[7497] in cryptography@c2.net mail archive
RE: FBI announcement on email search 'Carnivore'
daemon@ATHENA.MIT.EDU (Meyer Wolfsheim)
Mon Jul 17 21:42:57 2000
Date: Mon, 17 Jul 2000 20:39:34 -0400 (EDT)
From: Meyer Wolfsheim <wolf@priori.net>
To: Lucky Green <shamrock@cypherpunks.to>
Cc: cryptography@c2.net
In-Reply-To: <NDBBIFGOKODBCKDGJDKLKENCEFAA.shamrock@cypherpunks.to>
Message-ID: <Pine.BSF.4.21.0007172032030.79609-100000@mesozoic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 16 Jul 2000, Lucky Green wrote:
> Only time will tell. And it may be long time, indeed. The FBI is some 5
> years behind in some of their FOIA responses.
That renders the FOIA almost totally useless in cases like this...
> Still, I disclosure of the Carnivore code is not the most interesting issue
> here. Carnivore represents just one of many indicators of a much larger
> global trend. While the implementation details vary from country to country,
> law enforcement is moving to active monitoring of Internet communications
> closer to the targets of interest, but not at the target level. In
> particular, the "black box" monitoring device installed at the ISP level
> appears to be in the process of becoming the implementation of choice.
> Pioneered by Russia, this design has rapidly been adopted by the UK, and now
> is used in the US.
Sure. But I'd still like to get my hands on one of these boxes, and see
exactly what they do. I am convinced that the potential abilities of a
Carnivore box are far greater than the legal abilities.
> There are sound engineering reasons why this design is so popular: unlike a
> wiretap order to copy all the emails of a particular interception target,
> the black box does not require per-message cooperation from the ISP's staff.
Right, because it can simply gobble up *everything*, with the simple
reassurance that the box will not monitor innocent commnications.
> This is of importance, since this cooperation cannot and is not assumed.
In the US, it should be. That's why we have a legal system.
The ISP should have the ability to know exactly how its network is being
used.
> The lesson here is simple: encrypt your emails and other private
> communications.
Tell that to my ex-wife. You and I have been using encryption for
years... but until we get a decent, AOL-style S/MIME or PGP implementation
that is totally transparent to the user, you might as well say this:
The lesson here is simple: don't say in email or any other communication
that which you wish to be private.
- -MW-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: No comment.
iQEVAwUBOXOnUCsFU3q6vVI9AQFh4wgAqHVhr1kCqKmQ+T7fsMP9OJEAk7hQR/lf
hEWlWPPSAEv3besjw2937yZehiYjisqTQ6lxMWA1GmNJmvvbwGhE3E34yC3uWgiL
zErXI0YIYbyCSuR7/0h6B9cg6T5BS7QiZ5hQ4fRlPBHNjkueaGgcXaceE8kRHjZt
RWOMR0TXutKEoOGutkoD/lk+c9Pjpf9wS96C7wZacrEy94+sxxMpfXqRX/UIuvbC
Km2q2EveJ0tFfqVamsIMjrNFKGGcSb1XLaVs3AglIKf2e3PUeci6iuK5dIWI0OzE
E8qpdhmaVQ40Szhu3IN9ACbLh/Uit5/1rA5o15zwiyIeeG3um9vT4g==
=fScr
-----END PGP SIGNATURE-----
