This
story appeared on Network World Fusion at
http://www.nwfusion.com/columnists/2000/0807bradner.html
'Net
Insider:
The threat of
omnivore
By Scott
Bradner
Network World, 08/07/00
I
would find it impossible to be a network industry columnist with some concern
about Internet privacy and not write about the FBI's adroitly named Carnivore
e-mail surveillance system. I think one of the basic problems with this system
has been overlooked.
For the vegetarians among readers, Carnivore is
the name the FBI gave to a traffic-monitoring system that it attaches to ISP
networks, ostensibly to monitor e-mail traffic. According to the testimony of
FBI Assistant Director Donald Kerr before a U.S. House subcommittee, the device
is only installed when a court has authorized electronic surveillance. In his
testimony, Kerr described Carnivore as "A very specialized network
analyzer, or 'sniffer,' which runs as an application program on a normal
personal computer under the Microsoft Windows operating system. It works by
'sniffing' the proper portions of network packets and copying and storing only
those packets which match a finely defined filter set programmed in conformity
with the court order."
In order to work, the Carnivore PC is
connected to an ISP network where Carnivore can monitor the traffic to and from
the subject of surveillance. Such a placement in some cases may cause
difficulties because ISP networks are purposely designed to avoid having all
customer traffic pass through any particular point. In the past, such network
designs have been exploited by hackers to capture user logon names and
passwords.
Although Carnivore has been portrayed in the press and even
by some FBI spokespeople as an e-mail intercept device, Kerr's testimony
reveals it to be a general-purpose intercept system that can be programmed to
capture any type of traffic.
Clearly one of the big issues many people
have with Carnivore is whether it's possible to be sure that the operators are
only doing the intercept that the court has authorized. The FBI announced
recently it suddenly has a "tamper-proof logging mechanism" so that
the court can find out just what Carnivore has been used for. But the FBI
refuses to open the system to public review, claiming if it did so, hackers
could figure out a way around it. If the FBI's description of Carnivore is
accurate, there are already plenty of ways to get around the device's filters.
My
biggest worry is that Carnivore is a programmable device stuck in the middle of
an ISP's network. Such a device is inherently a threat to the integrity of the
ISP.
It is far from clear that it is possible to create a truly
tamper-proof auditing system on such a device or to make the device itself
hacker-proof. Even if there were no history of abuse of trust by law
enforcement, Carnivore would be a worry. The law enforcement community does
need ways to do legitimate intercept and monitoring, but Carnivore seems a
blunt and inappropriate tool for the job.
Disclaimer: Harvard educates
tool makers and managers, and I did not ask the university for this opinion.
All
contents copyright 1995-2002 Network World, Inc. http://www.nwfusion.com