FC: Security gurus offer to review FBI's Carnivore system

[Declan McCullagh <declan () well com>]

http://www.wired.com/news/politics/0,1283,38329,00.html

Top Guns Want to Probe Carnivore
by Declan McCullagh (declan () wired com)

11:00 a.m. Aug. 21, 2000 PDT
WASHINGTON -- An eminent group of security experts
has offered to undertake an independent review of the
FBI's controversial Carnivore surveillance system.

Attorney General Janet Reno said in early August that
the Justice Department would commission a study of
Carnivore from a major university, but she has not yet
come to a final decision as to which institution she will
recruit for this purpose.

The ad-hoc association of 13 security experts, who have
dubbed themselves the Open Carnivore group, includes
individuals such as AT&T Research's Matt Blaze and Tom
Perrine of the San Diego Supercomputer Center, both of
whom testified before Congress about Carnivore in July.

"We've put a great group of people together who are
credible," Perrine says. "None of us has an axe to grind."

Justice Department spokesman Chris Watney said on
Monday that officials were "still in the process of
selecting a university to review Carnivore."

News reports have suggested that researchers from MIT
and Purdue University independently contacted the
Justice Department and also offered to perform reviews.
The government hopes a review will satisfy critics who
say Carnivore violates the privacy of innocent Internet
users.

One Justice Department source said that Open Carnivore
is "doing their own thing" and the agency isn't giving
them much thought.

Other members of the Open Carnivore group include
Peter Neumann of SRI International, "Mudge" of @stake,
Tsutomu Shimomura, who helped track down convicted
hacker Kevin Mitnick, and David Wagner of the University
of California at Berkeley.

Carnivore has come under fire on technical and legal
fronts.

Privacy groups have said that, when installed at an
Internet service provider, Carnivore could be
programmed to snack on more traffic than it should.
They also say that even if it works as described --
intercepting massive amounts of data and discarding
what's not relevant -- Carnivore could violate the Fourth
Amendment's prohibition on unreasonable searches and
seizures.

"Even the independent university review won't answer all
the questions, because the reviewers won't know how
the FBI has employed it in past investigations and will
employ it in future investigations," says David Sobel of
the Electronic Privacy Information Center. "They're going
to be looking at a static piece of software."

[...]