Last month it became apparent that the Federal Bureau of Investigation (FBI) has an advanced Internet communications monitoring system called Carnivore. The software system, when placed on an Internet Service Provider’s (ISP) computers, scans all email, web browsing, newsgroup posting, etc. for a specified target. In short, all of a suspect’s electronic communications are surveilled. While Justice Department officials insist that Carnivore can only be used on targets under a court order, civil liberties experts warn that Carnivore is simply too easy to use for illegal surveillance. FBI officials have stated that the agency has about 20 Carnivore computers on hand and that the system has been used in fewer than 100 investigations since its introduction in 1999. So far this year, the system has been used in 16 cases, six criminal investigations and 10 incidents involving national security. The FBI has not, however, disclosed how many individual wiretaps were conducted in relation to each case.
Even some government officials are concerned about Carnivore. “It’s the electronic equivalent of listening to everybody’s phone calls to see if it’s the phone call you should be monitoring,” former federal prosecutor Mark Rasch told the Wall Street Journal. “You develop a tremendous amount of information.” Representative Bob Barr (R-GA) described Carnivore as “frightening.”
While there is no law that specifically prohibits governmental use of systems like Carnivore, neither is there any law that specifically allows it. The Electronic Communications Privacy Act (ECPA) allows the real-time interception of electronic communications under a court order, but Carnivore intercepts all of the electronic communications traversing an ISP. FBI representatives argue that only the electronic communications of a specific individual are actually made available by the system.
Shortly after Representative Barr began to make noises about drafting legislation to regulate the use of Carnivore and the American Civil Liberties Union (ACLU) and other privacy advocates began to question the legality of the surveillance system, the FBI began to backtrack on its position somewhat. The federal agency announced it would conduct a privacy audit of its Carnivore system but would not reveal how the surveillance system works. The ACLU responded by filing a Freedom of Information Act (FOIA) request for all “letters, correspondence, tape recordings, notes, data, memoranda, email, computer source and object code, technical manuals [and] technical specifications” related to Carnivore.
A House Judiciary subcommittee hearing was held last month regarding Carnivore. “We would have a problem with full open disclosure, because that, in fact, would allow anyone who chose to develop techniques to spoof what we do an easy opportunity to figure out how to do that,” Donald Kerr, director of the FBI Labs, testified.
The larger problem, unfortunately, seems to be missed by all of the players in this drama. What Carnivore supposedly does—sit on an ISP’s network, sniff packets, and re-route traffic to and from suspected addresses—can already be done by any ISP on the planet. Without the need for a sealed, secret black box even. So, it’s logical to assume that the Carnivore box does something other than that which the FBI says it does.
But that’s not all. Just thinking about this one makes me wake up in a cold sweat: What if the FBI was to install a Carnivore box just inside the main router of every ISP in the United States. Then not only could it monitor all Internet traffic coming into and going out of every U.S. ISP, it could also use Carnivore to instantly shut down the U.S. portion of the Internet.
0 responses. Comments closed for this article.