The Dutch National Cyber Security Centre (NCSC) has published its Privacy Enhanced Filter (PEF) as open source software. The PEF tool is a research prototype that removes privacy-sensitive information from captured internet traffic as much as possible, allowing for threat detection and prevention without compromising privacy. It was developed in collaboration with the Netherlands Forensic Institute (NFI) and the NCTV (National Coordinator for Security and Counterterrorism) Safety Through Innovation Program.
The software is written in the Java programming language and searches pcap/pcapng files or streams for IP addresses in DNS-related network packets. Packets of this type typically contain information used to translate domain names to IP addresses, and vice versa. The authors compare their tool to the privacy filter used by Google to blur licence plates and faces in its Street View application.
Personal data
The publication of the PEF tool did not go smoothly. Just a few days after it was published, the NCSC had to take the PEF software temporarily offline when personal data was found in the code. In compliance with the obligations set by Dutch law, the Centre reported the breach to the Dutch Data Protection Authority (AP). Two weeks later, after removing all personal data from the code in collaboration with NFI, the PEF tool was once again made available to the public. The software is available from GitHub under the ALv2 license.