SAN FRANCISCO -- A graduate student at Dartmouth College wants to tame the FBI's Carnivore surveillance system.
Alex Iliev has proposed a way to force anyone who wants to monitor e-mail or Web browsing to follow the rules -- and not snoop on private data that should be off-limits.
Iliev's system relies on technology, not Congress or federal judges, to keep Carnivore on a very short leash.
Much of the public outcry over Carnivore and similar eavesdropping methods arises because they take a vacuum-cleaner approach, sucking in all the data flowing through a network and then storing only the desired information. But if the snooperware is buggy or if police agencies go beyond what a court order allows, the system will snare far more traffic than it is authorized to retain.
Iliev's proposal, titled "Prototyping an Armored Data Vault" (PDF) and presented at the Privacy Enhancing Technologies workshop this week, says "a design goal is to store packets securely, so that they may be accessed only through the security mechanism imposed by the vault."
Here's how it works: An Internet service provider, university or corporation could choose to record all activities of people using the network. The data would be encrypted, with the only key able to unlock the information kept by the vault.
An FBI agent who wanted to access the information would obtain a search order that was digitally signed by a judge. The vault would recognize that signature and divulge only the information specified by the court. There would be no chance -- assuming the vault was programmed properly -- for a fishing expedition.
Even if the FBI physically seized the vault, legally or otherwise, it's supposed to be just about impossible for the cops to crack. Iliev's program runs on an IBM 4758 cryptographic coprocessor, designed to destroy itself if it detects an intrusion attempt.
IBM says its coprocessor features "physical penetration, power sequencing, temperature, and radiation sensors to detect physical attacks against the encapsulated subsystem." The U.S. government has certified it to meet the FIPS 140-1 standard at level 4, the most secure.
The U.S. Department of Justice and IBM partially funded this research. Since the Sept. 11 terrorist attacks, FBI use of Carnivore has increased sharply.
Iliev says he isn't necessarily suggesting that administrators store terabytes of traffic -- after all, the best way to protect someone's privacy is never to have their information on file in the first place.
Rather, Iliev says, if an administrator is required to play Big Brother, he wants them to have a reasonable way to do it.
"It might be preferable if collection of data to a large extent were not deemed necessary," says Iliev, who is a 23-year-old PhD candidate in Dartmouth's computer science department. "But if it is, then people might be more willing to bear with this. People can be confident how it would proceed."
"We want this to take place in an environment where people who have their data collected can be confident that how they agreed to have their data accessed will be how it will be accessed," he says.
Other applications for the vault, beyond storing network data, include encrypting medical or financial information that would be released only to authorized users.
Sean Smith, an assistant professor of computer science who co-authored the paper with Iliev, previously worked at IBM where he designed the software for the coprocessor.
"We tried to make it as unbreakable as feasible," Smith says. "As far as we know, it's held up."
The source code for the vault, which runs under the Linux operating system, is available on Dartmouth's website.
