The US and UK governments want to install a device on public networks to monitor traffic for suspected criminal activities. But is that all they want to do? Chris Parker explains.
When one really thinks about it, the main reason for
computer security is data privacy. People protect their systems so
that unwanted people can't see data they're not authorized to see. Well,
what if there was no way to protect your privacy because all incoming
and outgoing data was being viewed by a third party. This is the
potential power that the FBI wields.
Carnivore is a sealed box that the FBI installs at an ISP. The box filters
packets, looking for emails of suspected criminals. Once emails from
suspects are found, they are saved for decryption and analysis. The FBI
claims that Carnivore is meant for nothing more than tapping the email of
suspected criminals. Also built into Carnivore is a remote-access
capability that allows FBI agents to check on the progress of the
Carnivore system.
While it does need a court order to be used, ISPs dislike the idea of
Carnivore because they have no way to ensure protection from Carnivore for
their law-abiding customers. Also, ISPs feel that if Carnivore's only true
purpose is to look for email addressed to or from a suspect, then there is
no need for Carnivore because the ISP can do that for the FBI easily enough.
Another thing that is worrying people is the FBI's protest of the American
Civil Liberties Union's (ACLU) Freedom of Information Act (FOIA) request for
the source code of Carnivore's packet filtering program. If all Carnivore
does is look for suspect's emails, why is the FBI so worried about the
source code being released? Not only this is troublesome, but Carnivore has
been active since 1999, with over 25 email-taps to date. It seems the FBI
was trying to sneak Carnivore past the American people.
If FBI agents can access Carnivore remotely, what is stopping someone from
cracking the system and tainting the evidence or even worse, use the system
to spy on law-abiding citizens? If Carnivore does go into wide spread use,
it will only be a matter of time before it is cracked. The chance to spy on
1000s of people will be too much to resist for crackers; it is probably too
much to resist for the FBI.
Carnivore is not the first attempt at surveying email. The FBI has been
trying to figure out the best way to tap email for a while; Carnivore is
just their most recent attempt. Also, the UK is trying to get Regulation of
Investigatory Powers (RIP) Bill passed.
The RIP Bill will allow UK authorities to monitor suspected criminals' email
and other data connections. Similar to what the FBI are currently doing, the
UK MI5 agency can put a Carnivore-like black box onto an ISP's network and
then listen to all incoming and outgoing packets, looking for packets going
to, or intended for, the suspect. Along with this, the RIP Bill will allow
the MI5 agency to demand the encryption keys for encrypted data, or face
2 years in prison.
Once an employee gives the encryption code away, she isn't allowed to
tell anyone, even management, or face 5 years imprisonment. This means that
a company, who thinks their private, proprietary information is safe, may
actually have their information being viewed by dozens of MI5 agents.
Critics of the bill say that it is pointless because the computer-literate
criminals that this bill is supposed to help catch will easily be able to go
undetected and keep their data private. A report that recently came out
about the bill said that the bill will "undermine the privacy, safety and
security of honest citizens and businesses."
With more and more people listening on private conversations and actions
online, SSL and other forms of encryption are necessary to be truly secure.
With the incredible impracticality of this, the only other solution is
IP6, which does do secure encrypted connections for most types of packets.
Powered by AkoComment! |
