RealTime IT News

Carnivore Devours More Than It Lets On

The Federal Bureau of Investigation's highly controversial Carnivore Internet surveillance system came under fire once again Wednesday, when the Electronic Privacy Information Center (EPIC) released an internal FBI memo which suggested technical flaws in the software may have stymied surveillance of Usama bin Laden in March 2000.

With a court order, the FBI can install the Carnivore system at the facilities of an ISP, and then use it to monitor all Internet traffic and communications moving through that ISP. The FBI has consistently claimed that the system filters data traffic and only retains packets which the court has authorized investigators to obtain.

However, the FBI has kept the system shrouded in secrecy, and after the existence of the system first came to light on July 11, 2000, EPIC, a privacy watchdog group, pursued FBI documents related to the system under the Freedom of Information Act (FOIA). EPIC said it wanted the FBI to publicly release all records concerning Carnivore, including source code, other technical details, and legal analyses addressing the potential privacy implications of the technology.

After several trips to court, and two court orders, EPIC obtained a number of documents on May 24, 2002.

"These documents confirm what many of us have believed for two years: Carnivore is a powerful but clumsy tool that endangers the privacy of innocent American citizens," said David Sobel, Epic's general counsel. "We have now learned that its imprecision can also jeopardize important investigations, including those involving terrorism. As we suggested when it first became public, Carnivore's use should be suspended until the questions surrounding it finally can be resolved. Our FOIA lawsuit shows that there's a great deal about Carnivore that we still don't know."

Among the documents obtained by EPIC was an internal FBI e-mail message dated April 5, 2000, and sent to M.E. (Spike) Bowman, associate general counsel for National Security Affairs. In the e-mail, the sender (whose name was deleted) describes the Department of Justice's Office of Intelligence Policy and Review's displeasure with the FBI's International Terrorism Operations Section (ITOS) and "UBL unit" (UBL presumably stands for Usama bin Laden, as per the usual U.S. government designation).

"The FBI technical people went to install the FBI software [deleted] to accomplish the electronic surveillance on March 16," the e-mail said. "The software was turned on and did not work correctly. The FBI software not only picked up the e-mails under the electronic surveillance of the FBI's target, [deleted], but also picked up e-mails on non-covered targets. The FBI technical person was apparently so upset that he destroyed all the e-mail take, including the take on [deleted]."

The e-mail noted that an official with the Office of Intelligence Policy and Review (OIPR) was extremely displeased with the problem.

"To state that she is unhappy with ITOS and the UBL Unit would be an understatement of incredible proportions," the e-mail said.

Furthermore, other documents also suggest the Carnivore system is not as selective with the data it captures as the FBI has maintained.

Two documents written one week after the April 5, 2000 e-mail note Carnivore's tendency to cause "the improper capture of data," and add that "[s]uch unauthorized interceptions not only can violate a citizen's privacy but also can seriously 'contaminate' ongoing investigations."