Whatever Happened to Carnivore?

[InfoSec News <isn () c4i org>]

Forwarded from: bob <bob () globaldevelopment org>

http://www.newsfactor.com/perl/printer/17009/

Whatever Happened to Carnivore?
By Jay Lyman
NewsFactor Network
April 1, 2002

Sobel said EPIC and other organizations are keeping pressure on the
U.S. Department of Justice and FBI to disclose exactly what law
enforcement officials are doing with Carnivore.

Its name may have changed from Carnivore to DCS-1000, but the
controversial cybersnooping software used by the Federal Bureau of
Investigation is still on the hunt for information, and likely is
scouring vast amounts of Internet communication.

In fact, Carnivore probably is chomping on more data than ever as a
result of the September 11th terrorist attacks in the United States.
Following those events, it was widely reported that the FBI installed
its e-mail snooping program on several Internet service provider (ISP)
networks around the nation.

But a recent court order may mean that more information will be
revealed about how Carnivore works and what it is being used for,
according to privacy advocates.

After all, while a majority of people may now be more willing to come
under government scrutiny in the name of security, civil libertarians
say their concerns that the snooping software threatens privacy have
actually heightened since September 11th.

Guarded by Government

Electronic Privacy Information Center (EPIC) general counsel David
Sobel told NewsFactor that acquiring information about the e-mail
sifting software has been a long struggle. On March 25th, Washington
D.C.-based EPIC won a round in that battle when U.S. District Court
Judge James Robertson approved a further search of FBI records on
Carnivore.

"It looked like something was imminent, then again nothing happened,"
Sobel said in reference to last year's review of the snooping software
by U.S. Attorney General John Ashcroft.

Sobel added that despite a law passed last year requiring the FBI to
report on Carnivore's use, Ashcroft's dismissal of disclosures and
discussions was still another letdown in privacy groups' continuing
efforts to learn about the software program.

Digging Deeper

However, Sobel said, EPIC and other organizations are keeping pressure
on the U.S. Department of Justice and the FBI to disclose exactly what
law enforcement officials are doing with Carnivore and how the
software, which is reportedly capable of "filtering" e-mail, works.

"We're still criticizing, and we're still pursuing our Freedom of
Information Act request," Sobel said. "The judge agreed the initial
search was not complete, and the FBI has been sent back to do more
searching. Now there's a likelihood that our lawsuit will generate
more disclosure. I'm hopeful we'll learn more."

The FBI has until May 24th to conduct deeper information searches on
Carnivore data, including searches in the bureau's offices of General
Counsel and Congressional and Public Affairs, Judge Robertson ordered.

Willing To Be Watched

Still, SecurityFocus incident analyst Ryan Russell said the events of
September 11th changed many citizens' minds.

"I think there is a lot less concern from the majority of people that
they're going to be monitored," Russell told NewsFactor.

Sobel argued, conversely, that people know the FBI already had
significant abilities -- both legal and technical -- to monitor
communication before the attacks.

"As time goes on, people are going to realize these agencies had
significant powers before September 11th, and it didn't prevent what
happened," he said.

Let Off Leash?

Regardless of whether people approved of its decision, the FBI
deployed Carnivore on ISPs across the country after September 11th,
according to numerous reports.

While EarthLink had resisted Carnivore deployment on its network prior
to the attacks, an EarthLink spokesperson told NewsFactor shortly
afterward that he assumed every large ISP in the country had been
contacted by the FBI and that all of them were cooperating.

More recently, however, EarthLink spokesperson Carla Shaw told
NewsFactor that the company's cooperation with law enforcement does
not mean that Carnivore is scanning the EarthLink network.

"Carnivore is not deployed on our network," Shaw said. "We certainly
do comply with law enforcement, but we do so in a way that does not
compromise our users' privacy."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.