Network monitoring en masse.

31 January 2007

Well, it seems that Carnivore DCS-1000 isn't enough to feed the gaping information maw of the FBI. Rather than sniff the traffic associated only with a single IP address they've decided to record ALL of the traffic for a given netblock and analyze it offline. For my readers who don't understand how this might apply to them (you know that I'm headed for the Fourth Amendment already), here's a quick rundown of the principle. IP addresses are organised into contiguous blocks that make them easy to manage. If your DSL provider assigns you the IP address with a netmask of (also called a /24), that means that your address is part of a block of 253 others. Technically, it's one of 255 others - .1 is reserved for the default gateway of that netblock and .255 is used to broadcast to every IP address in that block. DCS-1000 was designed to record traffic for one IP address only out of that block - for the sake of argument, let's say that they're watching your IP address (, and ignore the rest of the traffic with an address in that netblock. The FBI has decided to record traffic for every IP address in that subnet, whether or not you're a part of the investigation or not. That traffic is then analysed for signs of shady activity using unspecified techniques.

What bothers me is the fact that they're not going after a target but are essentially going on fishing expeditions looking for people who are up to anything that even looks vaguely illegal. This can be compared to police officers who park outside of a house to keep an eye on it without probable cause.

Call me crazy, but I thought that it was illegal to listen in on what everyone is doing on the off chance that someone's up to no good. I guess that isn't supposed to matter anymore.