by Richard Lowe
There have been a number of stories in the press lately about a
system called Carnivore (what a great name). This is a hardware/software
system designed by the FBI to intercept emails at an ISP so they
can be used in a criminal investigation. Before going any further,
it may be useful to explain how email works. By it's very nature,
email is completely insecure. Any number of people can read that
personal note you have written, and it's very possible that your
private messages to that other woman could wind up in the newspaper.
Perhaps the best analogy is to compare email to postcards. When
you send a postcard, you write your message on one side and put
the address on the other. The message can be read by anyone who
cares to pick up the postcard.
The path an email takes to get to it's destination is very interesting.
First, of course, you compose a message in your email program. Regardless
of whether it is Eudora, Outlook, Outlook Express or any number
of other packages, the email will almost certainly be saved in a
temporary folder. Some mail programs delete the temporary copy of
the message after it is sent and some do not. In any event, it is
entirely possible that a copy of the email is sitting on your hard
drive for anyone to look at.
Of course a copy is kept in your sent items folder, unless you've
deleted it. And even then, a copy might be kept in your deleted
items folder. If you are using Microsoft Exchange as your email
engine, then it might even save a copy even if you delete the message
permanently, just in case.
Okay, once you send the email it goes out to the internet. It's
possible for a very good hacker to grab it directly off the wire
(although highly unlikely as this is not easy). The message will
get routed to your ISP's email server, which means it will reside
on one or more computer systems for a brief time. Of course it could
be intercepted at any of these.
Once the message reaches your ISP's SMTP (email) server, it will
get stored there for a time, until the SMTP server can figure out
how to send it onward to it's destination. The message will get
sent here and there, as indicated by various systems, until it reaches
the destination POP (post office) server, where it will wait to
be read. Of course, once it is read by someone on the other end,
they could store it, delete it, forward it and reply to it, further
increasing the chances that someone else will see what you've written.
The point of all of this is to demonstrate how easy it is for your
email to be seen by any number of people at any number of computers
throughout the world. An email message is by no means private (unless,
of course, it is encrypted, which means it is saved in a form that
cannot be read except by the receiver).
How does carnivore operate? Well, if the FBI needed to perform an
investigation, they would get a court order to install Carnivore
on an ISP's email server. This program will monitor all emails that
are sent to and received from the ISP's system. It is looking for
anything related to the investigation, and reportedly it can be
very finely tuned to look for extremely specific patterns.
In the words of the FBI, "The Carnivore device provides the FBI
with a "surgical" ability to intercept and collect the communications
which are the subject of the lawful order while ignoring those communications
which they are not authorized to intercept. This type of tool is
necessary to meet the stringent requirements of the federal wiretapping
The FBI requires very specific authorization to perform it's surveillance,
as stated on the official web site: "Applications for electronic
surveillance must demonstrate probable cause and state with particularity
and specificity: the offense(s) being committed, the telecommunications
facility or place from which the subject's communications are to
be intercepted, a description of the types of conversations to be
intercepted, and the identities of the persons committing the offenses
that are anticipated to be intercepted. Thus, criminal electronic
surveillance laws focus on gathering hard evidence -- not intelligence."
The issue is whether or not the FBI can be trusted to only look
at information which it has authorization to examine. On one hand,
should we trust agencies such as the FBI? Will they abuse this tool?
On the other hand, why deny critical information to the FBI which
might help them convict real criminals? Why allow criminals and
terrorists a way to send information without threat of surveillance?
Hackers and other people already have the ability to intercept emails
at will - why not allow our law enforcement agencies do the same?
Interesting choice, isn't it?
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at
- Visit our website any time to read over 1,000 complete FREE articles
about how to improve your internet profits, enjoyment and knowledge.
Return to Email Tutorial Index
| CGI tutorial
| Email Tutorial
Tutorial | Cookies
Tutorial | Privacy Tutorial
Tutorial | DreamWeaver
Tutorial | Domain
Name Tutorial | Business
Plan Tutorial | Search
Position Tutorial | Online
Advertising Tutorial | Ecommerce