InformationWeek

April 23, 2001

Taking A Bite Out Of Carnivore

By Larry Kahaner

Illustration courtesy of Hungry Dog Studio

orried that Carnivore may accidentally grab your E-mail? There are legal ways to keep the FBI's E-mail monitoring device at bay.

Carnivore can't read Web-based E-mails; messages sent through Hotmail, Yahoo Mail, and similar services are out of its reach. "We have no way to hardcode a solution for Web mail," says Marcus Thomas, section chief of the FBI's CyberTechnology Section. But advancing technology means this loophole could be closed some day.

Some Carnivore opponents suggest hopping around among multiple E-mail accounts or routing E-mail to rarely used server ports as a way to avoid being monitored. That's the method used to avoid detection by Russian hackers who stole data from the Department of Defense.

The simplest and most effective way to keep E-mail private is to use off-the-shelf encryption programs such as PGP, which stands for Pretty Good Privacy. PGP is distributed free for individual use and is licensed for commercial use by companies such as Network Associates Inc.

"Encryption is a huge problem for us," Thomas says. PGP is powerful and extremely difficult to decrypt if the "key" used to encrypt the message is long enough. Officials at the National Security Agency won't discuss whether they've been able to break PGP.

PGP encrypts the message content, not the header info. But there are other products such as Privada Network from Privada Inc., which strips out the header information, replaces it with a Privada account number, and routes the message through a Privada server. The company says it's impossible to link a Privada protected E-mail with a specific sender or recipient. The products are available for Internet service providers and individual users.

Software products that promise to deliver information sought by the FBI without the controversy surrounding Carnivore are becoming available for ISPs. One such product, Altivore, is produced by Network Ice Corp. a software developer that makes the BlackICE Defender firewall and other security-related programs. Chief technology officer Robert Graham says Altivore satisfies wiretap warrants by giving authorized government agencies exactly what they're allowed by law to obtain, sender and receiver information, without additional header data. "I wrote this to provide ISPs an alternative," Graham says. "They have to respond to court orders, but they don't have to use Carnivore."

Why doesn't the FBI go directly to the target's phone line and capture the transmissions to and from that person's computer? This would solve many of Carnivore's legal and technical issues, but the FBI is loathe to do it. Says Thomas, "It's expensive and just not a good solution."

close this window

Illustration courtesy of Hungry Dog Studio

E-mail To A Friend | Printer-Friendly | Send Us Your Feedback