PFS doesn't provide any resistance against an active attacker; ie: one that can substitute any message between the client and server.
pFs provides resistance to previously passively recorded cipher texts being decrypted when the static secret key is disclosed. It does this by ensuring the session key exchange is protected by an ephemeral key; it is not possible to derive the session key from any static configuration, ie: rsa private key.
With the PFS ciphers, the static secret key provides server authentication; so you know your talking to the correct server or in this case FBI carnivore device. The mitm appliance can even support PFS between you and it so you wouldn't even know the difference!
pFs provides resistance to previously passively recorded cipher texts being decrypted when the static secret key is disclosed. It does this by ensuring the session key exchange is protected by an ephemeral key; it is not possible to derive the session key from any static configuration, ie: rsa private key.
With the PFS ciphers, the static secret key provides server authentication; so you know your talking to the correct server or in this case FBI carnivore device. The mitm appliance can even support PFS between you and it so you wouldn't even know the difference!