Security firm tests FBI limits with e-mail surveillance tool

WASHINGTON (AP) — A security company has designed an open and free alternative to the FBI’s Carnivore e-mail surveillance tool that it hopes will provide a more palatable choice to wary Internet service providers and privacy advocates.

WASHINGTON (AP) — A security company has designed an open and free alternative to the FBI’s Carnivore e-mail surveillance tool that it hopes will provide a more palatable choice to wary Internet service providers and privacy advocates.

NetworkICE, a San Mateo, California-based computer security firm that makes software to protect computers from hackers, designed Altivore, which can be downloaded free from the company’s Web site.

“We wrote Altivore to correspond exactly to what the FBI says what Carnivore does,” said Robert Graham, chief technology officer and co-founder of NetworkICE.

Carnivore checks incoming and outgoing e-mail at an Internet service to search for messages meant for a specific suspect. With the addresses of those messages, police can see whom the suspect is conversing with and may be able to gain enough information about a possible crime to get permission to do a more thorough search.

In congressional testimony, the FBI has said that many small Internet providers don’t have the expertise or financial means to provide authorities with the information they want — not too little, not too much, just the data required by a court order.

That’s when they turn to Carnivore, which critics contend is a mysterious “black box” that gives the FBI too much power over a private company’s network.

Enter Altivore. Altivore is open source, so its inner workings are open to the public, in plain sight on its Web site, and network engineers can see exactly what it’s going to do.

While the FBI refuses to comment on specific products, spokeswoman Chris Watney confirmed that the information is all the bureau is interested in. How they get it, as long as it’s legal and complete, doesn’t matter, she said.

The tool, which took Graham and his team about three days to write, is largely a stripped-down version of some of NetworkICE’s other products, which do similar monitoring activities.

Whereas Carnivore comes in its own desktop computer, partially for security reasons, Altivore can be carried in a shirt pocket on a floppy disk.

Civil liberties groups have tried to get the FBI to release the inner workings of Carnivore, but the FBI has refused, partially on grounds that it might show criminals how to circumvent the tool. With his code open, Graham realizes that hackers may be able to do the same with Altivore and even the tool it’s modeled after.

“On one hand, we’re trying to provide a serious alternative to an ISP. Secondly, we’re making a statement, saying there’s some severe problems with Carnivore,” he said.

To illustrate that the tool is for real, Graham said his company has received inquiries from a large Internet provider, which he refused to name beyond saying that it’s run by a large telephone company.

Graham hopes that making the technology less of a mystery will cause everyone to focus more on the privacy and legality questions about Carnivore, which Congress has been attempting to deal with through legislation.

“We founded this company in order to protect peoples’ privacy,” Graham said. “By showing the source code for Altivore, we’re narrowing the debate to the true issues.”

Author: The Associated Press

News Service: cnn.com

URL: http://www.cnn.com/2000/TECH/computing/09/19/email.surveillance.ap/index.html