Encryption could starve carnivore

ChainMail and Sigaba are among the companies promoting encryption technology designed to render any captured email meaningless to third parties. Meanwhile, developers like Privada and Zero-Knowledge offer anonymity to both sender and recipient, so a third party has no idea whose email it is reading. In most cases, you need to rely on your internet service provider to implement this level of technology, which keeps private your email - right down to its address.

Carnivore, so named for its capability to "get at the meat" of electronic communications, is a Windows-based "packet-sniffer" program that also runs on an ISP's systems. The FBI uses it to pick out email communications from a party that is under investigation.

Carnivore is the online equivalent of a telephone wiretap, but its capability to snoop is much more pervasive, according to Stephen Satchell, a consultant on internet performance and security issues. Because no discrete "email line" corresponds to individuals on the internet, Carnivore actually scans every data packet from every party that uses the ISP. Privacy advocates are concerned that law enforcement could easily abuse this system to spy on people who are not covered by the warrant.

The FBI claims that Carnivore looks only at address information on email, not its content, until it finds correspondence from the party under investigation. Then, Carnivore copies the whole message. But critics doubt that Carnivore ignores content entirely.

"The only reason they could not look at content is because they chose not to look at content, not because they can't," says Richard Bliss, a Sigaba spokesperson.

Some ISPs seem to have similar regard for both the FBI and encryption vendors. America Online, for example, lets no one near its servers without a court warrant, according to AOL spokesperson Nicholas Graham.

The FBI has not approached AOL about using Carnivore on its network. But if it did, "Carnivore would not be allowed on our system and would be against our goal and mission of protecting our members' privacy," Graham says. That policy similarly prohibits use of server-based encryption programs. Graham says AOL has not decided whether to offer its own encryption solution to members.

EarthLink, takes a similar position, and has spurned advances of at least one encryption vendor, says Steve Dougherty, director of technology acquisition. Customers may use their own encryption or anonymity scheme, but he does not expect EarthLink will provide such services.

Subscribers don't seem interested, Dougherty adds, but that could change. "This is so new, it's too early to tell what anyone will be doing," he says.

That's what the software developers are banking on as they prepare their server-level tools to thwart Carnivore.

Sigaba and ChainMail are refining encryption technology to protect email from Carnivore and other predators. Encryption uses a complex mathematical formula, called an algorithm, together with a unique numerical variable to scramble data into meaningless gibberish called ciphertext. The recipient of ciphertext must use the same numerical variable, called a key, to decode the message.

Encrypting email is not a new idea. But most consumers are slow to adopt the technology, partly because it's difficult to manage keys and because all recipients must use a compatible system. Until recently, it hasn't been possible to encrypt Web-based email like Hotmail or Yahoo mail. Nevertheless, increasing public anxiety about privacy has bolstered interest in encryption.

ChainMail, for example, has released a beta version of an open-source encryption product called Antivore that scrambles email using the popular Pretty Good Privacy (PGP) algorithm. But Antivore goes a step beyond simple content encryption and adds a secure, encrypted "pipeline" between you and your ISP. It's similar to the secure socket layer used to transmit credit card numbers to electronic-commerce sites. But both the correspondents and their ISPs must adopt Antivore.

Antivore is actually an interim product that ChainMail accelerated because of the Carnivore controversy, notes Sean Steele, director of business development. In development is an internet server product named Mithril, which includes encryption. Both programs run on an ISP's servers. ChainMail hopes the open source community will help perfect Antivore, and plans to incorporate improvements into a final, open source version of Mithril as well as other encryption applications.

ChainMail has made some progress with smaller ISPs. Broadband Network Service, a regional ISP in central Virginia, is among those beta-testing Antivore. Most of the ISP's customers are small and mid-size businesses that aren't equipped to manage their own email and security, says Colin Learmonth, president.

"We don't necessarily see [Antivore] as combating Carnivore, but as a way of securing your email ... from any third party," Learmonth says.

Sigaba takes a slightly different approach that doesn't directly involve the ISP. When a Sigaba subscriber sends an email, the company's server issues a unique one-time encryption key to both sender and recipient. Sigaba's email plug-in on the sender's machine then uses the key to encrypt the message. The same plug-in on the recipient's machine uses the key to decrypt it.

"We're just passing a key," says Sigaba's Bliss. "We never get in the business of delivering mail." The entire process is transparent to users, and neither Sigaba nor the ISP sees the unencrypted message.

Sigaba expects to release its server software this fall. In the meantime, it offers free plug-ins that work with Outlook 2000, Eudora 4.3, and Internet Explorer, and also encrypt Web-based email. Support for other mail programs is in development.

While Sigaba encrypts the body of a message, it does not hide the address information (or "header") that routes traffic online. Carnivore or another packet-sniffer could still identify correspondents, which could still give the FBI the information it wants.

"Traffic patterns can tell you about as much as the content of the messages," Satchell says.

Antivore encrypts address information by sending information via the latest version of secure socket layer, known as transport layer security. The technology is becoming a de facto encryption standard. It's already adopted in the latest version of Sendmail, one of the leading mail server applications for ISPs. And Netscape, which developed SSL, offers the encryption in its Messenger email client. Both Lotus Notes and Microsoft Outlook include SSL, and Qualcomm representatives say Eudora will support SSL this year.

Privada takes another approach to hiding header information. When a correspondent on a Privada system sends an email message, the software strips out the header, replaces it with a Privada account ID, and sends the message to a Privada server either at the ISP or hosted for the ISP at Privada's facilities. Privada doesn't encrypt the message, but the company says it's impossible for the FBI or anyone else to associate a Privada-protected message with a specific sender or recipient. The product offers anonymity for all internet transactions, not just email, says Rick Jackson, Privada CEO.

Privada expects "about a dozen" ISPs to sign up for the service when it becomes available by year-end, Jackson says, although he won't say which ones. You can already use its technology through Privada's own servers, but your correspondents must also sign up for the encryption to be effective. Zero-Knowledge offers a similar end-user service.

All these companies say they are committed to working with law enforcement for legitimate surveillance of criminal suspects.

"Privacy is a right," says Privada's Jackson. "But it doesn't mean the right to hide behind it" to commit crime. Privada will cooperate with law enforcement in specific circumstances, so Carnivore surveillance is not necessary, he says.

Privada and its ISP partners require a court warrant before they'll release their encryption keys to unlock a specific account. Then they'll encrypt the communications for delivery to law enforcement, which uses its own key to decrypt the communications. Neither the ISP nor Privada can decipher messages, Jackson says. Nor can they match a Privada account ID with a subscriber's real-world identity. Jackson says he has discussed general issues of privacy with the FBI, but has not specifically discussed Carnivore.

Likewise, ChainMail representatives say they will provide encryption keys to a specific account covered by a warrant. "The only way to recover a key forcibly is for a legal entity such as the FBI to issue a warrant," the company states. "It's a way to keep the FBI honest," says ChainMail's Steele.