New documents shed more light on FBI's "Carnivore"

[InfoSec News <isn () C4I ORG>]

http://news.cnet.com/news/0-1005-200-3731884.html?tag=st.ne.1002.thed.ni

By Rachel Konrad
Staff Writer, CNET News.com
November 16, 2000, 5:15 p.m. PT

The FBI released additional documents about its controversial
Carnivore technology Thursday, and critics immediately lambasted it as
proof that the email-tapping program is more powerful and invasive
than the government has disclosed.

The Electronic Privacy Information Center (EPIC), which sued the FBI
for the information through the Freedom of Information Act (FOIA),
said the batch of paperwork indicates that Carnivore can capture and
archive "unfiltered" Internet traffic--contrary to FBI assertions.

"The little information that has become public raises serious
questions about the privacy implications of this technology," EPIC
general counsel David Sobel said in a statement. "The American public
cannot be expected to accept an Internet snooping system that is
veiled in secrecy."

Among the information included in the documents was a sentence stating
that the PC that is used to sift through email "could reliably capture
and archive all unfiltered traffic to the internal hard drive." The
FBI document was dated June 5 and contained scores of deleted words
and phrases.

EPIC did not offer additional details about the source or the purpose
of this particular document.

The FBI has defended the surveillance system, assuring the public that
it only captures email and other online information authorized for
seizure in a court order. According to testimony before the Senate
Judiciary Committee by FBI Assistant Director Donald M. Kerr,
Carnivore uses a software filter to minimize the amount of data the
government can collect.

An independent team from the Illinois Institute of Technology is due
to file a draft "technical report" on the Carnivore system with the
Justice Department on Friday.

The Carnivore system, which is installed at Internet service
providers, captures "packets" of Internet traffic as they travel
through ISP networks. The program sifts through millions of mail
messages, presumably searching for notes sent by people under
investigation.

Carnivore was conceived under the name "Omnivore" in February 1997. It
was proposed originally for a Solaris X86 computer. Omnivore was
replaced by Carnivore running on a Windows NT-based computer in June
1999.

While a useful tool for monitoring specific individuals, the program
has caused an uproar in Congress and among privacy advocates who fear
the FBI's ability to retrieve email belonging to people who are not
under investigation. Senate Judiciary Committee Chairman Orrin Hatch,
R-Utah, and Sen. Patrick Leahy, D-Vt., are among the elected officials
who have publicly criticized the program and called for an independent
investigation.

In late September, the House Judiciary Committee approved in a 20-1
vote a bill by Rep. Charles Canady, R-Fla., that would severely
restrict the FBI's operation of Carnivore. The bill would give email
the same protection awarded to voice conversations under federal
wiretap law.

EPIC is one of Carnivore's staunchest foes. In October, the
organization complained that the FBI's release of 565 pages of
Carnivore documents contained little relevant information. In
particular, EPIC bitterly decried the FBI's refusal to publish source
code to the Carnivore system.

EPIC's FOIA request seeks the public release of all FBI records
concerning Carnivore, including the source code, other technical
details and legal analyses addressing the potential privacy
implications of the technology.

At an emergency hearing Aug. 2, U.S. District Judge James Robertson
ordered the FBI to report back to the court by Aug. 16 and to identify
the amount of material at issue and the Bureau's schedule for
releasing it. The FBI subsequently reported that 3,000 pages of
material were located, but it refused to commit to a delivery date.

The batch of documents released Thursday represents the second
installment, and the FBI is required to release additional files at
regular intervals until all 3,000 pages have been delivered to EPIC.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".