Carnivore

>From the  Industry Standard (http://www.thestandard.com)

July 17, 2000, 5:29 AM PDT

ACLU Investigating 'Carnivore's' Diet

The group has asked the FBI for the source code for its surveillance system
that tracks traffic on an ISP's system.

By Elinor Abreu


 The American Civil Liberties Union has filed a Freedom of Information Act
request with the FBI, asking for information about the agency's "Carnivore"
surveillance system, which is designed to monitor traffic on an Internet
service provider's network.

According to Barry Steinhardt, associate director of the ACLU, the request
is believed to be the first that asks for the source code, or the set of
instructions for a program that are compiled into object code, which
computers understand. The ACLU requests that all agency records related to
the FBI's electronic surveillance programs, including Carnivore, Omnivore
and Etherpeek. Those records may include letters, e-mail messages, tape
recordings, technical manuals, computer-source code and object code.

"Carnivore is a black box through which all the electronic communication
flows in an ISP network. The ISP knows what is going in, but we don't know
what the FBI is taking out of it," Steinhardt says. "The FBI is saying,
'Trust us, we're not violating anybody's privacy,' but we have a long
history of government abuse of surveillance powers that teaches us we can't
simply trust them."

The FBI has 20 business days to respond to the FOIA request, which was filed
Friday. A call to the FBI was not returned.

On Wednesday, House Majority Leader Dick Armey of Texas issued a statement
calling on U.S. Attorney General Janet Reno and FBI Director Louis Freeh to
"stop using this cybersnooping system until Fourth Amendment concerns are
adequately addressed."

Reno said during her weekly press briefing on Thursday that she would launch
an investigation into the privacy implications of Carnivore, which she said
she learned of through newspaper reports on Wednesday. She also said that
although she knew the FBI had surveillance capabilities like those used by
Carnivore, she did not know of the application or that it was already in
use.

"I'm taking a look at it now, to make sure that we balance the rights of all
Americans with the technology of today," Reno said. "But whatever the case,
this cannot be done without appropriate court order, according to processes
and procedures used now for lawful surveillance.

"And I just want to make sure that industry, privacy interest,
law-enforcement interests are all fully advised so that we can consider
anybody's concerns and make sure that we address them."

The controversies surrounding FBI surveillance in the information age will
be addressed at a House Judiciary Subcommittee on the Constitution hearing
on July 24. The ACLU has been asked to testify.

As reported by the Wall Street Journal on Friday, went to court to challenge
Carnivore's legality after the ISP was asked by the FBI to allow agents to
install the surveillance system on its network. EarthLink argued that the
court order that the FBI followed did not meet the standards necessary for
the type of information the system would obtain. A court magistrate sided
with the FBI and upheld the order, but EarthLink technically is prevented
from installing Carnivore because it doesn't work with the ISP's current
operating system software and crashes servers when used with an older
version of the system software, according to company spokesman Kurt Rahn.

"When we were approached to put something on our system that monitored our
members' usage, that's a big concern to us," Rahn says. "We don't know what
it does or doesn't do. This is something from the top of the organization to
the bottom of the organization that we've been against for some while."

The FBI had used a "pen register" court order, typically used to record
telephone numbers dialed from a particular phone. The FBI justified this by
saying that it wanted to be able to see e-mail headers. But because of the
way Internet packet technology has been developed, those headers cannot be
viewed separately from other parts of messages.

David Sobel, counsel for the Electronic Privacy Information Center in
Washington, D.C., says that is equivalent to eavesdropping, for which
agencies are required to show probable cause under the Fourth Amendment's
search-warrant standard. Pen register and trap-and-trace orders are easier
to get than full-blown search-warrant court orders, he added, and apparently
the FBI had no probable cause.

"Part of the problem here is that they're basically grabbing everything,
when all they're authorized to get is the header information," Sobel says.
"The other part of the problem is that apparently this system potentially
compromises the privacy of all of an ISP's subscribers."


Kathleen

Received on Friday, 21 July 2000 12:42:23 UTC