SCN: Carnivore

[Steve]

x-no-archive: yes

=========================

FBI's System to Covertly Search E-Mail Raises Legal Issues, 
Privacy Concerns

by Neil King Jr. and Ted Bridis

(Wall Street Journal)---The U.S. Federal Bureau of Investigation is 
using a superfast system called Carnivore to covertly search e-
mails for messages from criminal suspects.  

Essentially a personal computer stuffed with specialized software, 
Carnivore represents a new twist in the federal government's fight to 
sustain its snooping powers in the Internet age. But in employing 
the system, which can scan millions of e-mails a second, the FBI 
has upset privacy advocates and some in the computer industry. 
Experts say the system opens a thicket of unresolved legal issues 
and privacy concerns.  

The FBI developed the Internet wiretapping system at a special 
agency lab at Quantico, Va., and dubbed it Carnivore for its ability to 
get to "the meat" of what would otherwise be an enormous quantity 
of data. FBI technicians unveiled the system to a roomful of 
astonished industry specialists here two weeks ago in order to steer 
efforts to develop standardized ways of complying with federal 
wiretaps. Federal investigators say they have used Carnivore in 
fewer than 100 criminal cases since its launch early last year.  

Word of the Carnivore system has disturbed many in the Internet 
industry because, when deployed, it must be hooked directly into 
Internet service providers' computer networks. That would give the 
government, at least theoretically, the ability to eavesdrop on all 
customers' digital communications, from e-mail to online banking 
and Web surfing.  

The system also troubles some Internet service providers, who are 
loath to see outside software plugged into their systems. In many 
cases, the FBI keeps the secret Carnivore computer system in a 
locked cage on the provider's premises, with agents making daily 
visits to retrieve the data captured from the provider's network. But 
legal challenges to the use of Carnivore are few, and judges' rulings 
remain sealed because of the secretive nature of the investigations. 
 
Internet wiretaps are conducted only under state or federal judicial 
order, and occur relatively infrequently. The huge majority of 
wiretaps continue to be the traditional telephone variety, though U.S. 
officials say the use of Internet eavesdropping is growing as 
everyone from drug dealers to potential terrorists begins to conduct 
business over the Web.  

The FBI defends Carnivore as more precise than Internet wiretap 
methods used in the past. The bureau says the system allows 
investigators to tailor an intercept operation so they can pluck only 
the digital traffic of one person from among the stream of millions of 
other messages. An earlier version, aptly code-named Omnivore, 
could suck in as much as to six gigabytes of data every hour, but in 
a less discriminating fashion.  

Still, critics contend that Carnivore is open to abuse.  

Mark Rasch, a former federal computer-crimes prosecutor, said the 
nature of the surveillance by Carnivore raises important privacy 
questions, since it analyzes part of every snippet of data traffic that 
flows past, if only to determine whether to record it for police.  

"It's the electronic equivalent of listening to everybody's phone 
calls to see if it's the phone call you should be monitoring," Mr. 
Rasch said. "You develop a tremendous amount of information."  

Others say the technology dramatizes how far the nation's laws are 
lagging behind the technological revolution. "This is a clever way to 
use old telephone-era statutes to meet new challenges, but clearly 
there is too much latitude in the current law," said Stewart Baker, a 
lawyer specializing in telecommunications and Internet regulatory 
matters.  

Robert Corn-Revere, of the Hogan & Hartson law firm here, 
represented an unidentified Internet service provider in one of the 
few legal fights against Carnivore. He said his client worried that the 
FBI would have access to all the e-mail traffic on its system, raising 
dire privacy and security concerns. A federal magistrate ruled 
against the company early this year, leaving it no option but to allow 
the FBI access to its system.  

"This is an area in desperate need of clarification from Congress," 
said Mr. Corn-Revere.  

"Once the software is applied to the ISP, there's no check on the 
system," said Rep. Bob Barr (R., Ga.), who sits on a House judiciary 
subcommittee for constitutional affairs. "If there's one word I would 
use to describe this, it would be 'frightening."'  

Marcus Thomas, chief of the FBI's Cyber Technology Section at 
Quantico, said Carnivore represents the bureau's effort to keep 
abreast of rapid changes in Internet communications while still 
meeting the rigid demands of federal wiretapping statutes. "This is 
just a very specialized sniffer," he said.  

He also noted that criminal and civil penalties prohibit the bureau 
from placing unauthorized wiretaps, and any information gleaned in 
those types of criminal cases would be thrown out of court. Typical 
Internet wiretaps last around 45 days, after which the FBI removes 
the equipment. Mr. Thomas said the bureau usually has as many as 
20 Carnivore systems on hand, "just in case."  

FBI experts acknowledge that Carnivore's monitoring can be 
stymied with computer data such as e-mail that is scrambled using 
powerful encryption technology. Those messages still can be 
captured, but law officers trying to read the contents are "at the 
mercy of how well it was encrypted," Mr. Thomas said.  

Most of the criminal cases where the FBI used Carnivore in the past 
18 months focused on what the bureau calls "infrastructure 
protection," or the hunt for hackers, though it also was used in 
counterterrorism and some drug-trafficking cases.

Copyright 2000 Dow Jones & Company, Inc.













* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *