[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FBI Uses SORM-like Surveillance System




------- Forwarded message follows -------
Date sent:      	Tue, 11 Jul 2000 13:17:55 -0400
From:           	David Sobel <sobel@epic.org>
Subject:        	FBI Uses SORM-like Surveillance System
To:             	GILC Plan <gilc-plan@gilc.org>
Send reply to:  	gilc-plan@gilc.org


FBI system covertly searches e-mail
By Neil King Jr. and Ted Bridis, WSJ Interactive Edition
July 11, 2000 6:01 AM PT URL:
http://www.zdnet.com/zdnn/stories/news/0,4586,2601502,00.html

WASHINGTON -- The U.S. Federal Bureau of Investigation is using
a superfast system called Carnivore to covertly search e-mails
for messages from criminal suspects.

Essentially a personal computer stuffed with specialized
software, Carnivore represents a new twist in the federal
government's fight to sustain its snooping powers in the
Internet age. But in employing the system, which can scan
millions of e-mails a second, the FBI has upset privacy
advocates and some in the computer industry. Experts say the
system opens a thicket of unresolved legal issues and privacy
concerns.

The FBI developed the Internet wiretapping system at a special
agency lab at Quantico, Va., and dubbed it Carnivore for its
ability to get to "the meat" of what would otherwise be an
enormous quantity of data. FBI technicians unveiled the system
to a roomful of astonished industry specialists here two weeks
ago in order to steer efforts to develop standardized ways of
complying with federal wiretaps. Federal investigators say they
have used Carnivore in fewer than 100 criminal cases since its
launch early last year.

Word of the Carnivore system has disturbed many in the Internet
industry because, when deployed, it must be hooked directly into
Internet service providers' computer networks. That would give
the government, at least theoretically, the ability to eavesdrop
on all customers' digital communications, from e-mail to online
banking and Web surfing.

The system also troubles some Internet service providers, who
are loath to see outside software plugged into their systems. In
many cases, the FBI keeps the secret Carnivore computer system
in a locked cage on the provider's premises, with agents making
daily visits to retrieve the data captured from the provider's
network. But legal challenges to the use of Carnivore are few,
and judges' rulings remain sealed because of the secretive
nature of the investigations.

Internet eavesdropping Internet wiretaps are conducted only
under state or federal judicial order, and occur relatively
infrequently. The huge majority of wiretaps continue to be the
traditional telephone variety, though U.S. officials say the use
of Internet eavesdropping is growing as everyone from drug
dealers to potential terrorists begins to conduct business over
the Web.

The FBI defends Carnivore as more precise than Internet wiretap
methods used in the past. The bureau says the system allows
investigators to tailor an intercept operation so they can pluck
only the digital traffic of one person from among the stream of
millions of other messages. An earlier version, aptly code-named
Omnivore, could suck in as much as to six gigabytes of data
every hour, but in a less discriminating fashion.

Still, critics contend that Carnivore is open to abuse.

Mark Rasch, a former federal computer-crimes prosecutor, said
the nature of the surveillance by Carnivore raises important
privacy questions, since it analyzes part of every snippet of
data traffic that flows past, if only to determine whether to
record it for police.

"It's the electronic equivalent of listening to everybody's
phone calls to see if it's the phone call you should be
monitoring," Rasch said. "You develop a tremendous amount of
information."

Others say the technology dramatizes how far the nation's laws
are lagging behind the technological revolution. "This is a
clever way to use old telephone-era statutes to meet new
challenges, but clearly there is too much latitude in the
current law," said Stewart Baker, a lawyer specializing in
telecommunications and Internet regulatory matters.

Privacy and security concernsRobert Corn-Revere, of the Hogan &
Hartson law firm here, represented an unidentified Internet
service provider in one of the few legal fights against
Carnivore. He said his client worried that the FBI would have
access to all the e-mail traffic on its system, raising dire
privacy and security concerns. A federal magistrate ruled
against the company early this year, leaving it no option but to
allow the FBI access to its system.

"This is an area in desperate need of clarification from
Congress," said Corn-Revere.

"Once the software is applied to the ISP, there's no check on
the system," said Rep. Bob Barr (R., Ga.), who sits on a House
judiciary subcommittee for constitutional affairs. "If there's
one word I would use to describe this, it would be
'frightening."'

Marcus Thomas, chief of the FBI's Cyber Technology Section at
Quantico, said Carnivore represents the bureau's effort to keep
abreast of rapid changes in Internet communications while still
meeting the rigid demands of federal wiretapping statutes. "This
is just a very specialized sniffer," he said.

He also noted that criminal and civil penalties prohibit the
bureau from placing unauthorized wiretaps, and any information
gleaned in those types of criminal cases would be thrown out of
court. Typical Internet wiretaps last around 45 days, after
which the FBI removes the equipment. Thomas said the bureau
usually has as many as 20 Carnivore systems on hand, "just in
case."

FBI experts acknowledge that Carnivore's monitoring can be
stymied with computer data such as e-mail that is scrambled
using powerful encryption technology. Those messages still can
be captured, but law officers trying to read the contents are
"at the mercy of how well it was encrypted," Thomas said.

Most of the criminal cases where the FBI used Carnivore in the
past 18 months focused on what the bureau calls "infrastructure
protection," or the hunt for hackers, though it also was used in
counterterrorism and some drug-trafficking cases.

......................................................................
. David L. Sobel, General Counsel              *   +1 202 483 1140
(tel) Electronic Privacy Information Center        *   +1 202 483 1248
(fax) 1718 Connecticut Ave., N.W. Suite 200        *   sobel@epic.org
Washington, DC 20009   USA                   *   http://www.epic.org .


------- End of forwarded message -------