CDR: US spy software could devour RIP
H David Ludlow and Liesbeth Evers, Network News , Wednesday 27 September 2000 Developers in the US have uncovered a way of snubbing the American equivalent of the Regulation of Investigatory Powers (RIP) Bill, prompting speculation that a similar system could be introduced into the UK. The US government's software, called Carnivore, is installed on ISP networks to enforce court orders calling for electronic monitoring. Operating in a similar way to commercial so-called sniffers, Carnivore looks at all data on a network, throwing away information that is not contained by the court order. For example, it could capture emails to and from a specific account. Until now, only the FBI knew how the product worked. Hiding behind claims that Carnivore was partially based on commercial software, and that hackers could find a way to circumvent it, the FBI refused to open the source code. But its attempts at secrecy have backfired, after a company called Network Ice released the source code for a rival product, altivore.c (www.networkice.com/altivore). The code complies with the requirements for Carnivore, and is a legal substitute in the case of a court order. By making it open source, Network Ice has shown how the software works, and how public privacy can be maintained. The UK's equivalent of Carnivore is a black box that, under the RIP Bill, will be placed at ISP premises to monitor emails. It is unclear whether it will be a mandatory device, which will leave the public suspicious of what it does, or an open source device that meets a defined technical description. Security analyst Peter Williams, of DataCheck Consultants, said that if the technology can be developed in the US there is no reason why it could not be used to scupper the RIP in the UK. "The government didn't really think through the technology for this," he said. A Home Office spokesman said that the government intends to discuss the matter with a technical advisory board. First published in Network News This article is available online at http://vnunet.com/News/1111717
participants (1)
-
anonymous@openpgp.net