Subscribe to the ZZZPTM Hotcraze Update list!

Email Address:
Name:
Home ... Portraits ... ZZZPTM Board
Stuff ... Economics
|
The Periodic Polemic

Polemic for August 16, 2000

on "carnivore"...


We already know government sites can get hacked. They get attacked so often, they actually issued a request to hackers to please stop. To be sure, the government sometimes considers pinging their webservers an attack, so maybe they just want everyone to quit that sort of thing. (It would be really ironic if they counted people sending time requests to various government-owned atomic clock services on the Internet to be "attacks".) We also know the same government servers can be compromised and data on them is exposed and available. I am thankful the government assures me that nothing vital is on those boxes connected to the Internet, even though some could be laptops with nuclear launch codes some guy just walked off a sub with and connected to AOL so he could chat all night...

This same governnment wants to set up systems that will intercept email as an extension of wiretaps police and government agents use in criminal investigations. Of course, they can define criminal to include just about anyone they don't take a liking to, so that's not a very comforting thought. Lots of folks have already said they don't like this sort of eavesdropping and I have to agree with them. There's another reason, though, why this sort of thing should not be rolled out.

These FBI "carnivore" email eaters are supposed to be on the Internet 100% of the time. They have to be, in order to gather all the email going across a particular part of the Internet so it can be used to trap an alleged bad guy or be used to harass congressmen in opposition to the ruling party. If compromised, all the information on the carnivore box is available to the hacker. The compromiser can decide what to do with it. Copy? Alter? Read? Keep tabs on it himself? Think about it... if you hijacked one of these boxes, what could you do with it? For starters, you got a ton of email addresses you could now spam, but the implications are even more chilling when someone or some group that doesn't have to lie to cover its butt when it strong-arms someone gets its hot little cyberhands on one of these mamas. Our government is supposed to be nice... mobsters or terrorists aren't. Get the picture I'm seeing now?

Security is always a question of when, not if. When the carnivore box gets hacked and the information on it is turned to an evil use, what will the government do then? I don't expect an apology. The typical thing to do would be to cover it up, get the story buried in the back of the newspaper, and pretend like it didn't happen.

Here's another interesting idea: Should the FBI also get its way with getting a back door into every encryption system, it will have full control over our communications. I don't like that. Even having all the unencrypted stuff is bad enough. By harvesting everything and having a key to unlock the encryption on every packet, they can have too much control over our communications. A little forging of headers here and there, and anyone can be made out to be an enemy spy, a tax cheat, or a murderer bragging about a crime.

How will we know this stuff won't be somehow altered to present "evidence" to force harassment, wrongful arrest and trial, and eventual wrongful imprisonment? Imagine an FBI agent whose morals have slipped with this in his hands... it's not a matter of "if", but "when."

Executive Summary: This is a BAD IDEA. Don't do it.

Dean Webb