By JOHN SCHWARTZ
QUANTICO, Va. -- AS long as there have been law enforcement agents, they have tried to
listen in on what the bad guys are planning.
In early times, that meant standing next to a window in the evesdrope, the place where
water from the eaves drips, to overhear conversations. As communications went
electronic, eavesdropping did, too: Gen. Jeb Stuart hired a tapper to intercept
telegraph messages in the Civil War. And by the 1890's, two decades after Alexander
Graham Bell's first call to Watson, the first known telephone wiretaps by the police
were in place.
The Internet, in turn, has provided new frontiers for law enforcement tappers. At
first, surveillance of Internet traffic was useful only in hacking cases � after all,
only geeks were online. But as the world has gone digital, criminals have as well, and
Internet taps are requested in a growing number of cases. According to documents
obtained by the Electronic Privacy Information Center, an advocacy group based in
Washington, requests from field offices for help with "data interception operations"
rose more than 18-fold between fiscal years 1997 and 1999.
In Congressional testimony in July, the assistant director of the Federal Bureau of
Investigation's laboratory division, Donald M. Kerr, painted a stark portrait of the
dangers of the online world.
"The use of computers and the Internet is growing rapidly, paralleled by exploitation
of computers, networks and databases to commit crimes and to harm the safety, security
and privacy of others," he said. All manner of crimes � child pornography, fraud,
identity theft, even terrorism � are being perpetrated using the Internet as a tool,
he said.
But one device developed by the F.B.I. to deal with this new world of crime has drawn
it squarely into a debate over the proper limits of government surveillance: an
Internet wiretapping system called Carnivore. The Carnivore effort, which came to
light last June, met with resistance from groups as diverse as the American Civil
Liberties Union and the Republican leadership of the House of Representatives.
The F.B.I. says it has already used the device in dozens of investigations. But
critics are concerned that Carnivore, much more than telephone wiretaps, can cast an
investigative net that captures the communications of bystanders along with those of a
suspect.
The House majority leader, Dick Armey of Texas, has said the technology raises "strong
concerns" that the government "is infringing on Americans' basic constitutional
protection against unwarranted search and seizure."
"Until these concerns are addressed," he said, "Carnivore should be shut down."
The name, to be sure, has not helped the F.B.I.'s salesmanship. It was derived from an
earlier system, called Omnivore, that captured most of the Internet traffic coursing
through a network. "As the tool developed and became more discerning" � able to get at
the meat of an investigation � "it was named Carnivore," an official said. ("If they
called it Device 374," he explained, "nobody could remember what Device 374 is.")
The F.B.I. says the real value of Carnivore, by any name, is that it can do much less
than its predecessors. It says agents can fine-tune the system to yield only the
sources and recipients of the suspect's e- mail traffic, providing Internet versions
of the phone-tapping tools that record the numbers dialed by a suspect and the numbers
of those calling in.
Those tools, known respectively as pen registers and "trap and trace" devices, are
valuable building blocks of any preliminary investigation. "Trap and trace is vital,"
said Marcus C. Thomas, who heads the bureau's cybertechnology section, "to try to
understand criminal organizations, who's communicating with who."
Moreover, a full federal wiretap � whether of a suspect's phone or of Internet traffic
� requires extensive evidence of criminal activity and approval from high Justice
Department officials and a judge. Court approval to monitor the origins and
destinations, not the content, requires only a pledge from the investigators that the
information would be relevant.
Law enforcement officials say the goal of Carnivore is to protect privacy. Under most
wiretaps, they reason, investigators have to review all the material that comes in
over the wire and discard any material that they are not entitled to review under the
terms of the warrant � say, a conversation with the suspect's grandmother. Because the
path of online data is harder to isolate than a telephone line, Carnivore may capture
communications unrelated to the suspect. But because it then filters out whatever
investigators are not entitled to see, officials say, privacy is enhanced.
To understand why the F.B.I. hungers for Carnivore, behold its ancestor: a hulking
stainless steel box the size of an old Kelvinator in the building in Quantico where
the bureau designs what it calls interception systems. The $80,000 behemoth can
monitor data traffic on three phone lines simultaneously and translate the squeal of
modems into the e-mail and Web pages that a criminal suspect sees.
But it can monitor only a standard modem. If a criminal suspect has, like millions of
other Americans, decided to trade up to high-speed Internet access through a cable
modem or the telephone service known as D.S.L., "it's worthless," Mr. Thomas said.
In contrast to that middle-tech dinosaur, Carnivore is a sleek and speedy mammal, a
black box of a PC built to work with the vast amounts of high-speed data that course
through the Internet. The machine can tap communications for almost all of the ways
that people get online. It costs a tenth of what the bureau pays for each of the older
machines, and it can do far more: it can sift through all the communications of an
Internet service provider, perhaps including tens of thousands of users, and pull out
the e-mail and Web travels of the suspect. And although doing so would raise deep
constitutional issues, the system can even be programmed to monitor the use of
particular words and phrases used in messages by anyone on the network.
When law enforcement agents get permission to install Carnivore, they send their own
technicians to the office of an Internet service provider. The system itself, once
programmed with the details of a search, can easily be installed on the same racks
that the company uses for its own network equipment, and is tied in to the flow of
data.
For all its power, however, Carnivore cannot digest all that it eats: if law
enforcement officials intercept a message that has been encrypted, they will get a
featureless fuzz of ones and zeroes.
The furor over the technology caught the F.B.I. by surprise. "What would you have us
do?" Mr. Thomas asked in frustration. "Stop enforcing laws because it's on the
Internet?" Paul Bresson, an F.B.I. spokesman, added, "The public should be concerned
about the criminals out there abusing this stuff, and not the good guys."
The two men discussed the system in Mr. Thomas's office at the bureau's research
center at Quantico, home of the F.B.I. training academy. From the outside, the center
is so unremarkable that it could be a college classroom building in a
witness-protection program. But the array of dishes and antennas along the roofline
suggest that something more interesting is going on inside.
This is where three F.B.I. engineers took pieces of commercial software and modified
them in an effort to allow the kind of selective data retrieval that the law requires,
and where they have worked to upgrade the system in response to the criticism of
Carnivore. The engineers have added auditing features, for example, that the bureau
says will help insure that investigators will not tamper with the system or try to
gather more information than authorized.
But the F.B.I. is not depending on Carnivore alone for the future of online
surveillance. According to budget documents obtained by the Electronic Privacy
Information Center under a Freedom of Information Act request, the bureau's plans
include developing ways to listen in on the growing medium of voice telephone calls
conducted over the Internet and to monitor the live online discussion system known as
Internet Relay Chat, as well as other network technologies that were identified in the
original document but were blacked out in the copies provided to the group.
Some alternatives are already in use, including one that reportedly figured in an
investigation of Nicodemo S. Scarfo Jr., an accused bookmaker whose imprisoned father
is the former head of the Philadelphia crime organization. In 1999, The Philadelphia
Inquirer reported recently, agents planted a tap in Mr. Scarfo's computer keyboard
that stored everything the suspect typed � including the password for the encryption
software used to protect files on his hard drive.
Mr. Thomas was unwilling to discuss new techology methods in detail, but said he knew
of only two cases in which such devices had been used.
A former federal prosecutor, Mark Rasch, says still more methods of Internet wiretap
could be on the way. Mr. Rasch, vice president for cyberlaw at Predictive Systems, an
Internet consulting company, noted that hacker groups had developed malicious computer
programs with names like Back Orifice 2000 that when planted in a target computer give
full remote access of the target machine to the hacker. Mr. Rasch suggested that such
remote-control programs could reduce the risk of break-ins for the agency and might
already be in use.
"I would be shocked," he said, if such software were not being used in intelligence
investigations, which provide government agents with more leeway than in criminal
investigations of American citizens.
But Marc J. Zwillinger, a former Justice Department lawyer, said law enforcement
agents were unlikely to take such a risky course, because "it would be difficult to
control, and if it did get out of control, there would be a backlash against the
agency."
In the meantime, as the Congressional debate over Carnivore continues, the future of
the system is uncertain. [The new attorney general, John Ashcroft, has not addressed
Carnivore directly, but he has taken a tough stand in the past against what he sees as
high-tech government intrusions into privacy.]
Members of Congress and civil libertarians argue that the analogies to telephone taps
are flawed and that the Carnivore technology violates constitutional protections
against unreasonable searches.
"The whole controversy is over intercepting thousands of conversations
simultaneously," regardless of the filtering then applied, said Richard Diamond, a
spokesman for Mr. Armey, the House majority leader.
Some critics have suggested imposing the same strict authorization rules on Carnivore
that prevail for full-scale telephone wiretaps, with stiff penalties for any abuse of
the system.
Still, many of those who oppose Carnivore have concluded that it is here to stay.
"You can't outlaw this technology," said James X. Dempsey, deputy director of the
Center for Democracy and Technology, a high-tech policy group in Washington. "All you
can do is set strict legal standards."
