29 September 2000: Thanks to WD for information on IITRI participants Scott, Crider and Ranade.
27 September 2000
From: Anonymous
To: jya@pipeline.com
Subject: Carnivore review proposal
Date: Tue, 26 Sep 2000 23:02:43 -0400
Have you seen the DoJ announcement of the Carnivore review team? The winning proposal (http://www.usdoj.gov/jmd/pss/iitritechnicalproposal.pdf) has most of the names blacked out -- but during the display, I noticed that the overwritten stuff is at the PDF level; I could briefly see some of the names during the screen-painting. (To be sure, what I saw were names like "She H. She" -- maybe they've learned something...)
Cryptome has confirmed that digital overwrites in the Carnivore review proposal can be unmasked by copying and pasting the PDF text or by using an Adobe plug-in, such as Pitstop, to remove overwriting. This cloaking is weaker than a similar technique used by the New York Times for cropping text of the secret CIA report on Iranian Premier Mossadeq's 1953 overthrow: http://cryptome.org/cia-iran.htm.
In addition, the participants' resume names are pseudonyms of "He" or "She," some of which can be replaced with possible true names by comparison with other information in the proposal and online sources.
The IITRI proposal (214KB) without overwriting:
http://jya.com/carnivore-iitri.pdfhttp://216.167.120.49/carnivore-iitri.pdf
http://cryptome.org/carnivore-iitri.pdf (try this last, it's overloaded)
Here are excerpts of the proposal with restored portions shown in red.
[p. 3]
SECTION 1 – EXECUTIVE SUMMARY
The IIT Research Institute (IITRI) and the Chicago-Kent College of Law—both integral parts of the Illinois Institute of Technology—propose an interdisciplinary team approach to evaluating Carnivore. IITRI will deploy its unique independent verification and validation (IV&V) methodology to test the program, working closely with Chicago-Kent academicians—national leaders in understanding information technology’s impact on legal issues including privacy. The participation of Chicago-Kent will help IITRI investigators ask the right questions, follow the pertinent leads, and consider the public’s concerns in testing the software. Only a unified team approach can ensure both technical proficiency and policy relevance.
IITRI, chartered in 1936 as the first independent research organization founded without endowment, is one of the country’s largest not-for-profit contract research and development institutes. With more than 1,500 personnel at 25 locations nationwide, IITRI has a long history of being a trusted advisor to government and industry. For this effort, IITRI will capitalize on its more than 600 employees in the Washington, DC area that are in close proximity to the Department of Justice locations. This close proximity will also enable a cost-effective interchange for the Carnivore project. As an independent contractor, we help our clients solve scientific, engineering, and business problems that often involve the use of sensitive, highly classified, or proprietary information.
IITRI will assume leadership in designing the technical inquiry. IITRI has a long and successful history of helping clients develop and implement business and technology strategies that streamline business processes and deliver world class products and services to their customers. For more than 30 years IITRI has operated the Department of Defense’s Information Analysis Centers, or IACs. IACs help ensure United States military technological superiority by providing the defense research and development communities with the right information at the right time. Using web-enabled applications and access methods, the IAC mission is to improve the productivity of researchers, engineers and program managers through collection, analysis, synthesis, and dissemination of global scientific and technical information. The IACs also extend the electronic value chain by delivering mission-critical services to DoD’s customers and stakeholders. IITRI’s technology center in Lanham, Maryland, offers a convenient, secure facility from which to set up a test ISP environment to study application of Carnivore. Chicago-Kent will lend its legal acumen and experience in governmental policy analysis to the study. The Chicago-Kent College of Law is one of the leading law schools focusing on the intersection between technology and the law. For instance, Dean Henry H. Perritt, Jr. advised President Clinton’s transition team on information policy, and, during the Clinton Administration, responded to government requests to author studies on Electronic Acquisition and Release of Federal Agency Information and on Public Information in the National Information Infrastructure. During the Reagan and Bush administrations, he authored studies on Federal Agency Electronic Records Management and Archives. Associate Dean Harold J. Krent, who worked in the Department of Justice in the 1980s, has since written three independent studies for governmental entities, the most recent of which focused on privacy concerns arising from use of agency ombudsmen. Last year, Professor Krent completed a study at the behest of the World Bank on the best way to revamp Albania’s legal information infrastructure. Professor Perritt has written widely on information technology including the influential book, Law and the Information Superhighway, which addresses material on electronic surveillance, national security, and privacy; Professor Krent has written on databanks and litigated both FOIA and Fourth Amendment cases; and both have taught seminars on privacy. Their efforts would shape the ongoing work of IITRI investigators to respond to public concerns about the scope, means, and effectiveness of the Carnivore program.
Response to DoJ Issue #1: Technical Proficiency - Verify that the scope of the lawyer’s participation is consistent with the RFP. An adequate technical review of Carnivore must consider Carnivore as a system for responding to court orders, written by lawyers and judges, that consists of three elements: (1) the understanding of the order’s requirements by the field investigator, aided by technical support personnel, (2) the parameters entered by the investigator into the Carnivore interface, and (3) the data acquisition undertaken by the Carnivore software and hardware. The legal members of the team bring special knowledge required to understand the restrictions inherent in court orders and to assist in evaluating the system properly. They will not engage in a policy review, but rather aid in a technical review, which necessarily has legal and managerial aspects as well as purely technological ones.
In addition, Dean Perritt and Professor Krent can be of special assistance in the public comment phase of the project. They regularly give public lectures explaining how the Internet and other technologies work in the legal context. Such communication is needed to help the DoJ present the facts associated with Carnivore as well as help the public overcome popular myths and understand the limitations associated with Carnivore.
[p. 9]
SECTION 4 – INDEPENDENCE
Response to DoJ Issue # 3. Independence – Given the extent of work IITRI has performed for the government, to include that performed by individuals for previous employers (e.g., J. Allen Crider), how would IITRI respond to criticism that the review was not independent? IITRI is a not-for-profit research affiliate of the Illinois Institute of Technology. Chartered in 1936 as the first independent research organization founded without endowment, IITRI is one of the country’s largest not-for-profit contract research and development institutes with an outstanding, nationally-recognized reputation for objective
[p. 10]
Engagement Executive - Melvin Scott
Project Manager & SME - Steve Smith
Additional SMEs - Harold Krent
- Hank Perritt
Systems/Network Analyst - Mengfen Shyong
C++ Application Analyst - Allen Crider
Database Analyst - Mary Ranade
Security Analyst - Steve Mencik
Technical Writer/Editor - Larry Reynolds
[p. 14]
NAME: HE P. HE [a pseudonym, possibly for Steve Smith.]
SKILL CLASSIFICATIONS: PROGRAM MANAGEMENT; SYSTEMS/SOFTWARE
ENGINEERING; QUALITY ASSURANCE
SUMMARY OF EXPERIENCE:
Mr. He, with over 28 years experience in information systems development, manages the Technology Assessment Division within IITRI’s Center for Information Technology. He has complete profit and loss responsibility a $5M line of business. For the previous 6 years, he was IITRI’s advisor to the Internal Revenue Service in areas such as standards, methodology, and evaluation of software development capabilities. In previous industry positions, he lead the development, integration, testing and deployment of large software systems using both object oriented and structured methodologies. He supervised internal research and development projects that resulted in marketable products and in new applications of cutting-edge software capabilities. Mr. He’s experience has tracked industry migration from mainframes, to minicomputers, to distributed systems, and back. He has worked in FORTRAN, COBOL, Pascal, C, LISP and assembler programming languages and with hardware including IBM, DEC, and Sun. As a consultant, Mr. He’s expertise in software development, planning, and methodology is sought by leading IS-industry companies to ensure that they apply established “best practices”.
***
[p. 18]
ACTIVE SECURITY CLEARANCES:
INACTIVE SECURITY CLEARANCES: TS/SI/TK
[p. 19]
Henry H. He, Jr. [A pseudonym for Henry H. Perritt, Jr.]
Biographical Information
Dean and Professor of Law, Chicago-Kent College of Law, and Vice President - Downtown Campus, Illinois Institute of Technology (1997-)
***
[p. 23]
Born: December 30, 1944
Contact: Henry H. He, Jr.
Dean and Professor of Law
Chicago Kent College of Law,
Illinois Institute of Technology
(312) 906-5010, fax (312) 906-5335
hHe@kentlaw.edu
September, 2000
[p. 24]
NAME: SHE BETH SHE
SKILL CLASSIFICATIONS:
PRIMARY SKILL CLASSIFICATION: SYSTEMS ENGINEERING
RELEVANT SECONDARY SKILL CLASSIFICATIONS: SYSTEMS ANALYSIS, DATA ANALYSIS
SUMMARY OF EXPERIENCE:
Over 11 years in Systems Engineering with AT&T, with expertise in Operations Planning, Computer Telephony Integration, Systems Analysis, Network Management. Strength includes designing large systems, negotiating customer requirements, defining systems requirements, solving hard problems, and defining test plans. Have worked on several large and complicated projects in support of both Government Contracts and Commercial Markets.
Starting from February 1999, have worked with IITRI on the Federal Funded Research and Development Center (FFRDC) contract, responsible for the Internal Revenue Service (IRS) voice systems Y2K end-to-end testing. This test was conducted at the Department of Treasury Interoperability Test Lab, and Ms. She was the test planning coordinator between the Department of Treasury and the IRS. This project involved the following disciplines: voice systems architecture, network model and simulation, and equipment inventory data analysis. In addition, Ms. She conducted researches on voice over packet technology.
[p. 28]
NAME: J. HE HE [A pseudonym J. Allen Crider.]
SKILL CLASSIFICATIONS: PRIMARY: SOFTWARE DEVELOPMENT; SECONDARY: MATHEMATICS, STATISTICS
SUMMARY OF EXPERIENCE:
13 years experience in developing software and leading development teams. Involved in all phases of software development, from analysis and design to final testing on projects in several application areas, including digital signal processing, image processing, statistical analysis, and business processes. Led teams of three to six developers on several medium sized projects.
***
Computer Sciences Corporation, Huntsville, AL;
Computer Scientist; June 1994 – June 1996
Provided software development support and performed Unix system administration duties for the Vehicle Propulsion Laboratory at NASA’s Marshall Space Flight Center [MSFS].
[Mr. Crider's email address in March 1996: crideja@jetson.msfc.nasa.gov.
http://www.landfield.com/usenet/news.announce.newgroups/comp/comp.lang.java-reorg]
***
[p. 30]
ACTIVE SECURITY CLEARANCES:
Interim Secret, DOD, May 2000
INACTIVE SECURITY CLEARANCES:
Top Secret/Special Intelligence, DOD, 1987 – 1992
[p. 31]
HAROLD J. HE [A pseudonym for Harold J.
Krent]
230 Moraine Road
Highland Park, Ill. 60035
(847) 266-1712 (H)
(312) 906-5397 (W)
Work Experience
1994 - Professor, Chicago-Kent College of Law (Associate Dean since 1997)
1987 - 1993: Assistant Professor of Law, University of Virginia Law School
1983 - 1987: Attorney, Department of Justice Civil Division, Appellate Staff
1982 - 1983: Law clerk for the Honorable William H. Timbers (2d Cir.)
[p. 34]
NAME: SHE S. SHE [A pseudonym probably for Mary Ranade]
SKILL CLASSIFICATIONS: PRISHE: COMPUTER SCIENCE; SECONDARY:DATA BASE MANAGEMENT; SYSTEMS DESIGN AND IMPLEMENTATION; PERFORMANCE EVALUATION AND TESTING; EDUCATION
SUMMARY OF EXPERIENCE: Over 25 years of experience in progressively responsible positions in the computer industry, including system and performance evaluation of large computer telephony systems, logical and physical design of large data base systems, design and development of applications and software tools for relational database administrators, design and development of relational database engines, technical support of relational database users and presentations to user groups, data needs assessment and software evaluation, microchip design in support of computer graphics research, software simulation, design and development of quality assurance software and procedures, proposal preparation, design and implementation of accounting and manufacturing systems, software support of statistical analysis of experimental data, and teaching information science (including file management).
CHRONOLOGICAL EXPERIENCE:
IITRI/TSMI;
Senior Computer Scientist; March 1994–Present
Ms. She participated in projects in support of the Internal Revenue Service (IRS) and Defense Technology Information Center (DTIC) in the areas of Strategic Planning, Technology Assessment, and the Information Technology Research Lab.
***
[p.37]
EDUCATION:
Illinois Institute of Technology, Ph.D., 1974, Mathematics
Illinois Institute of Technology, M.S., 1967, Mathematics
[Ms. Ranade, 1967 IIT: http://www.iit.edu/publications/catalyst/fw9899/rolls/alumni.html ]
[p. 39]
NAME: HE L. HE [A pseudonym for Larry Reynolds]
SKILL CLASSIFICATIONS: DOCUMENT MANAGEMENT, DATA INTERCHANGE, GRAPHICS, AND MULTIMEDIA APPLICATIONS SPECIALIST; MARKETING COMMUNICATIONS
SUMMARY OF EXPERIENCE:
Mr. He has extensive experience organizing and managing large electronic documentation and multimedia projects. He also has researched, analyzed, and specified standards and applications packages for numerous document management systems, including World Wide Web (WWW) and platform training applications. He has also developed configuration management policies and specifications and served as configuration manager on numerous large document production projects.
Mr. He has developed marketing communications programs for information technology capabilities. These activities include researching and selecting tradeshows for exhibit participation; researching, designing, and purchasing tradeshow booths and equipment; writing and editing capability brochures; developing high-level overview brochures, developing and designing capability briefings and slide shows; researching government solicitations for potential bid proposals; and written and edited proposals.
***
[p. 40]
In addition to these assigned responsibilities, Mr. He was also responsible for developing a marketing communications program for the new Center for Information Technology (CIT) Operation. Related accomplishments:
***
[p. 42]
ACTIVE SECURITY CLEARANCES:
Treasury Department, Internal Revenue Service, Official Use Only clearance, active; 1993–Present.
INACTIVE SECURITY CLEARANCES:
DISCO, Secret clearance, active 1964–1977.
***
[p. 43]
[Listed online publication by Mr. Reynolds: http://www.uampfa.berkeley.edu/onlineres/standardsbib.html]
[p. 41]
NAME: HE R. HE [A pseudonym for Melvin Scott.]
SKILL CLASSIFICATIONS: PROGRAM MANAGEMENT, P&L MANAGEMENT, BUSINESS DEVELOPMENT
SUMMARY OF EXPERIENCE:
Over the course of my extensive and successful career, I have had the opportunity to work both on the scientific and business sides of information technology. I have built several organizations from the ground floor and, in another case, turned a program around from losing money to be very profitable. I have always been instrumental in the choice and use of the latest technologies. I have been a leader in developing strategic plans for business development and technical marketing. All of these positions have enabled me to become an excellent manager of people and gain a thorough understanding of many different technologies. For examples, I have led major software development projects, led major research projects, led major procurements of computing and telecommunications equipment, managed high performance computing centers, led major proposal developments, participated in strategic planning, led business development, and technical marketing activities.
***
[p. 44]
AGISS Software Corporation, USA, 1998 -1999;
President - USA, Reston, VA; 9/1998 – 9/1999
In September 1998, He was selected by AGISS to initiate and develop the U.S. operations for the AGISS Software Corporation, which is headquartered in Ottawa, Canada.
[Mr. Scott identified at: http://www.findarticles.com/m0EIN/1998_Oct_23/53118931/p1/article.jhtml]
***
[p. 47]
ACTIVE SECURITY CLEARANCES:
Top Secret, Department of Defense
INACTIVE SECURITY CLEARANCES:
Top Secret, SCI, Army
[p. 48]
NAME: HE M. HE [A pseudonym for Steve Mencik - resume here matches online version: http://www.jsweb.net/smmres.htm.]
SKILL CLASSIFICATIONS: PRIMARY: INFORMATION SECURITY; SECONDARY: WEB-SITE DESIGN, PROGRAMMING
SUMMARY OF EXPERIENCE:
With more than 18 years experience in the Information Security field, Mr. He has demonstrated expertise in system vulnerability analysis, penetration testing, system security design and implementation, as well as security policy development. Mr. He is a computer scientist that has been active in vulnerability assessment for many years. He also has participated in the development of many U.S. and International standards for computer and network security, including the International Common Criteria and Presidential Decision Directive-63.
***
[p. 51]
ACTIVE SECURITY CLEARANCES:
Top Secret / SCI, National Security Agency, June 1999
INACTIVE SECURITY CLEARANCES:
N/A