Wednesday, May 20, 2009

Giving Carnivore the Slip

By Jon Matonis, President and CEO, Hush Communications Corp.
Special to
Friday, August 25, 2000

There has been much debate recently surrounding the FBI's latest snooping software, Carnivore.

Carnivore is a type of information-gathering software housed in a computer that can be connected to your ISP's servers. It mines all incoming and outgoing mail for information. It's like a wiretap that cuts through all the other phone noise except for the phone of the person under surveillance.

A wide net: The FBI intends to use the software to locate and monitor specific e-mail addresses for evidence of criminal activity. In the process of monitoring one account, Carnivore must sift through all available account information on a given server.

Because Carnivore must be hooked directly to an ISP's servers, the government essentially would have the ability to eavesdrop covertly on all digital communications by the ISP's customers.

As an advocate for personal privacy, I believe we have a fundamental right to protect our personal data and communications from unwanted third-party intruders.

This new technology raises many important Internet legal issues and privacy concerns. One such question is: "Can we, as individuals, maintain our right to privacy in cyberspace?"

The answer is yes. There are several secure e-mail and anonymous browsing options available in the marketplace that have the ability to keep intruders at bay. These products make the transfer of personal communication and information on the Internet as secure as transferring it via a heavily guarded armored car.

A good example is our own HushMail.Com, an easy-to-use, Web-based e-mail service that encrypts or scrambles a message guaranteeing that only the sender and the receiver are able to read it.

The service is free and makes a user's encrypted messages untouchable, so no ISP, employer, snoop or government can decode messages. Several other quality security products are also available on the market.

Technology to protect our e-mail from unwanted intruders such as Carnivore does exist. Most often, Internet security products are free of charge and accessible to all. In fact, technologies like Hush's are available for a wide variety of applications, not just e-mail.

Unfortunately, many people, even leaders in the field of technology, fail to take advantage of the tools that can so easily protect them. In a survey conducted by the Computer Security Institute, 64 percent of companies who responded said that they had experienced an e-mail security breach during the past 12 months. Respondents added that losses sustained from such security breaches ranged from $300,000 to $25 million. Had these companies been using a secure e-mail service, their e-mail would have been undecipherable.

I believe that we have an innate right to personal privacy, and with this freedom, a duty to act responsibly. The technology needed to ensure an individual's right to privacy on the Internet is available.

However, it is up to each individual to access it. My goal is to give people the tools they need to protect themselves so that, someday, debates about Internet privacy will be unnecessary.

Jon Matonis, President and CEO of Hush Communications Corp., has more than 15 years' management experience in the areas of security and encryption technology, embedded software systems, international payment systems, and foreign exchange.


  1. Doesn't hushmail have to respond to a subpoena? How do we know that hushmail isn't an NSA honeypot?

  2. Yes, Hushmail does have to respond to a subpoena however that is usually by providing an encrypted disk of the target's in box or sent box. Hush does not have a method to decrypt which is what the Hush patent covers and which is why they cannot recover a password if forgotten.

    With respect to NSA and others, end-users always have the option of reviewing the open-source code of the program and java applet and compiling it themselves. Additionally, once you are certain that you have verified the applet, you have the option to store that applet locally for your ongoing password exchange.

    Given that, the remaining potential breach would be a physical keyboard sniffer or a camera above your desk to ascertain your password, but those are weaknesses of PGP as well.