[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Carnivore News


   "The CALEA Implementation Section (CIS) of the Federal Bureau of
   Investigation (FBI) submitted a contribution that proposed a
   functional approach to separating packet content from packet
   identifying information. Further, the FBI requested the opportunity to
   present technology it currently uses to separate identifying
   information from content known as 'Carnivore.'
   The Carnivore presentation was provided by law enforcement's Data
   Intercept Technology Program at the FBI's Engineering Research
   Facility from Quantico, Virginia. The presenters described the current
   law enforcement techniques for separating identifying information from
   content to comply with lawfully authorized surveillance orders. In
   summary, law enforcement, in cooperation with a service provider
   pursuant to legal authorization, gains access to a packet stream in
   which the target's communications reside. The access is made on the
   service provider's premises using law enforcement equipment.
   According to the presenters, the target's communications are
   identified through use of a filtering program developed by law
   enforcement. In a Pen Register or Trap and Trace Order only the
   relevant information from the target's packets are stored to disk. The
   filter program separates the relevant information from the target's
   content and law enforcement then collects the information.
   The presenters informed JEM II that development of the filter protocol
   was intensive and fluid because of the ever changing nature of packet
   protocols and the constant introduction of new protocols; the
   Carnivore software or filters may need to be updated almost weekly to
   stay current. Carnivore has not been proven effective, as yet, in
   cases where the subject's communications are part of a high bandwidth
   transmission. The presenters acknowledged that to require service
   providers to develop and maintain similar Carnivore-like software
   would be extremely burdensome.
   CIS then presented its contribution, which suggested 'examining the
   full packet stream from the subject in order to gather the relevant
   call-identifying information for delivery to the LEA.' CIS
   acknowledged in its contribution, however, that 'examine[ing] the full
   packet stream and examine protocol layers higher than layer 3 would
   place a high load on existing network elements in most architectures.'
   Accordingly, using the J-STD-025 functional approach to surveillance,
   CIS suggested that "the access function unobtrusively captures the
   complete subject packet stream (including all call content and
   call-identifying information) and distributes it to the delivery
   function." The delivery function in the contribution contains a new
   'sub function' referred to as a Separation Function. The Separation
   Function would remove 'any information the LEA may not be entitled to
   based on the court order [so that in] the case of Title I court
   orders, all communication content information would be removed.' The
   delivery function would then deliver the identifying information to
   the LEA's collection function.
   CIS did not recommend any specific implementation or ownership of the
   Separation Function. CIS acknowledged that "development of separation
   capabilities (i.e. filtering capabilities) within a service provider's
   network may be unrealistic as it would be highly resource intensive,
   very inefficient, and potentially inconsistent between providers". For
   these and other reasons described below there was industry consensus
   in subsequent discussions that it would not be feasible developing
   such a Separation Function independently or through a standards based
   process. To address these issues while also addressing privacy
   concerns, it was discussed that Carnivore-like software could be made
   available to service providers so that the Separation Function
   occurred under service provider management.
   JEM II agreed that Carnivore, as presented by CIS, constitutes a
   potential technical solution for separating content from packet
   information and therefore is included within the JEM report. However,
   numerous industry concerns were raised about the introduction of
   government-provided product into the service provider network.
   Concerns were acknowledged regarding (a) potential liability for
   failure of the product, (b) uncertain impact on the network, (c) terms
   and conditions to obtain the product from government, (d)
   administrative and operational impacts from constant upgrades to the
   filter, (e) scalability, (f) privacy, (g) certification or testing of
   the product, and (h) uncertainty about the scope of the filter (i.e.,
   whether the filter produces information that is coextensive with call
   identifying information and who establishes the criteria for
     -- Committee TR 45 of the Telecommunications Industry Association,
     Report to the Federal Communications Commission on Surveillance of
     Packet-Mode Technologies, September 29, 2000
   "Have you seen the DoJ announcement of the Carnivore review team?  The
   winning proposal
   (http://www.usdoj.gov/jmd/pss/iitritechnicalproposal.pdf) has most of
   the names blacked out -- but during the display, I noticed that the
   overwritten stuff is at the PDF level; I could briefly see some of the
   names during the screen-painting." Cryptome has confirmed that digital
   overwrites in the Carnivore review proposal can be unmasked by cutting
   and pasting the PDF text or by using an Adobe tool for removing
     -- Carnivore Review Proposal Unmasked, September 27, 2000