Brought to you by...


SeaViews: Insights from the Gray Havens 
June 2001

(formerly the _Rochester Rag_, formerly the _News from Detroit_)

Motto: The surest way to get a reputation for being a trouble maker these days is to go about repeating the very phrases that the Founders used in the struggle for independence.

-- C.A. Beard


email Steve
Anon ftp site
News Archives

Standard disclaimers apply. In addition, the author makes no guarantees concerning the grammatical accuracy of his writing. Submitted text files must be in raw or compressed (.Z, .gz or PK Zip) ASCII. Image files must be in raw or compressed (see above) GIF89 (or older).

On last month's Fix;

the answer to last month's Fix,
"Our local Indian reservations sell fireworks. The interesting thing is, the fireworks stands are decorated with US Flags. Odd?"

Not that this is in need of a fix, but doesn't it strike one as odd? It would sort of be like a raped women who gets pregnant sending the perpetrator a Father's Day card. So is this the Stockholm Syndrome or just smart marketing?

On another late issue:
I know, excuses excuses. This time, Sheryl and I were busy buying a house which we will be moving into at the end of the month. Also, my HS 20'th reunion is coming up the third weekend in Aug, so we shall be hopping, first flying to Wis, then home to entertain in -laws, then moving, all in a two week period. Ah, those hazy, lazy days of summer.

Guest Editorial:

they say a picture is worth a thousand words, so since I'm short of time and want to describe the house we are moving to ...


none this month

Quote(s) of the month:

"Do you know the US and Russia have held enough disarment talks to bore the world to death 50 times over?"

-- anonymous

Fix of the month:

"Oil drilling in Alaska - shuold we?"



1. July 3, Yakima:  Four fire fighters lost their lives fighting the first major brush fire of the summer here. It is expected to be a worse than normal fire season due to the mow rainfall in the winter. The tragedy is all the worse since 3/4 victims were less than 21 years old, and their 30 yeal old supervisor (who died with them) were in a place not normally occupied during high wind conditions. In addition, they called for water drops but were unable to get them. The blaze hs been dubbed the 30 mile fire, because of its length.

2. July 11, Seattle: A boy stole an unmarked copy car and borrowed it for a joyride. The next day, some plain clothes officers, thinking they had spotted the stolen vehicle in an intersection, rammed it. The unmarked cops that were in _that_ unmarked car, thinking they were under attack, began to fire on the marked cop car. The 2 cars and four officers all emptied their guns at each other - missing - and during a reloading break they noticed their mistake.  The juvenile returned the stolen car the next day to the police lot, after he heard on the news what had happend when the uniformed cops though they had their man.

3. July 31, Olympia: In an ongoing invesitgation, it turns out that the forest service was not able to supply water to the firefighters on the Yakima ridge for over 4 hours because of Fish and Wildlife regulations. Alhtough there were nearby mountain rivers that could have been used for a helicopter tanker to fill its tanks, F&W regs prevented the river's use because of fear that salmon would be scooped up with the water.


1. 30 July:  A pair of Washington Post reporters have finished their six month investigation of election irregularities in last November's presidential race and Bush has won again - although the margin was less than 300 votes.

Washington D.C.

1. July 20: Despite all the negative publicity at home, GW and Russian head Putinov have come to a framework of understanding regarding a missile defense system. We look forward to a renewed physics job market.

2. Aug 3: While GW is not keen on sacrificing fetuses for stem cell based research, there is an alternative bill floating through congress that would endorse methods that harvest stem cells from fetuses if the fetus is left viable afterwards.

3. Aug 6: Multitasking is not a good thing for humans. Multitasking is a managerial buzz-concept these days, a post-layoff corporate assumption that the few can be made to do the work of many.  But newly released results of scientific studies in multitasking indicate that  carrying on several duties at once may,   in fact, reduce productivity, not  increase it.

 "In some cases, you could be wasting  your employer's time," says researcher  Joshua Rubenstein, Ph.D., formerly of   the University of Michigan and now with the Federal Aviation Administration  (FAA) working on security issues. "And in certain cases" of multitasking, Rubenstein says, "you could be risking employers a dangerous outcome."

 In the research behind an article titled "Executive   Control of Cognitive Processes in Task  Switching" -- being published Monday in the  American Psychological Association's Journal of  Experimental Psychology -- Rubenstein and his associates
 determined that for all types of tasks, subjects  lost time when they had to switch from one task  to another.

   These "time costs" increased with the complexity of the chores. "People in a work setting," says Meyer, "who are   banging away on word processors at the same time they have to answer phones and talk to their  co-workers or bosses -- they're doing switches  all the time. Not being able to concentrate for, say, tens of minutes at a time, may mean it's costing a company as much as 20 to 40 percent" in terms of potential efficiency lost, or the "time  cost" of switching, as these researchers call it.


Net News;

1. from

                        Carnivore: A System Admin's Concerns

                        by Mike DeGraw-Bertsch

                        You've probably read a good deal about Carnivore, and know that the FBI's
                        scheme to grab and save the Internet traffic (email, web page requests,
                        newsgroup posts) of suspected criminals has drawn the wrath of civil libertarians.

                        System administrator's are already familiar with the technology Carnivore
                        emulates, and it's worth noting that the power it grants federal authorities
                        -- the ability to grab and read a user's Internet traffic -- is already in the
                        hands of system administrators.  Apparently, we trust  ourselves and our fellow
                        system administrators more than we trust the Feds, even though the FBI needs a court
                        order to access this information while the average administrator only needs a few spare              minutes.

                        The technology behind Carnivore is not especially sophisticated. Carnivore is
                        essentially a packet-sniffer with a bunch of built-in filters. A packet-sniffer is a
                        tool that captures, or "sniffs," the traffic on a network.

                        Carnivore's filters ensure the system is complying with the court order under
                        which it operates and only the allowed communications are intercepted. The FBI
                        sets one filter, so only the suspect's data is captured. Other filters then limit the
                        types of data that can be captured -- email, web pages, whatever. Finally, even
                        more specific filters are set to look for certain keywords, or communications from
                        specified parties.

                        If this works correctly, it means the FBI would nab email about a suspect's drug
                        flight into Texas, while it would not see email about that suspect's virtual love
                        affair with his neighbor on Usenet.

                        But can we trust the FBI to respect those limits?  Some of its comments about Carnivore           suggest
                        that the FBI is not even sure about the  technology they're using, and unaware how
                        many others have the same power. The good news is, the system is easy enough to defeat for
                        anyone willing to take a few precautionary measures.

                        Carnivore's care and feeding

                        Last year, I got a peek at Carnivore when FBI agents gave a talk in the Cyber Law and
                        Society class I was taking at Harvard. Supervisory Special Agent Barry Smith and an
                        associate told us the rise in Internet communications threatens the FBI's ability to
                        fight crime, and Carnivore is one of the ways they hope to keep up. As more communication
                        goes online, criminals are taking their activities there -- for planning, communication, and
                        execution. Groove is useful for collaborative programming, but it could just as easily be used
                        to plan a terrorist attack across international borders.

                        To install Carnivore at an Internet service provider, the FBI has to obtain a warrant,
                        similar to a wiretap.  The FBI asks the ISP isolate the  suspect's connection to a "quiet" part of its
                        LAN. This allows the FBI to connect without being overly obtrusive, and prevents its machine
                        from being pelted with a lot of uninteresting data.

                        From there, the agency configures the necessary  filters, then pushes the Monitor button. A stats
                        screen pops up, and every day the captured data is written to a Zip disk. A field agent
                        retrieves the disk and inserts a fresh one each day or week, taking the full disk back to the
                        office for analysis.

                         Sounds simple enough. But as a system administrator, I have a few concerns.

                        The first is that Carnivore runs on NT. As a Unix administrator, I see this as a
                        very bad thing. Windows NT has many well-known security flaws, and the
                        Carnivore machine itself could be compromised unless all security patches are
                        applied when they're made available. Even then, unpublished flaws (without
                        patches) leave the machine vulnerable. The FBI says it puts a firewall between the
                        Carnivore box and the rest of the ISP, and a team of security experts tends to
                        NT patches. Even so, if you're not concerned about the FBI reading your email,
                        you should be concerned that the Carnivore box could be hacked.

                        My second concern is that, depending on how the filters are set, Carnivore can
                        capture any amount of data the FBI would like. The agents said Carnivore "only
                        connects at Ethernet speeds," as if to suggest this limits the amount of data the
                        agency can grab. This struck a chord, so I asked about it after their talk. After
                        saying that OC-128 and Gigabit Ethernet are faster (to which I replied with a
                        glare), he said that Carnivore sees too much data to store it all, and the FBI
                        couldn't archive it. I pointed out that a 40-gigabyte hard drive costs only $150
                        these days, but he responded "we don't have time to look at all that data." I didn't
                        want to argue more, or tell them about Perl.

                        In fact, it seems to me that Carnivore could be replaced with tcpdump and Perl.
                        tcpdump is a packet-sniffer, and a standard Unix utility. It can restrict what is
                        captured based on the type of data and its destination. For example, it could
                        store just email and web pages going to a suspect's IP address. The captured
                        data could then be analyzed with Perl to discard everything but authorized
                        interceptions, say, emails to another suspect or access to specific web pages.

                        Because it seems so easy to replace Carnivore with these open-source tools, I
                        asked if the FBI would consider open-sourcing Carnivore, arguing that it would
                        alleviate the public's concerns as to Carnivore's capabilities. Barry's face grew a
                        bit dark at that. He maintained that only the FBI should be allowed to use such a
                        program, and that anyone who codes a similar program must be breaking the law.
                        He's obviously not a system administrator.

                        The FBI's argument about limited storage capacity argument is less than
                        convincing, as is the "slow" Ethernet connection argument. The limited manpower
                        argument carries a bit more weight, but Perl provides an excellent point of
                        contention. However, if the FBI developers have expended this much effort to
                        recreate tcpdump, it makes me wonder if they'd be able to use Perl. Perhaps
                        they'd roll their own there, too, creating OysterEater.

                        You'll never take my data alive!

                        So what can privacy-conscious individuals do to prevent the FBI from reading
                        their emails and seeing that they've visited porn sites?

                             Encrypt your email with SMIME or PGP.
                             Use a service like, which hides all web traffic to your
                             desktop by sending encrypted web requests through many of its servers,
                             none of which know where the data ultimately came from.
                             Use FreeNet to exchange files.
                             Or, more simply, don't commit crimes that will make the FBI take an
                             interest in you.

                        Special Agent Smith addressed these issues without anyone bringing them up. If
                        Carnivore is easily defeated, is it valuable? It is, he said, because the average
                        criminal isn't all that bright. He cited an example of one suspect whose phone was
                        tapped saying, "You should whisper, the line might be tapped." He also noted that
                        devices used to scramble telephone calls are widely available, but infrequently

                        Although I'm concerned with Carnivore's capabilities, I believe FBI agents truly
                        need it to do their jobs effectively, and would be hard-pressed to find a much
                        better, less-intrusive solution. While Carnivore is potentially more intrusive than
                        wiretaps, the FBI has proven its restraint with them, and has not abused that
                        power. Why should IP wiretaps prove any different?

                        If it seems I'm being sympathetic to the FBI, please look at system administrators.
                        At their companies, these folks are graced with the power to read anyone's mail
                        that they want, to play with people's private files, and can easily impersonate their
                        company's CEO. They can do this very quietly, so that no one notices. They
                        generally have no security clearance. Few have sworn to uphold their company's
                        ideals. However, very few abuse the power that they've been given, instead using
                        their powers for good.

                        Massive conspiracy theories aside, why should we believe that FBI agents are
                        any different? They're deeply involved in criminal cases when they deploy
                        Carnivore -- much like a system administrator would be involved with routing out
                        a cracker when deploying tcpdump.

                        Sure, the capability is there to read their boss's mail, but who has the time?