Free software would block FBI\'s Carnivore

From Agent Smiley <>
Date 9 Aug 2000 19:21:28 -0000

[: hacktivism :]

Free software would block FBI's Carnivore 
By Julie Hyman

     A Charlottesville, Va., company is trying to take the teeth out of the FBI's "Carnivore" software with a free encryption program, nicknamed "Antivore."
     Privacy advocates and members of Congress in recent weeks have criticized the FBI computer program, saying it can be used to scan private citizens' e-mail without restrictions.
     The chief executive officer of ChainMail, maker of Antivore, said his firm's technology will protect individuals from irresponsible probes.
     Carnivore allows the FBI to scan a subject's e-mail messages for certain addresses. It does not read the message's content, only the sender's and recipient's addresses, an FBI spokesman said.
     FBI officials have said that Carnivore is necessary to help them keep up with sophisticated, technology-savvy criminals.
     The recent hubbub surrounding the program prompted privacy advocates to call for tighter controls  and gave companies like ChainMail an opportunity to promote encryption products.
     "Carnivore really underscored that there was an urgent need for everyone to have their e-mail encrypted," said Rick Gordon, president and chief executive officer of ChainMail.
     Though he insists he is not anti-FBI, he said allowing the agency to scan personal e-mail can be dangerous.
     "Government agencies have a history of misusing the power they've been given," Mr. Gordon said.
     The Antivore software, whose formal name is Mithril Secure Server, can be downloaded by Internet service providers. The ISPs use the software to encrypt users' e-mail messages.
     As a result of the Carnivore flap, ChainMail decided to offer the program free as a public service. Mr. Gordon would not reveal how many times it had been downloaded, but did say it was more than 50. No one has yet downloaded the second piece of the program, which allows different ISPs to integrate encryption systems.
     FBI spokesman Paul Bresson said the outcry over Carnivore is unfounded.
     "There's no interest or the time to go sniffing through any private citizen's e-mail," he said.
     He noted that agents can use the program only when they receive a court order allowing it, and to access individuals' e-mail otherwise would be illegal.
     Carnivore has been used 25 times, the FBI said in late July. Mr. Bresson said it is employed in cases in which adults are attempting to correspond with minors over the Internet to have sex, or it is used to catch bomb makers, for example.
     "Carnivore was designed to make things easier for smaller ISPs that don't have the technical capabilities to capture the communications as spelled out in the court order," he said.
     But privacy advocates think Carnivore could be abused, and say encryption is useful to protect e-mail users from the government as well as private parties. These groups say the technology needs wider adoption.
     "The widespread use of encryption could provide consumers with a good deal of privacy," said Alan Davidson, staff counsel for the Center for Democracy and Technology, a District of Columbia-based Internet civil liberties group.
     In order for encryption to work, both the sender and recipient must have the correct software  to encrypt and decrypt.
     "Good, easy encrypted e-mail has been the Holy Grail of consumer security on the Internet for a while now. We have yet to see a system that is so easy to use and so widely used that everybody adopts it," Mr. Davidson said.
     Companies such as Ziplip, HushMail and ZixMail allow users to sign up free of charge for encrypted e-mail, said Barry Steinhardt, associate director of the American Civil Liberties Union.
     Mr. Gordon of ChainMail said his company's program is different from those firms because the ISP, not the user, deals with the encryption process.
     Mr. Steinhardt, like Mr. Davidson, said wider adoption is needed for encryption to become more viable.
     "It needs to get adopted by the big players, by the Microsofts," he said.
     He said Clinton administration policy had prohibited the export of strong encryption technology, and large firms don't want to have to create two versions for the domestic and foreign markets.
     With the loosening of the administration's restrictions, Mr. Steinhardt expects to see more companies introducing encryption technology.

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: :]