On Sun, 17 Sep 2000, Derek Martin wrote:
> This is a discussion list, and these types of issues, while not directly
> related to Linux, are of interest to Linux users and potentially impacting
> ALL of us, so I for one don't think this discussion is misplaced on this
> list. Particularly when recent discussions, both on and off this list,
> revolve around the open-source community's willingness and even eagerness
> to subvert the system. As such it's quite relevant. I find such
> assertions by the media quite disgusting. There may well be certain
> members of the open-source community who feel this way, but I for one
> prefer to work within the law, and I suspect most here do.
Well... okay. Though I do hate posting off-topic stuff; I hate seeing it
on Usenet (though it's kinda moot for most non-moderated newsgroups these
days), and it annoys me on lists. One BBS I'm on has a forum called
"Tiresome Debate," where threads that won't die, on-topic or no, are
sent.
> Also, suggesting that you take this discussion off-list rather defeats
> your purpose for posting on the list, doesn't it? As I said, this is a
> discussion list, and generally the purpose is to encourage discussion
> about topics relevant to Linux, but perhaps more accurately relevant to
> the people who post and read here.
Granted, but I didn't want to reply to yet more folk replying to my
original post.
> Actually you're mistaken here. I sat and watched the Senate oversight
> committee hearings on C-SPAN and listened for hours to an assistant
> director of the FBI (or some such title, can't recall his name at all),
> and a small panel of his buddies talk about what carnivore does, and the
> bulk of it is to filter and record e-mail headers. It is used as a tool
> to help the FBI gather relevant information to an ongoing criminal
> investigation, and can gather information regarding who an e-mail is from
> and to, as well as grabbing entire e-mails with content considered
> relevant to the investigation.
Okay, I'm confused. Not doubting you in the least, but I'd been very
much under the impression that Carnivore was released to attempt to (if
you will) "triangulate" on DDoS attacks. What good does reading e-mail
headers do, aside from prove that spammers do, indeed, exist? Did they
have some sort of explanation? I'm clearly missing an element, here.
> The theory is that since they are not looking at content, they have not
> unduly invaded your privacy and are only obtaining information about
> "public" transactions, and do not need a search warrant for this... since
> a third party was involved (the phone company, or your ISP) the
> information regarding the whos and whens of the conversation is considered
> not private. Sounds like BS to me, and I'm still pissed.
At a previous company, along with other duties, I was the "phone guy."
One time one of my friends got... an actively harrassing and threatening
voice mail, and it did take a court order for the phone company to open
up. Maybe they were just foot dragging, but I was under the impression
that they didn't do this for just any reason, police or no.
> I'm not just making this up... I'm recounting the telling of it by one of
> the FBI's own, to a Congressional committe, as seen on C-SPAN. I can't
> watch C-SPAN very often, because it generally makes me very angry.
Alas, I don't watch TV at all -- signal to noise ratio is too icky for
me.
> The FBI wants a more direct route; hence carnivore. The theory is that
> when it's installed, it is installed in a specific way which prevents the
> FBI from being able to monitor and record e-mail addresses and URLs in the
> headers of e-mail, if that is the sort of activity that has been approved.
Yes, but this is a *directed* approach -- I'm not going to argue the
merits, for or against, but my original point was regarding what started
this whole thread: the taxing of e-mail, which would mean a blanket
across *everything*. This is what I find so unlikely.
> I can see all sorts of opportunity for abuses (most of which were raised
> by the opposing panel) such as:
>
> * how do WE know the software does what FBI says it does?
>
> * how do we know the software will only do what they say it will after
> they install it?
>
> * how do we know they will only look at the information they say they
> will be looking at?
>
> * even if most FBI agents are honest, what's to prevent some from
> installing a "rogue" version of the software that sends them copies of
> every e-mail it looks at?
>
> * assuming this is possible, what's to prevent such an agent from using
> the software to monitor private e-mail for personal gain?
>
> * etc.
All of which I emphatically agree with. I do not, myself, feel that the
FBI's goals in this matter are terribly out of synch with the country's/
mine/etc. I do, however, feel that the *opportunity* for abuse shouldn't
even exist, which is the exact same reason that I am adamantly opposed to
(dagnabbit -- I forgot the term) the encryption where they'd get to keep
a key, too. As a rule in circumstances like those, I assume Murphy's
Law, and work from there.
> > Third, the OS community doesn't need to "subvert" it -- it's subverted
> > by the very nature of this distributed thing called the Internet: can
> > you run Sendmail on your box? Of course! Is there a deterministic
> > way to trace traffic? No!
>
> Of course there is. The spooks have been doing it for years. If they
> suspect you, they can install sniffing software at your ISP to monitor
> your connection until they get enough information to hang you. And if
> you're violating the law, they WILL hang you.
Again, directed -- not apposite to my original point regarding EVERYONE,
which is what would be required for taxation. I don't think the courts
would really go for that.
> > And, frankly, a law that can't, or won't, be enforced suddenly
> > becomes meaningless. (Just ask all the people I see who change lanes
> > without using their blinkers,
>
> I've got a lot to say about this one too, but it's really out of place on
> this list, so I'll refrain.
Maybe we should set Carnivore on them! ;-)
> I don't WANT to move... I just want my government to behave
> themselves. 200 years ago this country was founded to get away from this
> type of shit... we shouldn't have to be dealing with it again after such a
> short period of time.
Short period of time? Ummm... we're one of the longest-running
democracies *ever* (Iceland has had a parliamentary gov't since
sometime around 1200, but we might be second place). And, unfortunately,
we *do* have to make some compromises, or else you wind up in a situation
like the Phillipines. I don't like it, but neither do I wish to give up
the protections that the very same institions we're talking about
provide. I do hope that they avoid invasions of privacy on both large
and small scale -- I'm a strong advocate of civil liberties. But I
certainly am not going to go the NRA route of calling the FBI and ATF
"Jack-booted thugs." The government makes mistakes, the government does
dumb things: it's run by people, some good, some not so good. Due
diligence on our part is our duty as citizens, but it should be
*rational* due diligence.
> That's an easy one... they never had any idea it would become what it has
> become; until very recently, the Internet was only for propellorheads. If
> they did have an idea, they'd have held onto it until they could figure
> out how best to tax it, like they do everything else. I think the only
> thing that is stopping them now is they aren't able to justify it, since
> the internet isn't costing them anything and is run entirely by private
> companies.
So I'm a propellerhead now, huh? <grin> I do think that the government
had at least an inkling: it was already growing fairly quickly -- gopher,
archie, and all the other old text-based utilities were really catching
on in the user community. However, with the NSF rules, there was no way
for *anyone* to make money off of it; it would just be something fun for
folks to use. (I have to admit that I miss those days -- I still
remember my first spam: an anti-semitic tirade. Ah, for the days prior
to "Earn $50,000 in 30 days!") It would not have been difficult for the
feds to implement some fee, and, if memory serves, there were even a few
proposed (a per-byte rate, etc.), that were finally just tossed out, and
the whole thing was let loose.
> > should always, IMHO, be held under suspicion, but that doesn't mean
> > it's inherently evil, or inherently out to get us
>
> No, but it doesn't mean that it isn't true either... :) Actually I can't
> blame law enforcement agencies TOO much for the way they behave... their
> goal is to protect the citizenry from harm, both from internal and
> (especially) external sources. Their collective "heart" is in the right
> place, for the most part, though there will be exceptions and bad cops.
Hear, hear!
> I think the problem is that the longer you spend in this role, the more
> paranoid you become (just like sysadmins and especially security
> admins!) and these guys have had LOTS of time to get paranoid. They're as
> guilty as we are at jumping at shadows, and THAT'S what the founding
> fathers wanted to avoid. Please don't tell me you've never heard of
> real cases with ridiculous charges. It DOES happen, and it shouldn't.
> Ever.
I absolutely agree -- and this is speaking as someone who's had his fair
share of run-ins with law enforcement. (Memorable comment after being
pulled over for doing 31 in a 30: "Well, Mr. D'Ambrosio, you're certainly
not an ameteur at getting tickets, are you?") But, while the phrase
"Just because you're paranoid doesn't mean they aren't out to get you,"
is fun, it's also a dangerous mindset: caution is well advised, but
paranoia implies that one is no longer fully rational -- and paranoia on
both "sides" quickly zaps the ability for meaningful and constructive
communication of concerns and issues.
-Ken (who's darn well goin' to sleep)
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
