Confounding Carnivore: How to Protect Your Online Privacy
Also in Top Stories
In the Lawless Post-Katrina Cleanup, Construction Companies Are Preying on Workers
Brian Beutler, Media Consortium
Al Qaeda in Michael Chertoff's Stomach: The Terror of a 'Gut Feeling'
Keith Olbermann, Countdown
The Politics and PR of Cervical Cancer
Judith Siers-Poisson, PR Watch
The Fall of an Arrogant Fraud: What Really Brought Down Conrad Black's Media Empire?
Christopher Silvester, The Independent
Doing Time on the Outside: Falling in Love with a Prisoner-for-Life
Bridget Kinsella, SMITH Magazine
Ever since the FBI confirmed the existence of their Internet wiretapping device -- a device which they named Carnivore -- cyberprivacy activists have been up in arms. Carnivore promised to be their worst nightmare: a technology that could track and record every email sent, every Web page browsed, every chat room visited.
Today, those fears are more likely to come true than ever before. The passage of anti-terrorism laws in the wake of Sept. 11, and the extended powers of the FBI, CIA and police agencies everywhere, make it likely that Carnivore will see more use in the near future. Congress has been quite willing to trade some privacy for security, and the Bush Administration -- especially Attorney General John Ashcroft -- has been no defender of online privacy. With Constitutional protections being chipped away, what can civil liberties-minded citizens do to maintain their privacy online?
Though the technology behind the mysterious Carnivore box (officially renamed DCS1000 in early 2001, though that name hasn't stuck) has been portrayed as quite sophisticated, it's actually very simple. When attached to server computers at an Internet service provider (ISP), the device records the details of all traffic coming through that ISP. It can snatch email headers and content, and keep a history of Web pages accessed. This data can then be saved onto disk and admitted as evidence in court.
Similar devices have long been used in private enterprise, allowing cautious business administrators to monitor the Internet activity of employees. In network security circles, these devices are referred to as "sniffers."
As common as this technology is, its potential uses give security specialists great power to track electronic communications. Sniffers can produce a list of Web sites visited so that ISPs can block access to sites deemed questionable or subversive. Carnivore can also keep track of whom you send email to and who sends you email, shedding light on the company you keep and potentially tying you to activities you know nothing about. Aside from these scary scenarios, the mere fact that someone is watching is disconcerting.
But before you panic about the government tracking those flirty emails you sent to a co-worker last year, consider that the FBI is reported to have used Carnivore only 13 times between October 1999 and August 2000 (the latest figures available). That's not very much, given the enormous amount of Web traffic. So the chances that Carnivore has been watching you are incredibly low -- you're much more likely to have been sniffed by your employer.
Nevertheless, with the passage of the USA Patriot Act, Carnivore's use is very likely to increase. In addition to committing unprecedented resources to security, the new law drops some of the checks and balances once required for getting permission to eavesdrop. Futhermore, rumors that Osama bin Laden has used encrypted messages, images, and Web sites to communicate with the global Al Qaeda network, and fears that unknown terrorists are using the Web as a tool, has upped Carnivore's value in law enforcement's eyes. The FBI has even begun to enhance Carnivore. Development of the "Magic Lantern" virus, will allow agents to collect passwords from individual machines. It's part of a concerted effort to broaden Carnivore's net and fortify its encroachment into once private sectors of cyberspace.
Cyber-libertarians determined to maintain anonymity have already found ways to circumvent Carnivore's watchful eyes. Most of the methods were developed by hackers to cover their tracks when engaging in questionable, sometimes illegal activity. But these techniques work just as well for the law-abiding citizen who wishes to uphold the right to privacy. And thankfully, you don't have to be a hacker to use these tools effectively.
Controversial, but legal, encryption software has been publicly available for years. Encryption allows users to maintain a high level of secrecy when sending email or files over the Internet.
The most storied of encryption tools is a free program called PGP. PGP stands for Pretty Good Privacy, but it's a whole lot more than just pretty good. PGP is "strong crypto," geek speak for encryption that is nearly impossible to break. PGP is so strong that after releasing PGP to the public in 1991, Philip Zimmermann, the program's creator, drew immediate attention from federal prosecutors intent on preventing its distribution.
Liked this story? Get top stories in your inbox each week from AlterNet! Sign up now »
|More News and Analysis:|
|The Politics and PR of Cervical Cancer
Health & Wellness: Many women, including the author, have been affected by cervical cancer or Human Papillomavirus (HPV) at some point in their lives. Part one of a series of articles examining HPV and Gardasil -- the facts, the hype, and what Merck stands to gain.
By Judith Siers-Poisson, PR Watch. July 16, 2007.
|The Fall of an Arrogant Fraud: What Really Brought Down Conrad Black's Media Empire?
MediaCulture: Conrad Black was a millionaire who wanted to live like a billionaire: he controlled hundreds of media outlets and had homes on two continents. But it wasn't enough for him: how a media tycoon became a humbled man.
By Christopher Silvester, The Independent. July 16, 2007.
|In the Lawless Post-Katrina Cleanup, Construction Companies Are Preying on Workers
Hurricane Katrina: After Hurricane Katrina pummeled the Gulf Coast, construction companies have squeezed billions out of federal contracts with few labor regulations and almost no oversight, allowing outrageous worker abuses to occur.
By Brian Beutler, Media Consortium. July 16, 2007.