SCN: Carnivore
Steve
steve at advocate.net
Tue Jul 11 09:17:06 PDT 2000
x-no-archive: yes
=========================
FBI's System to Covertly Search E-Mail Raises Legal Issues,
Privacy Concerns
by Neil King Jr. and Ted Bridis
(Wall Street Journal)---The U.S. Federal Bureau of Investigation is
using a superfast system called Carnivore to covertly search e-
mails for messages from criminal suspects.
Essentially a personal computer stuffed with specialized software,
Carnivore represents a new twist in the federal government's fight to
sustain its snooping powers in the Internet age. But in employing
the system, which can scan millions of e-mails a second, the FBI
has upset privacy advocates and some in the computer industry.
Experts say the system opens a thicket of unresolved legal issues
and privacy concerns.
The FBI developed the Internet wiretapping system at a special
agency lab at Quantico, Va., and dubbed it Carnivore for its ability to
get to "the meat" of what would otherwise be an enormous quantity
of data. FBI technicians unveiled the system to a roomful of
astonished industry specialists here two weeks ago in order to steer
efforts to develop standardized ways of complying with federal
wiretaps. Federal investigators say they have used Carnivore in
fewer than 100 criminal cases since its launch early last year.
Word of the Carnivore system has disturbed many in the Internet
industry because, when deployed, it must be hooked directly into
Internet service providers' computer networks. That would give the
government, at least theoretically, the ability to eavesdrop on all
customers' digital communications, from e-mail to online banking
and Web surfing.
The system also troubles some Internet service providers, who are
loath to see outside software plugged into their systems. In many
cases, the FBI keeps the secret Carnivore computer system in a
locked cage on the provider's premises, with agents making daily
visits to retrieve the data captured from the provider's network. But
legal challenges to the use of Carnivore are few, and judges' rulings
remain sealed because of the secretive nature of the investigations.
Internet wiretaps are conducted only under state or federal judicial
order, and occur relatively infrequently. The huge majority of
wiretaps continue to be the traditional telephone variety, though U.S.
officials say the use of Internet eavesdropping is growing as
everyone from drug dealers to potential terrorists begins to conduct
business over the Web.
The FBI defends Carnivore as more precise than Internet wiretap
methods used in the past. The bureau says the system allows
investigators to tailor an intercept operation so they can pluck only
the digital traffic of one person from among the stream of millions of
other messages. An earlier version, aptly code-named Omnivore,
could suck in as much as to six gigabytes of data every hour, but in
a less discriminating fashion.
Still, critics contend that Carnivore is open to abuse.
Mark Rasch, a former federal computer-crimes prosecutor, said the
nature of the surveillance by Carnivore raises important privacy
questions, since it analyzes part of every snippet of data traffic that
flows past, if only to determine whether to record it for police.
"It's the electronic equivalent of listening to everybody's phone
calls to see if it's the phone call you should be monitoring," Mr.
Rasch said. "You develop a tremendous amount of information."
Others say the technology dramatizes how far the nation's laws are
lagging behind the technological revolution. "This is a clever way to
use old telephone-era statutes to meet new challenges, but clearly
there is too much latitude in the current law," said Stewart Baker, a
lawyer specializing in telecommunications and Internet regulatory
matters.
Robert Corn-Revere, of the Hogan & Hartson law firm here,
represented an unidentified Internet service provider in one of the
few legal fights against Carnivore. He said his client worried that the
FBI would have access to all the e-mail traffic on its system, raising
dire privacy and security concerns. A federal magistrate ruled
against the company early this year, leaving it no option but to allow
the FBI access to its system.
"This is an area in desperate need of clarification from Congress,"
said Mr. Corn-Revere.
"Once the software is applied to the ISP, there's no check on the
system," said Rep. Bob Barr (R., Ga.), who sits on a House judiciary
subcommittee for constitutional affairs. "If there's one word I would
use to describe this, it would be 'frightening."'
Marcus Thomas, chief of the FBI's Cyber Technology Section at
Quantico, said Carnivore represents the bureau's effort to keep
abreast of rapid changes in Internet communications while still
meeting the rigid demands of federal wiretapping statutes. "This is
just a very specialized sniffer," he said.
He also noted that criminal and civil penalties prohibit the bureau
from placing unauthorized wiretaps, and any information gleaned in
those types of criminal cases would be thrown out of court. Typical
Internet wiretaps last around 45 days, after which the FBI removes
the equipment. Mr. Thomas said the bureau usually has as many as
20 Carnivore systems on hand, "just in case."
FBI experts acknowledge that Carnivore's monitoring can be
stymied with computer data such as e-mail that is scrambled using
powerful encryption technology. Those messages still can be
captured, but law officers trying to read the contents are "at the
mercy of how well it was encrypted," Mr. Thomas said.
Most of the criminal cases where the FBI used Carnivore in the past
18 months focused on what the bureau calls "infrastructure
protection," or the hunt for hackers, though it also was used in
counterterrorism and some drug-trafficking cases.
Copyright 2000 Dow Jones & Company, Inc.
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list