The Federal Bureau of Investigation scored
a major coup in its defense of its Carnivore Net surveillance system when it
secured Internet pioneer Vinton Cerf as an ally late Wednesday.
Carnivore is a software system the FBI can use to monitor Internet traffic
and capture e-mail and other electronic communications from a criminal
suspect — when such action is justified.
Cerf, who co-invented some Internet technology in 1973, told the Senate
committee Wednesday that he felt the FBI uses Carnivore without violating
the privacy of Internet users.
ISPs to do that. What do ISP employees know about rules of
Cerf, a senior vice president at WorldCom
Inc., also said he opposes efforts by some
civil-liberties groups and security experts to force the FBI to disclose the
blueprints for Carnivore.
In what is to some degree an echo of anti-Big Brother sentiments, critics
contend the system makes it easy to capture e-mail from innocent citizens
who use the same Internet service provider as those under surveillance.
In his statement to the Senate, the Center for
Democracy and Technology Senior Staff Counsel James X. Dempsey said a
“black box controlled by the FBI and inserted into the network of an
Internet service provider to search through thousands or millions of
messages, including those of innocent people, Carnivore is not the right
solution.”
Among Dempsey’s arguments, was that such a clandestine technique was not
consistent with federal electronic surveillance and wiretap laws.
True to the nature of his knowledge, Cerf scripted a detailed account of how
the Internet works for the Senate Wednesday. He explained that the
information was contained in well-directed, multi-layered packets en route
to concluding that the system is highly effective as long as it is not
abused.
Cerf, who agreed to speak on the FBI’s behalf after being treated to a
private demonstration of Carnivore in Quantico, Va. two weeks ago, wrote in
his testimony:
“The Carnivore system is a computer that tries to observe the traffic
(Internet packets) flowing on a circuit within the Internet. Its objective
is to try to find only those packets that may be relevant to an ongoing
investigation and to ignore others (both for legal reasons and simply to
deal with the potentially enormous flow of traffic that may require
filtering).”
When reached at his office at CDT Thursday, Dempsey refused to comment,
suggesting that the reporter use the first three pages of his testimony to the
Senate for his side of the story.
Cerf talked about Carnivore Thursday on InternetNewsradio.com, an affiliate
of InternetNews.com.
“I don’t think it’s the evil monster machine that most people make it out to
be,” Cerf said. “In fact, it’s an enhancement of a very typical type of
protocol analyzer, which is something you get off the shelf. I am not trying
to argue that this thing is idiot-proof in the sense that no one can abuse
it, but I think I am saying they put in as much controls as can be used. If
properly used it only captures the data that it should be capturing.”
Many critics, Dempsey in the forefront, also have argued that control of
Carnivore be ceded to Internet service providers — not the government. This
way, the FBI would not be in a position to abuse the use of Carnivore and
ISPs could serve as an impartial aid to investigators of crime.
This notion horrifies Cerf.
“Having this capability officially sanctioned in the hands of the ISP,
folks, is a little disturbing especially if the ideal is that you leave the
machine there and it’s there all of the time and they’re the ones who set it
up,” Cerf said Thursday. “I don’t fully understand why one would have to
engage the
evidence and what is or isn’t allowed with respect to data capture.”
Cerf also said the CDT’s request for revealing the source code of Carnivore
is unreasonable.
“I have some experience because of my earlier work at ARPA with dealing with
intelligence operations and one of the things that you do in an intelligence
operation is to protect sources and methods,” Cerf said.
“This particular thing is a method of collecting information. You generally
don’t advertise how you do collection to your opponent because that simply
gives the opponent the opportunity to try to figure out how to elude this
method. I could be persuaded that in this particular case, the system is
based on off-the-shelf gear and therefore there would be less damage done by
being more open about how this functions.”
The Justice Department has agreed to coordinate an independent review of
Carnivore by a panel of academic experts it will select.