http://www.pbs.org/cringely/pulpit/pulpit20000713.html JULY 13, 2000 Meet Eater The FBI's Plan for Digital Wiretaps Raises More Questions Than It Answers By Robert X. Cringely There is this moment toward the otherwise forgettable end of "Star Trek V: The Final Frontier" when this alien creature patterned after the Wizard of Oz has even Spock convinced that it is God with a capital "G." They are just about to fire-up the Enterprise and take "God" back to Earth when Kirk -- probably hoping to avoid the military protocol involved with having a deity on the bridge -- asks a pivotal question: Why would God need a starship? Couldn't God just blink and instantly be in Times Square looking up at the NASDAQ sign, wondering why they cut windows into a video screen? This scene of the skeptical Kirk flashed in my mind this week as I read about Carnivore, the FBI's system for reading the e-mail of bad guys. Carnivore is a sealed box that is installed at the network operations center of an Internet Service Provider. It filters packets, finds e-mail going to and from identified criminals, and saves that e-mail for later decryption and analysis. What bothers the Internet Service Providers is they have no control over the Carnivore box, and no way of protecting the privacy of all the customers who aren't drug lords or escaped felons. What bothers the American Civil Liberties Union is the likelihood that individuals will not only lose their right to privacy, but lose it in a new and insidious way. What bothers me is the damned box. Why would the FBI need a box? Here's all the FBI will say about Carnivore. It sits on the network at the ISP, is PC-based, is "a kind of a sniffer," identifies and saves packets associated with suspected criminals, is installed under a court order, and doesn't itself act as a decryption device. There are supposed to be around 20 Carnivore boxes, and they have been in use since early this year. You don't need a sealed box to do any of these tasks, most of which are already being done for completely legal reasons right inside the router at every ISP. Routers look at every packet, determine what type of packet it is, where it is coming from and where it is going to, then the router delivers the packet to its intended destination. This is what routers do. Adding the Carnivore task is a simple matter of blind copying every packet to or from a bad guy to a third address at the J. Edgar Hoover FBI Building in Washington, DC. It's at most a few lines of code and requires no additional hardware. So why the box? The probable reason is because cops like to be in control. They LIKE boxes, like delivering them in unmarked cars, like the satisfying click of the RJ-45 connector as it slides home. Maybe they don't know that it could all be done without a box. Heck, it IS being done without a box all the time, and that's where the ACLU is missing the point. Sniffers have been running on networks ever since Harry Saal invented the device. Every packet at every ISP already goes through a sniffer at least part of the time. An ISP could do at any time what we fear the FBI might do with Carnivore read the e-mail and follow the surfing habits of every pretty blonde customer. Good ISPs, which is to say nearly all ISPs don't do this, of course, but it happens. So why doesn't the FBI just get a court order making the ISP do the dirty work? That's what the ISPs wonder, too, especially since that's how phone taps are handled. Cops don't really climb poles and attach alligator clips to hear phone calls. That's all done at the central office by telephone company technicians. The FBI, through the use of Carnivore, is trying to grab a little more power. And by doing it themselves with Carnivore, the FBI doesn't have to reveal the identity of the bad guy or extent to which it is using the box. Yeah, right. But wait, it gets worse. There are aspects of this case that the ACLU hasn't even considered. The Carnivore boxes are what's called "co-located" at the ISP. This isn't a rare thing. Many organizations like to control their own Web or mail servers and so co-locate them at an ISP. Colocation puts your server closer to the Internet backbone, eliminates typical T-1 line costs, allows the ISP to monitor and reboot the server, and usually comes with nifty things like redundant backbone connections and diesel generators in case the power goes out. Companies in the co-location business include well-known names like AT&T, IBM, and Intel. So there are tens of thousands -- maybe hundreds of thousands -- of computers already installed just like the FBI installs its Carnivore boxes. What keeps those co-located computers from being sniffers, too? Nothing at all. For $300 per month, you too could install your own Carnivore box at the ISP of your choice. Co-location facilities don't really care what you do with your co-located server as long as you keep paying the bill. More technically astute readers may take exception to this idea of private Carnivore boxes since there are ways to isolate ISP traffic and keep one box from seeing all the packets on the ISP network. But at most ISPs, THOSE TECHNIQUES AREN'T USED. This still leaves us wondering why the FBI insists on this program that isn't really necessary to do what they say they want to do. Beyond my overzealous cop theory, the most obvious possibility is that Carnivore is actually intended to do something else, some different task than the FBI is saying. Privacy advocates and the ACLU seem fixated on the idea that the Feds will use Carnivore to eavesdrop on non-criminals. It makes sense to worry about this, given past FBI anti-privacy campaigns like the Clipper Chip fiasco of several years ago that was supposed to have made it possible for the FBI to tap up to 10 million simultaneous telephone conversations, even though there are only an average of 1500 court-ordered phone taps each year in the U.S. But I have my own theory about Carnivore. From a network architecture standpoint, the best location for Carnivore is right after the ISP's router. This puts Carnivore in the path of every packet entering or leaving the ISP. It's also a major reason why ISPs might not want to install Carnivore boxes -- it's the network's point of greatest vulnerability. In this position, Carnivore can act as a listening and recording device, OR IT CAN ACT AS A SWITCH. If we ever hear a proposal from the FBI in which it plans to install Carnivores at all 6000 ISPs in the U.S., we'll be giving the government the power to do something it can't do right now. Shut the Internet down. "We've got a Carnivore^h^h^h^h^h^h^h^h^h ChildSavor box, we're using the case as a radio antenna, and we know that's not allowed!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Shit Disturbing: Anarchy in the streets, Brain's Moral Compass | digital money-laundering, zero-knowledge W.A.S.T.E.D - Proud Author of| gun purchases, collapse of Federal buildings many prompt checks to the IRS| "Nuts like me give Orrin Hatch wet dreams" "When the Revolution comes, they'll start working their way through Tim's Killfiles."