Carnivore

There have been a number of stories in the press lately about a
system called Carnivore (what a great name). This is a
hardware/software system designed by the FBI to intercept emails
at an ISP so they can be used in a criminal investigation.

Before going any further, it may be useful to explain how email
works. By it's very nature, email is completely insecure. Any
number of people can read that personal note you have written, and
it's very possible that your private messages to that other woman
could wind up in the newspaper.

Perhaps the best analogy is to compare email to postcards. When
you send a postcard, you write your message on one side and put
the address on the other. The message can be read by anyone who
cares to pick up the postcard.

The path an email takes to get to it's destination is very
interesting. First, of course, you compose a message in your
email program. Regardless of whether it is Eudora, Outlook,
Outlook Express or any number of other packages, the email will
almost certainly be saved in a temporary folder. Some mail
programs delete the temporary copy of the message after it is
sent and some do not. In any event, it is entirely possible that
a copy of the email is sitting on your hard drive for anyone to
look at.

Of course a copy is kept in your sent items folder, unless
you've deleted it. And even then, a copy might be kept in your
deleted items folder. If you are using Microsoft Exchange as your
email engine, then it might even save a copy even if you delete
the message permanently, just in case.

Okay, once you send the email it goes out to the internet. It's
possible for a very good hacker to grab it directly off the wire
(although highly unlikely as this is not easy). The message will
get routed to your ISP's email server, which means it will reside
on one or more computer systems for a brief time. Of course it
could be intercepted at any of these.

Once the message reaches your ISP's SMTP (email) server, it will
get stored there for a time, until the SMTP server can figure out
how to send it onward to it's destination. The message will get
sent here and there, as indicated by various systems, until it
reaches the destination POP (post office) server, where it will
wait to be read. Of course, once it is read by someone on the
other end, they could store it, delete it, forward it and reply
to it, further increasing the chances that someone else will see
what you've written.

The point of all of this is to demonstrate how easy it is for
your email to be seen by any number of people at any number of
computers throughout the world. An email message is by no means
private (unless, of course, it is encrypted, which means it is
saved in a form that cannot be read except by the receiver).

How does carnivore operate? Well, if the FBI needed to perform
an investigation, they would get a court order to install
Carnivore on an ISP's email server. This program will monitor
all emails that are sent to and received from the ISP's system.
It is looking for anything related to the investigation, and
reportedly it can be very finely tuned to look for extremely
specific patterns.

In the words of the FBI, "The Carnivore device provides the FBI
with a "surgical" ability to intercept and collect the
communications which are the subject of the lawful order while
ignoring those communications which they are not authorized to
intercept. This type of tool is necessary to meet the stringent
requirements of the federal wiretapping statutes."

The FBI requires very specific authorization to perform it's
surveillance, as stated on the official web site: "Applications
for electronic surveillance must demonstrate probable cause and
state with particularity and specificity: the offense(s) being
committed, the telecommunications facility or place from which
the subject's communications are to be intercepted, a description
of the types of conversations to be intercepted, and the identities
of the persons committing the offenses that are anticipated to be
intercepted. Thus, criminal electronic surveillance laws focus on
gathering hard evidence -- not intelligence."

The issue is whether or not the FBI can be trusted to only look at
information which it has authorization to examine. On one hand,
should we trust agencies such as the FBI? Will they abuse this
tool? On the other hand, why deny critical information to the FBI
which might help them convict real criminals? Why allow criminals
and terrorists a way to send information without threat of
surveillance? Hackers and other people already have the ability to
intercept emails at will - why not allow our law enforcement
agencies do the same?

Interesting choice, isn't it?


About the Author

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets
at http://www.internet-tips.net - Visit our website any time to
read over 1,000 complete FREE articles about how to improve your
internet profits, enjoyment and knowledge.