'

Carnivore clone goes open source

Far from concerned, the FBI expresses support for industry's favourite Internet wiretap

Internet service providers looking to sidestep the controversy surrounding the FBI's Carnivore system for sniffing Internet communications will soon be able to use an open source program that also conforms to the needs of law enforcement. The system also has implications for British ISPs, who are facing surveillance regulation of their own.

Last week, security software maker Network ICE quietly released an open source version of a piece of its own software capable of sifting through traffic on a network.

ISPs in Britain will no doubt also be keen to take a look at this open source snooping technology after the UK government in July introduced legislation that will require in this country to also employ email surveillance measures. It remains unclear precisely what the controversial Regulation of Investigatory Powers Act (RIPA) expects ISPs to do, but the Act stipulates that service providers must cover at least part of the cost of surveillance measures.

"Network ICE feels that the privacy debate is extremely important," the company stated on its Web site. Carnivore itself isn't important -- the fact that we allow the government heavy-handed access to our private data is the real issue."

Dubbed "Altivore", the source code conforms to the features of Carnivore as described in the FBI's recent solicitation for independent review of its program.

According to Network ICE, the FBI had requested that any university that wanted to review the software verify that it:

  • monitors suspect's email (either headers or full content

  • monitors suspect's access to certain types of servers, including Web and FTP servers

  • copies all packets to and from the suspect's IP address, and discovers the suspect's Internet address (when assigned by the ISP) by communicating with the provider's infrastructure.

The program currently only consists of source code and may be buggy, the company said on its Web site. However, Robert Graham, chief technology officer for the company, believes that the open source community will quickly get the code ship-shape, as well as add new features to it. "Many ISPs may want to use this," Graham said. "It could be a competitive advantage to be able to say that Carnivore is not on your system." He added that a major and minor ISP have expressed interest in using the program.

Surprisingly, the FBI seems unconcerned about the company's move. "We have really been saying since day one that the [Internet service providers] can do their own intercepts if they have the capability and the willingness to testify in court," said Paul Bresson, a spokesman for the federal agency.

Far from being a system that the FBI hoped to force providers to use, "Carnivore was created to help out ISPs", he added.

So far, the open source community has largely remained silent on the source code.

Check out our ZDNet Surveillance experts Special.

To have your say online click on the TalkBack button and go to the ZDNet News forum.

What do you think? Tell the Mailroom. And read what others have said.