Illinois Institute of Technology team to dissect FBI's 'Carnivore'

[William Knowles <wk () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500262734-500406553-502465617-0,00.html

[WK Note: John Young has a partial list of the rest of the IIT team
working on the Canivore review, and from all appearances it looks like
the deck is stacked in the DoJ's favor with all the parties either
having Top Secret clearances from all of the fun federal agencies or
have worked in the past on other large government projects. Check it
all out at: http://cryptome.org/carnivore-mask.htm ]


CHICAGO (September 27, 2000 7:38 a.m. EDT http://www.nandotimes.com) -
A team of legal scholars and information technology experts affiliated
with the Illinois Institute of Technology has been picked to review
the FBI's criticized "Carnivore" e-mail surveillance system.

Six people - four from the IIT Research Institute's Virginia facility
and two legal experts who specialize in privacy issues - will begin
the analysis Wednesday at a laboratory in Lanham, Md.

The Justice Department hired the group Tuesday to analyze whether
"Carnivore" has adequate protections against abuse. The team expects
to finish a report for public comment in December.

"Often there are more protections with concern to government
surveillance than private ... but as citizens we should be concerned
about both," said Harold Krent, one of the legal experts who is
associate dean of Chicago-Kent College of Law.

The project's goal is to see whether Carnivore increases the risk that
FBI agents or someone else - intentionally or unintentionally, legally
or illegally - will see electronic communications they have no right
to see, and whether Carnivore can safeguard against that risk.

Krent said he believes his team was chosen because "we were one of the
few proposals that talked about an interdisciplinary review" - both
technical and legal.

He said legal questions might include how Carnivore differentiates
between people with the same names, or those who use aliases. He said
the system also must account for people who might be using more than
one information service provider, such as America Online or
Mindspring.

Carnivore has drawn criticism from Congress and civil libertarians.
And some academics objected to FBI insistence on both security checks
of evaluation panel members and on veto power over any changes in that
panel, saying it could exclude critics of government surveillance.

They also criticized Justice's insistence on the right to edit the
team's report. The Massachusetts Institute of Technology withdrew from
the bidding because of its objections, said a senior Justice official,
who spoke on condition of anonymity.

The government said 11 private and academic organizations bid to do
the project.

"The review team will have full access to any information they need to
perform their review," said Assistant Attorney General Stephen
Colgate, who led the selection process. "This organization has both
the technical expertise and the dedication to the project to provide
the most thorough, independent and timely review."

Krent and other members of the IIT team said they are confident they
can work independently enough to do a thorough job.

"Everybody's concerned about making sure this is an open process, but
we have assurance that it will be," he said.

Barry Watson, a senior vice president for the systems technology
sector at the IIT Research Institute facility in Virginia, said he and
his staff routinely do checks on systems for the Department of
Defense, the Internal Revenue Service and the National Institutes of
Health and have had no problems.

The Carnivore system, installed by the FBI on the network of Internet
service providers, has software that scans Internet traffic as it
moves through that provider's network. The FBI says it configures the
software to capture e-mail to or from someone under investigation, and
that court orders limit which e-mails agents can see.

But privacy advocates say only the FBI knows what Carnivore can do,
and Internet providers are not allowed access to the system. They ask
why the FBI retains control of Carnivore equipment and doesn't give it
to Internet providers so they can comply with court orders.

The government will continue to use the system during the study - a
move criticized by David Sobel, counsel for the Electronic Privacy
Information Center, which filed a Freedom of Information Act lawsuit
to obtain documents about the system.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".