Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Is an Open Source Carnivore a possible solution?

By BigZaphod in News
Tue Jul 25, 2000 at 04:38:44 PM EST
Tags: Freedom (all tags)

Yesterday I managed to catch some of the Congressional Judiciary Committee hearings about Carnivore on CSPAN. An interesting topic was brought up by the expert witnesses testifying before the committee. Some members suggested that if the source code for Carnivore was public, then we could avoid many of the privacy issues that the system has raised. It was even suggested that a complete open source solution be explored by the committee instead of simply trusting the FBI to protect our rights.

One of the reasons Carnivore is causing such a stir is that the FBI currently has to ask telephone companies to provide the information they need in cases similar to how Carnivore is supposed to be used. They claim that small ISPs do not have the ability or financial means to do what Carnivore does--therefore they need to do it for them. According to the FBI testimony, Carnivore is nothing more than a packet sniffer for e-mail messages that grabs the To and From lines, passes them through a filter (to check compliance with the court order), and then eventually logs the results for later retrieval. The results are nothing more than the e-mail equivalent to "numbers called" which are the results of most phone taps. According to the FBI, they cannot legally capture any more than that and so they won't try. Basically, they ask that we trust them. The FBI claimed that the main reason Carnivore exists is simply because ISPs cannot get them the information they want and if the ISP could provide the information, there would be no need for this system. My question is: If there was an open source and free solution (and therefore within reach of all ISPs) that did exactly what the FBI says Carnivore does, would it make any difference?


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o Also by BigZaphod

Display: Sort:
Is an Open Source Carnivore a possible solution? | 9 comments (5 topical, 4 editorial, 0 hidden)
No (1.00 / 2) (#1)
by Neuromancer on Tue Jul 25, 2000 at 03:42:05 PM EST

It wouldn't make a difference. Perhaps open sourcing so people could see what it does, but there would still be the loss of trust. Really, the only expensive part would be the hardware to support it, and the bandwidth, the bandwith being the big thing, and these are minor, and the bulk in actuality on the ISPs bill anyways. That line on the part of the FBI isn't total bullshit, it's justification, which means that it's bullshit that the FBI believes. It's a wiretap. It's not a system to kill the net (probably, but that's not really an FBI thing, that would be a military function, CIA fits the bill best for that, so the FBI wouldn't put that sort of a system up). Anyway, pure and simple it's an invasion of privacy, no matter who writes it. The main question is whether or not you have a problem with that.

Re: No (1.00 / 1) (#7)
by davidduncanscott on Tue Jul 25, 2000 at 05:27:35 PM EST

Open Sourcing may be a solution, depending on how the problem is defined.

The issue the commitee was examining was not whether the Feds should be allowed to read your mail -- that, with whatever precautions are taken with phone taps, was taken for granted -- but whether Carnivore would read only your mail and not, for instance, mine. The nice men from the FBI said that of course it doesn't, and they wouldn't, and they couldn't, and anyway they'd be in big trouble if they did.

(I'm assuming, BTW, that although this keeps being described as an email issue it's obvious to everybody that you don't need hardware to read email and that most ISP's, if presented with a court order, would simply cc everything from the server to the G-men. Clearly this box is intended to read web pages, ftp, etc.)

Opening the code would at least allow people to check whether or not the box is diverting and cataloging all traffic (look for comments like "/* This'll screw all those pinko hippies!! */") or just the stuff they're legally authorized to get.

Mind you, the FBI response that there are some license issues has some validity -- they appear to have built this thing on top of a commercial product.

[ Parent ]

The problem isn't the software, it's the principle (4.00 / 3) (#2)
by bkosse on Tue Jul 25, 2000 at 03:50:25 PM EST

The FBI doesn't follow the law when it comes to phone tapping, and this is far too easy to abuse even compared to phones.
-- Ben Kosse

Open source doesn't help here. (2.66 / 3) (#8)
by chas on Tue Jul 25, 2000 at 07:04:36 PM EST

Carnivore is meant to run on servers at the ISP. If the source code is available to the ISP, how does that help the customer of the ISP? The ISP can post the code to their heart's content, but they can't prove to the customer that the binary was compiled from that source. It's the 'trusted client' (in this case, 'trusted server', for a bit of variety) problem again.

There is no way that I, as a customer of an ISP, can know which binary the ISP is running. So I can't be sure they haven't got a cosy deal with organised crime, telemarketers or law enforcement agencies. They probably haven't. But they might.

If a law enforcement agency wishes to gain access to emails, they can do it already. Same as with paper mail. Get a court order, go to the ISP/sorting office and read the mails. Why do they want to automate it? [No, don't answer that]

Never try to make more than one point in a post. See above for justification

Interesting idea but doesn't address the issue. (none / 0) (#9)
by pfy on Mon Sep 18, 2000 at 11:40:29 PM EST

Opening the source just allows us to see how it works and I suppose it would help us learn how it can be made better or how to properly restrict its use. It doesn't, however, change the way the FBI or any other LEA can or will choose to use it. Just because the source is available doesn't mean that they are going to follow the rules. This isn't so much of a closed source issue as it is the fact that the software exists and that the people using have essentially little restriction and/or checks and balances to keep them in line. What needs to happen is have some clueful legislation made to restrict the use of the system and find a way to keep the LEA in line when it uses it.
perl, live it, breathe it, sleep it, eat it.
Is an Open Source Carnivore a possible solution? | 9 comments (5 topical, 4 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!