FBI Carnivore and Email

FBI Carnivore and Email

by Richard Lowe

There have been a number of stories in the press lately about a system called Carnivore (what a great name). This is a hardware/software system designed by the FBI to intercept emails at an ISP so they can be used in a criminal investigation. Before going any further, it may be useful to explain how email works. By it's very nature, email is completely insecure. Any number of people can read that personal note you have written, and it's very possible that your private messages to that other woman could wind up in the newspaper.

Perhaps the best analogy is to compare email to postcards. When you send a postcard, you write your message on one side and put the address on the other. The message can be read by anyone who cares to pick up the postcard.

The path an email takes to get to it's destination is very interesting. First, of course, you compose a message in your email program. Regardless of whether it is Eudora, Outlook, Outlook Express or any number of other packages, the email will almost certainly be saved in a temporary folder. Some mail programs delete the temporary copy of the message after it is sent and some do not. In any event, it is entirely possible that a copy of the email is sitting on your hard drive for anyone to look at.

Of course a copy is kept in your sent items folder, unless you've deleted it. And even then, a copy might be kept in your deleted items folder. If you are using Microsoft Exchange as your email engine, then it might even save a copy even if you delete the message permanently, just in case.

Okay, once you send the email it goes out to the internet. It's possible for a very good hacker to grab it directly off the wire (although highly unlikely as this is not easy). The message will get routed to your ISP's email server, which means it will reside on one or more computer systems for a brief time. Of course it could be intercepted at any of these.

Once the message reaches your ISP's SMTP (email) server, it will get stored there for a time, until the SMTP server can figure out how to send it onward to it's destination. The message will get sent here and there, as indicated by various systems, until it reaches the destination POP (post office) server, where it will wait to be read. Of course, once it is read by someone on the other end, they could store it, delete it, forward it and reply to it, further increasing the chances that someone else will see what you've written.

The point of all of this is to demonstrate how easy it is for your email to be seen by any number of people at any number of computers throughout the world. An email message is by no means private (unless, of course, it is encrypted, which means it is saved in a form that cannot be read except by the receiver).

How does carnivore operate? Well, if the FBI needed to perform an investigation, they would get a court order to install Carnivore on an ISP's email server. This program will monitor all emails that are sent to and received from the ISP's system. It is looking for anything related to the investigation, and reportedly it can be very finely tuned to look for extremely specific patterns.

In the words of the FBI, "The Carnivore device provides the FBI with a "surgical" ability to intercept and collect the communications which are the subject of the lawful order while ignoring those communications which they are not authorized to intercept. This type of tool is necessary to meet the stringent requirements of the federal wiretapping statutes."

The FBI requires very specific authorization to perform it's surveillance, as stated on the official web site: "Applications for electronic surveillance must demonstrate probable cause and state with particularity and specificity: the offense(s) being committed, the telecommunications facility or place from which the subject's communications are to be intercepted, a description of the types of conversations to be intercepted, and the identities of the persons committing the offenses that are anticipated to be intercepted. Thus, criminal electronic surveillance laws focus on gathering hard evidence -- not intelligence."

The issue is whether or not the FBI can be trusted to only look at information which it has authorization to examine. On one hand, should we trust agencies such as the FBI? Will they abuse this tool? On the other hand, why deny critical information to the FBI which might help them convict real criminals? Why allow criminals and terrorists a way to send information without threat of surveillance? Hackers and other people already have the ability to intercept emails at will - why not allow our law enforcement agencies do the same?

Interesting choice, isn't it?

----------------------------------------------------------------
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.
 
Return to Email Tutorial Index