens all the time. But not legally.
If the police want to prosecute you for a crime, they had better have a warrant. I wouldn’t get my panties in a bundle over it; it’s not mandatory for ISP’s to install it (yet) and it’s no different than tapping the phone of a suspected criminal (and you need a LOT of evidence to get a tap warrent. I imagine there would be similar requirements for this.)
There is a very big and basic difference between a phone wire tap and carnivore.
When the cops tap your phone they take the court order to the phone company and the phone company taps into your line (and only your line).
Carnivore works very differently. It is a computer installed and belonging to the cops that hooks up to the ISP server and filter every packet that goes through. The cops say they will only retain and look at the ones they have a court order for. Those of us who are somewhat skeptic do not trust them on this.
It is a bad idea no matter what.
In any case, I recommend using PGP or another form of encryption. I use PGP regularly. The problem is that if not enough people use it, just the fact that you use it may call attention to you. That is why I think everybody should use encryption normally.
I feel like the guy who thought his phone was tapped during the McCarthy years. He used to answer his phone, “Fuck Hoover. Hello?”
What’s the name of that protest action where on a certain day you’re supposed to send email with hot-button words (like “bomb”, “Gadhafi,” “liberation,” “unabomer,” “Osama bin Laden”, and the like) in order to jam their system?
I think the technical term for that, matt, is “Doing your damnedest to fuck the system, but being ineffectual”.
To elucidate on my “I don’t like it” comment:
I don’t like it for a few reasons. First it’s unnecessary, if they suspect someont the ISP can give the police their old e-mails no problem, if I understand it correctly. Second, this is not selective (as others have pointed out). Not only is the mail of the person under surveillance being collected, so is the mail of every single person under that ISP. Say they wanted to get someone who was using AOL, if they used the Carnivore on the right server they’d be looking at the e-mail of, say, New England. Not only is it ridiculously inefficient, it’s too damn invasive on the privacy of too many people.
Carnivore (originally called “Omnivore”) is scary, but the thing that makes me mad is Reno’s and the Justice Department’s response to the controversy. They seem to think the only problem is that the name Carnivore is scary. Hell, they could call it “soft fluffy pink bunny rabbit” and it would still be the same damn scary thing.
Here’s the pertinent text of a press briefing by Janet Reno on 7/13/00 concerning Carnivore. The full document is available here. I find it disturbing that Reno never reviewed this thing until after it was implemented. And here’s the FBI’s statement to Congress concerning the abilities and applications of Carnivore.
Q Ms. Reno, the FBI has recently implemented the Carnivore system on Internet service providers to perform, as I understand it, a pen-register wiretap function on e-mail on the Internet. Did you review this system before it was implemented or – ATTY GEN. RENO: I’m taking a look at it now, to make sure that we balance the rights of all Americans with the technology of today. But whatever the case, this cannot be done without appropriate court order, according to processes and procedures used now for lawful surveillance.
But when we develop new technology, when we apply the Constitution, I want to make sure that we apply it in a consistent and balanced way. Q Any sentiment now for a separate set of guidelines, department guidelines, for this whole are of online investigations or – ATTY GEN. RENO: As you have seen, it has been an exciting time in law enforcement, as we have absorbed the impact of the new technology.
Trying to make sure that we use it the right way is one of my highest priorities because it can be a wonderful tool. And I don’t want it to be a tool that is, in any way, a cause of concern for privacy interests. Q But you don’t think it needs new department guidelines to guide what the – ATTY GEN. RENO: We are looking at it to see just what is needed, if anything. Q And this is going to come to you in a formal report? ATTY GEN. RENO: No. I am just exploring it now. When I saw the articles yesterday, I started looking into it, asking questions, and want to make sure it’s done the right way. If additional regulations are needed, we will pursue those. But I think – The ultimate issue is let’s look at the technology. Let’s look at that Constitution of ours that’s been in effect for over 200 years. I can’t imagine that John Marshall, as chief justice, envisioned the Internet and e-mail and the wonderful opportunities that modern technology has brought us. But he sure did envision a Constitution that has a lasting nature to it, that has absorbed so many different issues over our history. And I think that, if we do it carefully and thoughtfully, we can utilize the technology and protect the constitutional rights we hold dear. Q When was this new system first brought to your attention; do you know? Or was it a brand-new subject when you saw the articles in the paper? ATTY GEN. RENO: We have known of the capacity to do this. Its application and what has been done, had not been brought to my attention. And I just want to make sure that industry, privacy interests, law-enforcement interests are all fully advised so that we can consider anybody’s concerns and make sure that we address them. Q Does the Carnivore system continue to operate? ATTY GEN. RENO: Could you call it something other than Carnivore? (Laughter.) Q Does the system continue to operate while this review is occurring? ATTY. GEN. RENO: I don’t know the answer to that. That’s a good question, and I will see.
Echelon is perhaps the most powerful intelligence gathering organization in the world. Several credible reports that suggest that this global electronic communications surveillance system presents an extreme threat to the privacy of people all over the world. …ECHELON attempts to capture staggering volumes of satellite, microwave, cellular and fiber-optic traffic, including communications to and from North America. This vast quantity of voice and data communications are then processed through sophisticated filtering technologies.
What seems scary to me is while the FBI has to respond to public opinion, and scrutiny, the NSA doesn’t. And their program seems far more invasive IMO.
One interesting thing about carnivore is that no one seems to know what’s inside the boxes. Since the carnivore boxes are being placed on the outside router of many ISPs, some people claim it’s the FBI’s way of shutting down the Internet by blocking messages. Because much of the Internet traffic is routed through the USA, it’s not a far-fetched idea.
Actually, this usually isn’t the case. Esp. Where a pop3 account is concerned. The Messages are usually deleted once downloaded from the server. (The user can change this themselves.)
Carnivore is irksome because it’s an excessive way of gathering information.
One could, in theory, merely have a protocol to gather the data from only the assigned IP address of such a criminal. Snooping and spoofing can be relegated to an isolated machine. But perhaps doing such a thing would be to complex… funny though, it seems to me hackers have been doing it for years.
I have been using PGP for some time now and tell people to use it. I invariably get a puzzled look and the question “what do you have to hide?”
But would you send all your snail mail open for the world to read? That is what you are doing with unencrypted email with the difference that it is even easier to read.
I would recommend everyone use encryption in every email. If you use it only in those that you do not want read, you are calling attention to them as the ones that have important information.