ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Carnivore: A System Admin's Concerns
Subject:   Response to comments
Date:   2001-05-30 14:08:11
From:   mbertsch
First and foremost, nothing I say will change the minds of anyone wholly convinced that the FBI is spying on them. Second, if you are convinced of
this, use encryption. Use Anonimizer.com. And don't use your phone. Personally, my life isn't interesting enough to watch.


Now, regarding what the FBI needs for authorization. The Electronic Communications Privacy Act (ECPA) of 1986 requires that any law
enforcement agency get a court order to issue a wiretap (which applies to Carnivore) or pen register (which may also apply to Carnviore). It is true that pen registers are rubber-stamped and easy to obtain. However, pen registers are expressly forbidden to capture content--only "the numbers dialed or otherwise transmitted." When applied to computers, pen registers are a hazy field, and more legislation is definitely necessary. But even if the FBI is inclined to abuse pen registeres, they still can not capture the content of peoples' actions online. Further, if the FBI wants to read your email, they must get a court order.


As for key escrow. I offered no support for this in my article, nor would I. In an ideal world, it'd be a good thing for law enforcement agencies to use. However, this is far from an ideal world, and I am very much against it.


By the way, sysadmins can't get you arrested? Maybe not directly, but what's stopping them from sending bomb threats as another user, and making it appear that the user really did it? Even just reading or deleting your emails is a clear violation of civil liberties. If you bank online, a particularly mean admin could capture your keystrokes and steal all of your money. The point is, they don't do this.