http://www.newsfactor.com/perl/story/7873.html
SilentRunner Spyware Out-Snoops FBI's Carnivore
Jay Lyman
March 02, 2001
A network surveillance program called SilentRunner is raising the level of
security for business and government, but the increased monitoring of both
employees and networks is proving too quiet for many privacy advocates. There
is a reason companies keep their use of Silent Runner hushed, much the way
the software monitors employees and networks undetected and unseen. Not
wanting to draw attention to itself, particularly from hackers, the security
program relies on its stealth.
And few companies understand industrial-strength stealth better than
SilentRunner's creator, giant defense contractor Raytheon. But SilentRunner
is drawing criticism from privacy advocates who say that the right to remain
anonymous and criticize an employer should not be jeopardized simply because
a company has the technology to listen in.
Silent Watcher
Used increasingly by both business and government to monitor employees,
networks and threats, SilentRunner collects information throughout a computer
network in any language or coding. The sophisticated program, which can
recognize more than 1,400 protocols, analyzes e-mail, Web pages, digital or
music files, word documents, instant messaging passwords and more. Touted as
better than other commercial "sniffer" programs and more comprehensive than
even the U.S. Federal Bureau of Investigation's much-criticized Carnivore,
SilentRunner analyzes information from 25 different angles, using algorithms
instead of key words. "It greatly assists with decoding and analysis,"
SilentRunner director of marketing Patrice Bourgeois told NewsFactor Network.
"We can do a 100 kilobyte file in a one screen presentation."
Privacy Policy
However, the fact that such a sophisticated and comprehensive tool is so hard
to detect worries some privacy advocates, who argue that the monitoring could
easily go too far. Electronic Frontier Foundation director of public policy
Lauren Gelman told NewsFactor that companies are increasingly using
technology that infringes on privacy rights. She characterized SilentRunner
as "a piece of technology with a broad range of applications, from low-level
monitoring that would be considered totally acceptable, to beyond the scope
of even what the law allows." Added Gelman: "The issue becomes, how much
value is there in making technology available that could be used to eliminate
even legally protected rights in the workplace."
Framing the Debate
Bourgeois disagreed, telling NewsFactor that SilentRunner is simply a tool,
and that the debate about privacy issues should revolve around the policies
of the companies that use the program. "This is probably the least intrusive
because it clusters like things," Bourgeois said. "It's a quick tool. It's
really not that intrusive, compared with the other security methodologies out
there."
Fast Runner
Released last summer, SilentRunner has been sold to nearly 150 companies and
government agencies eager to bolster security and tighten their control of
company secrets and assets. Still, only a couple of companies -- security
snoop TruSecure and the consulting firm of Deloitte and Touche -- have
admitted using the program, which ranges in price from US$25,000 to $65,000
per copy. Bourgeois said the government agencies, technology, finance and
pharmaceutical companies that use SilentRunner focus on network anomalies,
misuse, risk assessment and computer forensics.
Up to Them
"We've had success and the uses are varied," Bourgeois told NewsFactor. "I'd
say that 80 percent of the clients use the product for protection of
intellectual property and confidential data." Bourgeois again stressed the
importance of the individual privacy and other policies of SilentRunner
customers, who would usually retain the right to read every outgoing e-mail
regardless of what security software they use. "We don't provide security or
legal advice to our clients," she said. "It's a tool." While companies using
SilentRunner are likely to continue keeping it under wraps, the number of
employees and networks being monitored will continue to increase as security
issues become increasingly critical.
