-Caveat Lector-
From
Working For A Change (URL @ bottom)
}}}>Begin
Confounding Carnivore
How to protect your online privacy
By Omar J. Pahati
AlterNet.org
11.30.01 |
Ever since the FBI confirmed the existence of their Internet
wiretapping device -- a device they named Carnivore -- cyberprivacy
activists have been up in arms. Carnivore promised to be their worst
nightmare: a technology that could track and record every email sent,
every Web page browsed, every chat room visited.
Today, those fears are more likely to come true than ever before. The
passage of anti-terrorism laws in the wake of Sept. 11, and the
extended powers of the FBI, CIA and police agencies everywhere, make
it likely that Carnivore will see more use in the near future.
Congress has been quite willing to trade some privacy for security,
and the Bush Administration -- especially Attorney General John
Ashcroft -- has been no defender of online privacy. With
Constitutional protections being chipped away, what can civil
liberties-minded citizens do to maintain their privacy online?
Though the technology behind the mysterious Carnivore box (officially
renamed DCS1000 in early 2001, though that name hasn't stuck) has
been portrayed as quite sophisticated, it's actually very simple.
When attached to se
rver computers at an Internet service provider (ISP), the device records the details
of all traffic coming through that ISP. It can snatch email headers and content, and
keep a history of Web pages accessed. This data can
then be saved onto disk and admitted as evidence in court.
Similar devices have long been used in private enterprise, allowing cautious business
administrators to monitor the Internet activity of employees. In network security
circles, these devices are referred to as "sniffers."
As common as this technology is, its potential uses give security specialists great
power to track electronic communications. Sniffers can produce a list of Web sites
visited so that ISPs can block access to sites deemed
questionable or subversive. Carnivore can also keep track of whom you send email to
and who sends you email, shedding light on the company you keep and potentially tying
you to activities you know nothing about. Aside fro
m these scary scenarios, the mere fact that someone is watching is disconcerting.
But before you panic about the government tracking those flirty emails you sent to a
co-worker last year, consider that the FBI is reported to have used Carnivore only 13
times between October 1999 and August 2000 (the la
test figures available). That's not very much, given the enormous amount of Web
traffic. So the chances that Carnivore has been watching you are incredibly low --
you're much more likely to have been sniffed by your emplo
yer.
Nevertheless, with the passage of the USA Patriot Act, Carnivore's use is very likely
to increase. In addition to committing unprecedented resources to security, the new
law drops some of the checks and balances once requ
ired for getting permission to eavesdrop. Futhermore, rumors that Osama bin Laden has
used encrypted messages, images, and Web sites to communicate with the global Al Qaeda
network, and fears that unknown terrorists are u
sing the Web as a tool, has upped Carnivore's value in law enforcement's eyes. The FBI
has even begun to enhance Carnivore, effectively broadening its net and fortifying its
encroachment into once private sectors of cyber
space.
Cyber-libertarians determined to maintain anonymity have already found ways to
circumvent Carnivore's watchful eyes. Most of the methods were developed by hackers to
cover their tracks when engaging in questionable, somet
imes illegal activity. But these techniques work just as well for the law-abiding
citizen who wishes to uphold the right to privacy. And thankfully, you don't have to
be a hacker to use these tools effectively.
Controversial, but legal, encryption software has been publicly available for years.
Encryption allows users to maintain a high level of secrecy when sending email or
files over the Internet.
The most storied of encryption tools is a free program called PGP. PGP stands for
Pretty Good Privacy, but it's a whole lot more than just pretty good. PGP is "strong
crypto," geek speak for encryption that is nearly impo
ssible to break. PGP is so strong that after releasing PGP to the public in 1991,
Philip Zimmermann, the program's creator, drew immediate attention from federal
prosecutors intent on preventing its distribution.
Zimmermann says, "PGP empowers people to take their privacy into their own hands.
There has been a growing social need for it. That's why I wrote it."
And that's why governments are so afraid of it. As a result, Zimmermann became the
target of a three-year criminal investigation that questioned the legality of
exporting PGP to users in other nations. But by 1996, the in
vestigation had produced no evidence of wrongdoing and PGP had become the most widely
used encryption program in the world.
A few versions later, PGP is stronger in popularity and security. PGP works by
scrambling the data such that only the recipient can descramble it. Even the sender
cannot descramble the data because only the recipient has
the descramble key.
Part of the reason behind PGP's strength is thorough peer review. The original
programming source code for PGP is publicly viewable for anyone and everyone to
scrutinize. The openness allows engineers to point out flaws,
back doors or any other kind of weakness.
By using PGP to encrypt transmissions, one can ensure with high confidence that only
the person intended to see its contents actually has access to it. Even if someone
intercepts the transmission it would be completely un
readable unless that person has the decryption key. This would not prevent Carnivore
from biting email off the network, but it will prevent prying federal agents from
reading your private communications.
"You may be planning a political campaign, discussing your taxes, or having an illicit
affair," says Zimmermann. "Whatever it is, you don't want your private electronic mail
or confidential documents read by anyone else."
Zimmermann acknowledges that PGP could be used to conceal illegal activity but
believes the right to privacy supercedes this concern.
A warning: Encryption is illegal in many countries. It is also illegal to export
encryption tools from the U.S. without authorization. So you're best using PGP only in
the United States or checking your local laws before
using PGP.
PGP Freeware will get your messages across the Net safely, but it cannot stop
Carnivore from watching what Web sites you are viewing. Most people surf from Web site
to Web site not knowing that every click they make can b
e recorded not just by the government, but by more than one monitoring system. Your
ISP, your ISP's ISP, and every Web site has a record of where Web traffic comes from
and where it goes. Even if Carnivore is not watching
you, federal agents can subpoena ISP logs to track you down. Whether you're merely
looking at NYTimes.com or AlterNet.org or one of Osama bin Laden's alleged
porn-fronted Al Qaeda Web sites, you are being watched.
There are several ways to keep your surfing habits hidden. Most involve placing a
computer on your network between you and the Internet. This computer is called a
proxy. Proxies work by taking your request for a Web page,
getting the page from the Internet and then passing it on to you. With a proxy
installed, the Internet knows the proxy is there, but doesn't know who is behind the
proxy. While proxies are common in corporate networks, a
verage home users don't have this luxury, unless they have the economic resources and
technical know-how to set one up.
However, in the last few years, services have been created to provide Web surfers with
a virtual proxy. In this case, instead of setting up a proxy on your own network, you
connect to a virtual proxy over the Internet. On
e that works very well is Anonymizer.com. The Web service effectively allows users to
surf anonymously without additional hardware or software.
You connect to Anonymizer with your Internet browser, tell it what site you want to
see and it takes you there anonymously. If Carnivore is watching you, it will know
that you are connected to Anonymizer, but not where An
onymizer has taken you. If the Web site you visit is recording your vital signs (your
computer address, operating system, browser type, and the page you last visited), all
it sees is the Anonymizer server.
Singapore, Vietnam, Iran, Algeria, Yemen, Bahrain, the United Arab Emirates, Saudi
Arabia and China have banned sites like Anonymizer. Each country has attempted to
block citizens' access to such services; testament to th
e technology's ability to keep government eyes from peeking into private activity.
Another way that people are surfing anonymously is by using someone else's network
proxy. Hackers often do this surreptitiously, hacking into a private network and
hiding behind its proxy. While this is effective, it may
not be completely legal. You should only use someone else's proxy with their expressed
permission. Also, not all proxies will be effective anonymizers out of the box, so it
is best to coordinate the setup with the proxy's
rightful administrator.
CyberArmy, a network of tech savvy privacy activists, has a list of known proxies
scattered about the globe (www.cyberarmy.com/lists/proxy/). If you are able to obtain
permission to use one of these proxy computers, go to
your Web browser preferences and enter the proxy address under "Proxies." You will
need to enter both the address and the port number. If possible, set the proxy method
to "Tunnel" -- which creates a secure connection be
tween you and the proxy. All current Web browsers in any operating system, from
Netscape and Internet Explorer to Opera and Mozilla, have this functionality built in.
With those settings in place you can surf the Web anon
ymously just as you would with your own in-house proxy.
In addition to their proxy list, CyberArmy has a lot of information about Internet
privacy. A lot of it is geared toward hacker-types but one useful tool for everyone is
the Environment Check ( http://www.cyberarmy.com/cg
i/whoami.pl). This page will tell you just what kind of information you are
broadcasting to the world when you surf the Web. Information culled by the Environment
Check includes what kind of computer you have, the version
and type of browser you use, the Web address of your ISP and your computer's network
address. Try Environment Check with a proxy and then without a proxy to see anonymity
in action.
For the less tech-experienced activist, PGP and proxies may not be the best way to
fight Carnivore. Organizations like StopCarnivore, ACLU and Electronic Frontier
Foundation are good places to start for finding a grassroo
ts solution to a digital problem.
StopCarnivore.org has been leading the charge to de-fang the device and the
over-zealous legislators pushing its use on innocent Americans. The organization's
founder Lance Brown says, "It may be a generation or two befor
e the stifling effect of Carnivore manifests itself in ways that can be measured. By
that time, America will have been able to spread its use around the globe."
Brown's Web site offers ways to get in touch with lawmakers and law enforcement
agencies to express concern over Carnivore. The site also lists ways to find out if
Carnivore is tapping your ISP.
Privacy activists say that as a matter of patriotism and democracy, everyone must
fight to protect privacy. As Zimmerman says, "If we do nothing, new technologies will
give the government new automatic surveillance capabi
lities that Stalin could never have dreamed of."
The latest version of PGP Freeware is now available for Windows
95/98/NT/2000 and the Macintosh, as well as UNIX-based computers.
Download it at MIT's distribution Web site
(http://web.mit.edu/network/pgp.html).
Omar J. Pahati is the associate editor of AlterNet.org.
� 2001 Independent Media Institute. All rights reserved.
URL: http://www.workingforchange.com/article.cfm?ItemId=12430
End<{{{
~~~~~~~~~~~~~~~
Forwarded as information only; no endorsement to be presumed
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
In accordance with Title 17 U.S.C. section 107, this material
is distributed without charge or profit to those who have
expressed a prior interest in receiving this type of information
for non-profit research and educational purposes only.
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
The only real voyage of discovery consists not in seeking
new landscapes but in having new eyes. -Marcel Proust
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
"Do not believe in anything simply because you have heard it. Do not believe
simply because it has been handed down for many generations. Do not
believe in anything simply because it is spoken and rumored by many. Do
not believe in anything simply because it is written in Holy Scriptures. Do not
believe in anything merely on the authority of Teachers, elders or wise men.
Believe only after careful observation and analysis, when you find that it
agrees with reason and is conducive to the good and benefit of one and all.
Then accept it and live up to it."
The Buddha on Belief, from the Kalama Sutta
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
A merely fallen enemy may rise again, but the reconciled
one is truly vanquished. -Johann Christoph Schiller,
German Writer (1759-1805)
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
It is preoccupation with possessions, more than anything else, that
prevents us from living freely and nobly. -Bertrand Russell
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
"Everyone has the right...to seek, receive and impart
information and ideas through any media and regardless
of frontiers."
Universal Declaration of Human Rights
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
"Always do sober what you said you'd do drunk. That will
teach you to keep your mouth shut."
--- Ernest Hemingway
<A HREF="http://www.ctrl.org/";>www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance�not soap-boxing�please! These are
sordid matters and 'conspiracy theory'�with its many half-truths, mis-
directions and outright frauds�is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
<A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of
[EMAIL PROTECTED]</A>
http:[EMAIL PROTECTED]/
<A HREF="http:[EMAIL PROTECTED]/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
