I concede my first inaccuracy. Your second point however is inaccurate. When you use SafeWeb for example, it's encrypted right from the browser. I've sniffed this traffic on my own machine. There is nothing but gibberish. In order for anyone to see what you're doing a keystroke logger would have to be installed on your computer. That would of course defeat PGP as well. Now it is possible that the FBI has a backdoor into SafeWeb; that's a problem but you can always encrypt your messages beforehand. Encryption is so wide-spread now that it's all but impossible to stop. If we educated people on the uses of encryption, law enforcement would be too overwhelmed to deal with it. Again, it would have no teeth. Added to that, if we (the American people) pressured our politicians enough because of our loss of civil liberties, the laws would be reversed. I know the FBI wants an escrow key for all encryption keys but that's just not going to happen. There are too many encryption tools out there. Besides, encryption isn't the only way to hide information. The real purpose for putting restrictions on crypto is just to spy on normal law abiding citizens. Laws are for those that obey the law. Locks only keep out honest people. I'm sure you all can come up with more analogies. Regards, Larry Diffey ----- Original Message ----- From: "Stafford, Todd" <Todd.Stafford@wwireless.com> To: "'Larry Diffey'" <ldiffey@technologyforward.com>; <nanog@merit.edu> Sent: Monday, September 17, 2001 5:23 PM Subject: RE: Just Carnivore (was: Yahoogroups and Carnivore)
Supposedly Carnivore only targets specific kinds of traffic and doesn't really monitor everything at once. It's not like (again, supposedly) Echelon that examines everything and then red flags certain items. Carnivore is only looking for certain things. Also, there is no outside access to it. Someone has to physically come in and remove the mass media (what ever that may be: more than likely a hard drive).
Afraid I'd have to say that in this instance your conclutsions are inaccurate. For more information, see the FBI's Carnicore site at http://www.fbi.gov/hq/lab/carnivore/carnivore2.htm
Let's see, I want to send email to someone but I want it to be completely anonymous. I go to safeweb.com or any other anonomizer and get myself a hotmail address. I then send it to the recipient with PGP encoded text. He logs on to hotmail through anonomizer and retrieves it, decodes it and reads it. If I was really smart I'd bounce around a couple of other proxies while I was at it.
Again, check out the above link. Your idea of going to an anonmizer would be useless as Carnivore scans the traffic directly from your ISP.....before it ever gets to the anonmizer. Granted, encrypting your message before ever logging onto your ISP and then sending it via it's encrypted format would prevent it from being read in cleartext but considering what Congress is proposing, the sending of encrypted messages could be just what the FBI would need to start looking deeper into your life.
Carnivore? Toothless!
No breach or attempted breach of one's civil liberties is toothless....especially the right to privacy.