How to fight the FBI's "Carnivore" e-mail snooping system!

Question

The FBI is using something called "carnivore" to monitor e-mail messages, much like a wire tap on a phone line. Is there anything that I can do to protect my e-mail messages from being read by others?

Answer

This question was answered on August 16, 2000. Much of the information contained herein may have changed since posting.

"Carnivore" is basically a computer system that is installed at the ISP (Internet Service Provider) of a suspect by the FBI to monitor transmissions to and from that suspect Of course, anyone else that happens to be using that ISP is potentially being "watched" The FBI claims that they do not look at the messages themselves, but the "header" information that will show to whom and when messages were sent Carnivore is supposed to provide law enforcement with the same concept used with our telephone system to look up phone records for evidence The difference with e-mail is that the message and the header information that they seek are all part of the same "packet" and therefore is readily available to be viewed.

If you believe that "our government is here to help us" then this new technology should not concern you In the view of many, only a criminal should be concerned...or should we all?

With or without Carnivore, e-mail is a very unsecure method of distributing information NEVER send private information such as credit card, Social Security or driver's licsence numbers via e-mail Anyone along the way can "see" this unprotected information.

Encryption software has been available for many years to secure e-mail transmissions Many large corporations use encryption to secure company secrets that may be discussed via e-mail.

Most encryption schemes work like this:

When you create a normal message, you can encrypt or scramble the characters so that anyone that tries to read the message will see jibberish You then create a "key" for the intended recipient with a passcode to that key You then give the "key" passcode to the recipient so that they can "unscramble" the message when they recieve it The "keys" are stored on a secured server by the encryption company, so that each time an encrypted message is sent, the recipient must access this key in order to decode the message As long as the key passcode is kept secure, the messages are secure (Never send passcode information via an unsecure e-mail.)

The defacto standard for e-mail encryption for the general public is a program called "PGP" (Pretty Good Protection) This free (not for commercial use) program will install and integrate with most popular e-mail programs I have tested it with Outlook, Outlook Express and Eudora and found it to work well The program is somewhat technical and adds a few steps to creating a secure message, but is pretty simple once you understand the steps involved.

PGP is intended for the citizens of the U.S and Canada only and works with DOS, Windows 95/98/2000/NT, MacOs, Linux and even Solaris PGP can be downloaded at:

<a href="http://web.mit.edu/network/pgp.html"><font color="#003399">http://web.mit.edu/network/pgp.html</font></a>

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on August 16, 2000