The US and UK governments want to install a device on public networks to monitor traffic for suspected criminal activities. But is that all they want to do? Chris Parker explains.

When one really thinks about it, the main reason for computer security is data privacy. People protect their systems so that unwanted people can't see data they're not authorized to see. Well, what if there was no way to protect your privacy because all incoming and outgoing data was being viewed by a third party. This is the potential power that the FBI wields.

Carnivore is a sealed box that the FBI installs at an ISP. The box filters packets, looking for emails of suspected criminals. Once emails from suspects are found, they are saved for decryption and analysis. The FBI claims that Carnivore is meant for nothing more than tapping the email of suspected criminals. Also built into Carnivore is a remote-access capability that allows FBI agents to check on the progress of the Carnivore system.

While it does need a court order to be used, ISPs dislike the idea of Carnivore because they have no way to ensure protection from Carnivore for their law-abiding customers. Also, ISPs feel that if Carnivore's only true purpose is to look for email addressed to or from a suspect, then there is no need for Carnivore because the ISP can do that for the FBI easily enough.

Another thing that is worrying people is the FBI's protest of the American Civil Liberties Union's (ACLU) Freedom of Information Act (FOIA) request for the source code of Carnivore's packet filtering program. If all Carnivore does is look for suspect's emails, why is the FBI so worried about the source code being released? Not only this is troublesome, but Carnivore has been active since 1999, with over 25 email-taps to date. It seems the FBI was trying to sneak Carnivore past the American people.

If FBI agents can access Carnivore remotely, what is stopping someone from cracking the system and tainting the evidence or even worse, use the system to spy on law-abiding citizens? If Carnivore does go into wide spread use, it will only be a matter of time before it is cracked. The chance to spy on 1000s of people will be too much to resist for crackers; it is probably too much to resist for the FBI.

Carnivore is not the first attempt at surveying email. The FBI has been trying to figure out the best way to tap email for a while; Carnivore is just their most recent attempt. Also, the UK is trying to get Regulation of Investigatory Powers (RIP) Bill passed.

The RIP Bill will allow UK authorities to monitor suspected criminals' email and other data connections. Similar to what the FBI are currently doing, the UK MI5 agency can put a Carnivore-like black box onto an ISP's network and then listen to all incoming and outgoing packets, looking for packets going to, or intended for, the suspect. Along with this, the RIP Bill will allow the MI5 agency to demand the encryption keys for encrypted data, or face 2 years in prison.

Once an employee gives the encryption code away, she isn't allowed to tell anyone, even management, or face 5 years imprisonment. This means that a company, who thinks their private, proprietary information is safe, may actually have their information being viewed by dozens of MI5 agents.

Critics of the bill say that it is pointless because the computer-literate criminals that this bill is supposed to help catch will easily be able to go undetected and keep their data private. A report that recently came out about the bill said that the bill will "undermine the privacy, safety and security of honest citizens and businesses."

With more and more people listening on private conversations and actions online, SSL and other forms of encryption are necessary to be truly secure. With the incredible impracticality of this, the only other solution is IP6, which does do secure encrypted connections for most types of packets.