June 2001 |
|
|
|
|
Letters:
none this month
Quote(s) of the month:
"Do you know the US and Russia have held enough disarment talks to bore the world to death 50 times over?"
-- anonymous
Fix of the month:
News:
Washington;
1. July 3, Yakima: Four fire fighters lost their lives fighting the first major brush fire of the summer here. It is expected to be a worse than normal fire season due to the mow rainfall in the winter. The tragedy is all the worse since 3/4 victims were less than 21 years old, and their 30 yeal old supervisor (who died with them) were in a place not normally occupied during high wind conditions. In addition, they called for water drops but were unable to get them. The blaze hs been dubbed the 30 mile fire, because of its length.
2. July 11, Seattle: A boy stole an unmarked copy car and
borrowed it for a joyride. The next day, some plain clothes
officers, thinking they had spotted the stolen vehicle in an
intersection, rammed it. The unmarked cops that were in
_that_ unmarked car, thinking they were under attack, began
to fire on the marked cop car. The 2 cars and four officers
all emptied their guns at each other - missing - and during
a reloading break they noticed their mistake. The
juvenile returned the stolen car the next day to the police
lot, after he heard on the news what had happend when the
uniformed cops though they had their man.
3. July 31, Olympia: In an ongoing invesitgation, it
turns out that the forest service was not able to supply
water to the firefighters on the Yakima ridge for over 4
hours because of Fish and Wildlife regulations. Alhtough
there were nearby mountain rivers that could have been used
for a helicopter tanker to fill its tanks, F&W regs
prevented the river's use because of fear that salmon would
be scooped up with the water.
Florida;
1. 30 July: A pair of Washington Post reporters
have finished their six month investigation of election
irregularities in last November's presidential race and Bush
has won again - although the margin was less than 300
votes.
Washington D.C.
1. July 20: Despite all the negative publicity at home, GW and Russian head Putinov have come to a framework of understanding regarding a missile defense system. We look forward to a renewed physics job market.
2. Aug 3: While GW is not keen on sacrificing fetuses for stem cell based research, there is an alternative bill floating through congress that would endorse methods that harvest stem cells from fetuses if the fetus is left viable afterwards.
3. Aug 6: Multitasking is not a good thing for humans. Multitasking is a managerial buzz-concept these days, a post-layoff corporate assumption that the few can be made to do the work of many. But newly released results of scientific studies in multitasking indicate that carrying on several duties at once may, in fact, reduce productivity, not increase it.
"In some cases, you could be wasting your employer's time," says researcher Joshua Rubenstein, Ph.D., formerly of the University of Michigan and now with the Federal Aviation Administration (FAA) working on security issues. "And in certain cases" of multitasking, Rubenstein says, "you could be risking employers a dangerous outcome."
In the research behind an article titled
"Executive Control of Cognitive Processes in
Task Switching" -- being published Monday in the
American Psychological Association's Journal of
Experimental Psychology -- Rubenstein and his associates
determined that for all types of tasks, subjects
lost time when they had to switch from one task to
another.
These "time costs" increased with the complexity of the chores. "People in a work setting," says Meyer, "who are banging away on word processors at the same time they have to answer phones and talk to their co-workers or bosses -- they're doing switches all the time. Not being able to concentrate for, say, tens of minutes at a time, may mean it's costing a company as much as 20 to 40 percent" in terms of potential efficiency lost, or the "time cost" of switching, as these researchers call it.
Net News;
1. from http://linux.oreillynet.com/pub/a/linux/2001/05/29/carnivore.html
Carnivore: A System Admin's Concerns
by Mike DeGraw-Bertsch
05/29/2001
You've probably read a good deal about Carnivore, and know
that the FBI's
scheme to grab and save the Internet traffic (email, web
page requests,
newsgroup posts) of suspected criminals has drawn the wrath
of civil libertarians.
System administrator's are already familiar with the
technology Carnivore
emulates, and it's worth noting that the power it grants
federal authorities
-- the ability to grab and read a user's Internet traffic --
is already in the
hands of system administrators. Apparently, we
trust ourselves and our fellow
system administrators more than we trust the Feds, even
though the FBI needs a court
order to access this information while the average
administrator only needs a few
spare
minutes.
The technology behind Carnivore is not especially
sophisticated. Carnivore is
essentially a packet-sniffer with a bunch of built-in
filters. A packet-sniffer is a
tool that captures, or "sniffs," the traffic on a
network.
Carnivore's filters ensure the system is complying with the
court order under
which it operates and only the allowed communications are
intercepted. The FBI
sets one filter, so only the suspect's data is captured.
Other filters then limit the
types of data that can be captured -- email, web pages,
whatever. Finally, even
more specific filters are set to look for certain keywords,
or communications from
specified parties.
If this works correctly, it means the FBI would nab email
about a suspect's drug
flight into Texas, while it would not see email about that
suspect's virtual love
affair with his neighbor on Usenet.
But can we trust the FBI to respect those limits? Some
of its comments about
Carnivore
suggest
that the FBI is not even sure about the technology
they're using, and unaware how
many others have the same power. The good news is, the
system is easy enough to defeat for
anyone willing to take a few precautionary measures.
Carnivore's care and feeding
Last year, I got a peek at Carnivore when FBI agents gave a
talk in the Cyber Law and
Society class I was taking at Harvard. Supervisory Special
Agent Barry Smith and an
associate told us the rise in Internet communications
threatens the FBI's ability to
fight crime, and Carnivore is one of the ways they hope to
keep up. As more communication
goes online, criminals are taking their activities there --
for planning, communication, and
execution. Groove is useful for collaborative programming,
but it could just as easily be used
to plan a terrorist attack across international borders.
To install Carnivore at an Internet service provider, the
FBI has to obtain a warrant,
similar to a wiretap. The FBI asks the ISP isolate
the suspect's connection to a "quiet" part of its
LAN. This allows the FBI to connect without being overly
obtrusive, and prevents its machine
from being pelted with a lot of uninteresting data.
From there, the agency configures the necessary
filters, then pushes the Monitor button. A stats
screen pops up, and every day the captured data is written
to a Zip disk. A field agent
retrieves the disk and inserts a fresh one each day or week,
taking the full disk back to the
office for analysis.
Sounds simple enough. But as a system administrator, I have a few concerns.
The first is that Carnivore runs on NT. As a Unix
administrator, I see this as a
very bad thing. Windows NT has many well-known security
flaws, and the
Carnivore machine itself could be compromised unless all
security patches are
applied when they're made available. Even then, unpublished
flaws (without
patches) leave the machine vulnerable. The FBI says it puts
a firewall between the
Carnivore box and the rest of the ISP, and a team of
security experts tends to
NT patches. Even so, if you're not concerned about the FBI
reading your email,
you should be concerned that the Carnivore box could be
hacked.
My second concern is that, depending on how the filters are
set, Carnivore can
capture any amount of data the FBI would like. The agents
said Carnivore "only
connects at Ethernet speeds," as if to suggest this limits
the amount of data the
agency can grab. This struck a chord, so I asked about it
after their talk. After
saying that OC-128 and Gigabit Ethernet are faster (to which
I replied with a
glare), he said that Carnivore sees too much data to store
it all, and the FBI
couldn't archive it. I pointed out that a 40-gigabyte hard
drive costs only $150
these days, but he responded "we don't have time to look at
all that data." I didn't
want to argue more, or tell them about Perl.
In fact, it seems to me that Carnivore could be replaced
with tcpdump and Perl.
tcpdump is a packet-sniffer, and a standard Unix utility. It
can restrict what is
captured based on the type of data and its destination. For
example, it could
store just email and web pages going to a suspect's IP
address. The captured
data could then be analyzed with Perl to discard everything
but authorized
interceptions, say, emails to another suspect or access to
specific web pages.
Because it seems so easy to replace Carnivore with these
open-source tools, I
asked if the FBI would consider open-sourcing Carnivore,
arguing that it would
alleviate the public's concerns as to Carnivore's
capabilities. Barry's face grew a
bit dark at that. He maintained that only the FBI should be
allowed to use such a
program, and that anyone who codes a similar program must be
breaking the law.
He's obviously not a system administrator.
The FBI's argument about limited storage capacity argument
is less than
convincing, as is the "slow" Ethernet connection argument.
The limited manpower
argument carries a bit more weight, but Perl provides an
excellent point of
contention. However, if the FBI developers have expended
this much effort to
recreate tcpdump, it makes me wonder if they'd be able to
use Perl. Perhaps
they'd roll their own there, too, creating OysterEater.
You'll never take my data alive!
So what can privacy-conscious individuals do to prevent the
FBI from reading
their emails and seeing that they've visited porn sites?
Encrypt your email with SMIME or PGP.
Use a service like Anonimizer.com, which hides all web
traffic to your
desktop by sending encrypted web requests through many of
its servers,
none of which know where the data ultimately came from.
Use FreeNet to exchange files.
Or, more simply, don't commit crimes that will make the FBI
take an
interest in you.
Special Agent Smith addressed these issues without anyone
bringing them up. If
Carnivore is easily defeated, is it valuable? It is, he
said, because the average
criminal isn't all that bright. He cited an example of one
suspect whose phone was
tapped saying, "You should whisper, the line might be
tapped." He also noted that
devices used to scramble telephone calls are widely
available, but infrequently
used.
Although I'm concerned with Carnivore's capabilities, I
believe FBI agents truly
need it to do their jobs effectively, and would be
hard-pressed to find a much
better, less-intrusive solution. While Carnivore is
potentially more intrusive than
wiretaps, the FBI has proven its restraint with them, and
has not abused that
power. Why should IP wiretaps prove any different?
If it seems I'm being sympathetic to the FBI, please look at
system administrators.
At their companies, these folks are graced with the power to
read anyone's mail
that they want, to play with people's private files, and can
easily impersonate their
company's CEO. They can do this very quietly, so that no one
notices. They
generally have no security clearance. Few have sworn to
uphold their company's
ideals. However, very few abuse the power that they've been
given, instead using
their powers for good.
Massive conspiracy theories aside, why should we believe
that FBI agents are
any different? They're deeply involved in criminal cases
when they deploy
Carnivore -- much like a system administrator would be
involved with routing out
a cracker when deploying tcpdump.
Sure, the capability is there to read their boss's mail, but
who has the time?