IP: House hearing on FBI's "Carnivore" : Risks Digest 20.97

[Dave Farber <farber () cis upenn edu>]

> Date: Wed, 26 Jul 2000 23:04:40 -0400
> From: Alan Davidson <abd () cdt org>
> Subject: House hearing on FBI's "Carnivore"
>
>   [Written by Lina Tilman <ltilman () cdtmail org>]
>
> Oversight Hearing on Fourth Amendment Issues
> Raised by FBI's "Carnivore" Program
> Subcommittee on the Constitution, House Committee on the Judiciary
> Monday, July 24, 2000, 1:00 p.m.
>
> Chairman Canady opened the hearing by introducing the Carnivore system as
> one that "isolates, intercepts and collects" information that passes through
> an ISP. Canady expressed hope that evaluations of the system would be based
> on facts instead of "irrational fears and suspicions". Canady concluded by
> acknowledging the potential for abuse of the system as a significant
> concern.
>
> Rep. Watt briefly addressed his concern regarding Big Brother in general and
> the government's ability to invade citizens' privacy in particular. Watt
> acknowledged that such ability has been enhanced by advancements in
> information and communication technologies.
>
> Rep. Hyde first noted the legitimate need of the law enforcement to access
> information required for criminal investigations. Hyde then described the
> tension between such necessary access and the citizens' right to the
> "valuable commodity" of privacy.
>
> Rep. Conyers introduced a number of questions as part of his inquiry into
> Carnivore's ability to "bite more than it can chew". Conyers first noted his
> concern regarding the applicability of the pen register authority, under
> which Carnivore collects transactional electronic data, to the online
> environment. Conyers' other concerns included the FBI's refusal to allow
> ISPs themselves to deliver the necessary information once a lawful order is
> obtained.
>
> Rep. Hutchinson stated that while Carnivore appeared to be a minimization
> tool, there exist legitimate questions regarding its application. Concerns
> include proper monitoring of Carnivore's collection and filtering of e-mail
> communication. Hutchinson mentioned the Privacy Commission bill, which he
> co-sponsors with Rep.  Moran, as an attempt to establish a body of experts
> who would, among other things, examine the data collection practices of law
> enforcement to determine whether they violate the privacy rights of the
> U.S. citizens.
>
> Rep. Bachus stated that in Carnivore's case, technology appears to have
> "outrun the law". Bachus expressed his suspicion that criminals would easily
> evade the system and it would exclusively monitor the communications of law
> abiding citizens. Bachus further expressed his concern regarding
> illegitimate access to confidential files within agencies such as the FBI.
>
> The  first panel  consisted  of Dr.  Donald  Kerr, FBI  lab director,  Larry
> Parkinson, FBI General Counsel, Kevin DiGregory, DOJ and David Green, DOJ.
>
> Dr. Kerr introduced FBI's Carnivore as a tool, analogous to a "packet
> sniffer", of lawful interception of criminal communication. After being
> installed on a network pursuant to a court order, Carnivore collects the
> transactional information of its targets' e-mails; its configuration and
> filter settings depend on the specifics of the court order. Carnivore
> conducts neither broad searches nor long-term surveillance; instead, it
> filters out all content information and stores only the non-content "to" and
> "from" lines of targeted communication. Carnivore is passive on the network
> and is used only by a technical team of the law enforcement; in its two
> years of existence, it has been used very infrequently and
> narrowly. Dr. Kerr concluded by stating that the FBI presently plans an
> independent review of the system by industry and academic experts.
>
> Mr. Parkinson testified that Carnivore is a minimization tool that operates
> under substantial oversight. Mr. DiGregory, in turn, argued that Carnivore
> is equivalent to other simple investigative tools that law enforcement uses
> offline.
>
> Chairman Canady asked whether Carnivore captures the URLs of communications
> with Web sites. The panelists answered that it does not, unless a URL is
> included in the transactional information of an e-mail. Rep. Watt appeared
> upset that independent review was scheduled after Carnivore has been in use
> for two years. A number of Members expressed distrust regarding the law
> enforcement's use of Carnivore under described limitations. Rep. Hutchinson
> asked whether the FBI has ever captured content that it then had to filter
> out. The panelists answered that it has not. Panelists noted that in
> addition to restrictions and specifications that limit data collection prior
> to Carnivore's activation, there exist safeguards on law enforcement's use
> of collected data when it is first examined and, later, at trial.
>
> The second panel consisted of Barry Steinhardt, ACLU, Alan Davidson, CDT,
> Tom Perrine, Pacific Institute for Computer Security, Robert Corn-Revere,
> Hogan & Hartson, Matt Blaze, AT&T Labs, Stewart Baker, Steptoe & Johnson,
> and William Sachs, ICONN.
>
> Mr. Steinhardt stated that Carnivore is an unprecedented maximization tool
> that has the potential to access all communications that pass through an
> ISP. Mr. Steinhardt analogized Carnivore to a digital wiretap, expressing
> concern that its broad access is inconsistent with restrictions set by the
> Fourth Amendment and the ECPA. Mr.  Steinhardt noted that the FBI has a
> "checkered past" with regards to First and Fourth Amendment violations.
>
> Mr. Davidson addressed the differences between transactional data in the on-
> and off-line environments, noting that off-line Fourth Amendment protections
> do not neatly translate into online communications. Davidson showed a series
> of slides that displayed sample packets that Carnivore could obtain; he
> argued that "non-content" data that Carnivore currently accesses under a pen
> register or trap and trace authorization reveal a great amount the actual
> content of a target's communication. Davidson argued that Congress must
> increase statutory protections for electronic communications, raising the
> Carnivore authorization standard from relevant to probable cause.
>
> Mr. Perrine noted that Carnivore is technically capable of monitoring all
> traffic that passes through the network. Mr. Perrine spoke about the
> inapplicability of telephony concepts to the online environment.  He stated
> that the FBI's use of Carnivore lacks accountability, noting that it is
> impossible to monitor the system or keep track of its configurations or
> filters without the knowledge of its source code. Mr. Perrine argued that
> Carnivore represents a threat to privacy that is protected under original
> wiretap legislation.
>
> Mr. Corn-Revere argued against a number of points brought up by government
> witnesses on the first panel. Mr. Corn-Revere appeared skeptical that the
> FBI would use Carnivore's capabilities in limited ways that protect
> individuals' privacy. He noted disconcerting implications inherent in the
> system's ability to switch its level of surveillance. In conclusion,
> Mr. Corn-Revere stated that there presently exists no way to ensure
> accountability of FBI's use of Carnivore.
>
> Mr. Blaze argued that while the FBI operates with good intentions, it is
> difficult to ensure that Carnivore operates as intended. The system may
> inadequately filter, target the wrong individual or extract pieces of
> communication out of context. Mr. Blaze noted that large-scale systems such
> as Carnivore are problematic and tend to fail silently -- without operators'
> knowledge -- due to bugs, vulnerabilities and mistakes. Mr. Blaze argued
> that widespread publication of Carnivore's source code and architecture is
> the best way to ensure its soundness.  [See
>   http://www.crypto.com/papers/openwiretap.html; PGN]
>
> Mr. Baker stated that communication concepts from the telephony world do not
> apply to electronic communication. Mr. Baker argued that it is "crazy" and
> "bizarre" not to acknowledge that there exists a reasonable expectation of
> privacy in the content-revealing "to" and "from" lines of an e-mail. He
> urged the Members to institute a notice requirement when a system such as
> Carnivore monitors e-mail communications.
>
> Mr. Sachs testified that ISPs are capable of providing the FBI with
> requested communications when a lawful order exists. He noted that Carnivore
> represents the most intrusive method of obtaining transactional data of
> e-mail messages. Mr. Sachs acknowledged that albeit technically feasible,
> such monitoring by an ISP discourages free online communication, protected
> by the First Amendment, and slows down network traffic.
>
> During the Q&A period, Davidson noted that little is known about Carnivore's
> precise capabilities and functions. Rep. Watt expressed concern that
> currently available Carnivore-like electronic surveillance systems allow
> anyone to monitor online traffic.  Panelists noted that there exists an
> a-priori legal issue with the FBI's installation of Carnivore -- in the
> telephony world, the FBI would not be able to install, on a telephone
> service provider's network, a device that would monitor all passing
> communications.  Panelists and Members appeared to agree that there must
> exist a notice requirement; presently, notice depends on the individual
> ISPs' policies. Davidson argued that two things must occur: (1) the standard
> for access to transactional data on the Internet must be raised, and (2)
> "trap and trace" must be re-defined for the online environment. Mr. Perrine
> noted that according to the Supreme Court, transactional data may not
> disclose the target's identity. Mr.  Steinhardt observed that the FBI
> witnesses addressed the use of Carnivore in the e-mail context only; it
> remains unclear how the system monitors files transferred using other
> protocols. Furthermore, it is unclear what statutory protections govern such
> file transfers.  Mr. Steinhardt argued that the notion and significance of
> non-content data has changed since CALEA was adopted, and urged the Members
> to consider two changes to existing surveillance guidelines: (1) judges
> should be given discretion in matters of online pen register and trap and
> trace orders, and (2) the standard for obtaining a pen register and trap and
> trace must be raised for both the online and the telephony environments.
>
> Lina Tilman, Center for Democracy and Technology
> 1634 Eye St. NW Suite 1100, Washington, DC 20006
> 202 637 9800  fax 202 637 0968
> ltilman () cdtmail org  http://www.cdt.org/
>
>   [From EPIC Alert 7.14, 27 Jul 2000, http://www.epic.org, I find
> Testimony presented at the House Judiciary Committee hearing:
>       http://www.house.gov/judiciary/2.htm
> The hearing can be viewed in its entirety over the web at:
>       http://www.cspan.org/technology_science/
> More on the history of FBI monitoring of Internet communications and the
> "digital telephony" law (or CALEA) is available at the EPIC Wiretap Page:
>       http://www.epic.org/privacy/wiretap/
>   PGN]