[IDG News Service - 7/25/00 - WASHINGTON] - Under the onslaught of questions (from a House of Representatives subcommittee), FBI officials and representatives from the Department of Justice remained firm in their defense of Carnivore. They called it a "minimalization tool" needed to catch drug dealers, child pornographers and terrorists who have begun using e-mail in illegal endeavors in the same way they have used the telephone and other technologies.
"We think it's a well-focused capability," said Donald Kerr, director of the FBI's lab division. "It uses some of the very attributes of the Internet, in particular the Internet protocol addressing capability - the to and from lines - of the e-mail in order to restrict our collection to just those who are the targets of the court order. In a sense, it's automatic minimization up front."
The FBI has worked on the development of Carnivore over the past three years, Kerr said. The system has been installed at ISPs 25 times, including in 16 cases this year - six involving criminal investigations and 10 involving national security investigations. The law enforcement officials declined to provide specific details about the cases because none has been fully prosecuted.
Most of the ISPs that have installed Carnivore have been small companies that don't have the equipment and technical expertise to give investigators the information outlined in court orders. Larger ISPs, with the exception of Earthlink, haven't been affected by Carnivore, which Kerr said is passive on the network and doesn't interfere with the delivery of e-mail, because they have the ability to give the FBI what it needs.
In every case but the one involving Earthlink, the ISPs cooperated with the court order, Kerr said. Earthlink tried to develop software "in real time," he said, and could not provide all the information the FBI sought. Consequently, the agents returned to the judge and Earthlink was "compelled to move ahead," Kerr said.
Kerr described Carnivore as a desktop-like Windows-based PC and software, a package that is partly available off the shelf. It is attached to an ISP's network either to provide investigators with either the names of people with whom a suspect is communicating or the ability to read the full content of a suspect's e-mail. If investigators want to read e-mail content, they must meet the higher legal standard of "probable cause," which means they must have a strong reason to believe criminal activity is ongoing.
However, if investigators only want to know with whom a suspect is communicating, they have to meet a lower standard. Those orders are called "trap and trace," which provide the names of the senders, and "pen register," which provide the names of the people to whom the suspect sends e-mail.
The name Carnivore is something the FBI now regrets, agency officials have said, because it implies that the system devours large quantities of information the way a lion consumes fresh meat. Kerr explained that the system is actually a packet sniffer similar to the types of technology used by network administrators to diagnose problems on their networks. Carnivore can pick up only the packets that use the Internet protocol address to which the FBI has been granted access by court order, Kerr said.
The system does not monitor all traffic moving across an ISP's servers but rather sees a subset of that data, which the ISP provides, depending on the specifications of the court order, and only data permitted by the court order is filtered out, Kerr said.
"In every case, we require a court order; that court order is specific to the [IP addresses] we can target," Kerr said, reiterating details that the FBI released in a press briefing on Friday. In the case of trap and trace and pen register uses, law enforcement agents are not permitted to read the subject line of an e-mail and do not capture that information, Kerr said.
However, there was a high degree of skepticism among members of the subcommittee on that point, because Carnivore must gather volumes of information and analyze it to return the desired information.
Representative Spencer Bachus, a Republican from Alabama, said the FBI's explanation raised concern that some people in the FBI or close to it could have free rein to check up on what their ex-spouses or political enemies were doing.
"You can't go to AT&T today and say, 'we are going to analyze all the phone calls that go through your system,' but you can do that with Carnivore?" Bachus asked.
Kerr first said the FBI has neither "the right nor the ability to just go fishing," but when Bachus persisted, saying technology would enable law enforcement officers to monitor here and there, Kerr said, "In principle we could do that." But he said it would be extremely unlikely because an agent who did that would face a fine and up to five years in jail.
Kerr said the FBI was seeking an independent laboratory to carry out a verification and validation process and has contacted the San Diego Supercomputer Center in California to ask whether it would conduct the tests. The FBI intends to have the verification and validation within the next few months, Kerr said.
In accordance with Title 17 U.S.C. section 107, this material is distributed without profit or payment to those who have expressed a prior interest in receiving this information for non-profit research and educational purposes only.
[posted 7/28/00]
Join Refuse
& Resist!
305 Madison Ave., Suite 1166, New York, NY 10165
Phone: 212-713-5657
email: info@refuseandresist.org