A note from x:
Interesting.
============================================================
From Wired News, available online at:
http://www.wired.com/news/print/0,1294,37765,00.html
FBI Gives a Little on Carnivore
by Declan McCullagh
9:35 a.m. Jul. 25, 2000 PDT
WASHINGTON -- The FBI says it will conduct a privacy audit of a
controversial surveillance system, but the agency won't release key
information about how Carnivore works.
On Monday, FBI officials told a congressional panel that they hope to
assuage the fears of civil libertarians through "an independent
verification and validation" of the Carnivore eavesdropping system.
"What we're going to do is very akin to what, for example, NASA does
with software developed for their launch operations," said Donald
Kerr, director of the FBI Labs. "Ask some independent party to verify
that the software we have, and deploy, will in fact do those things
that we say it will, and not provide capabilities that we should not
have."
But the FBI flatly refused to release the source code to Carnivore, a
move that would allow programmers to review the program to see if its
appetite needs to be curbed.
"We would have a problem with full open disclosure, because that, in
fact, would allow anyone who chose to develop techniques to spoof what
we do an easy opportunity to figure out how to do that," Kerr told a
House Judiciary subcommittee.
Because Carnivore chews up all the information flowing through part of
an Internet provider's network -- and reportedly digests only data
relevant to an investigation -- critics have called for more details
about its operation.
"This notion of opening up the code I think is a very good one," said
Alan Davidson, staff counsel at the Center for Democracy and
Technology. "I think if there needs to be a preliminary step of
getting an independent panel in here, that's not the same and it
wouldn't be as good as opening it up to the public."
The American Civil Liberties Union has filed a freedom of information
act request for the source code, and some prominent cryptographers
also have asked for its release.
During the hearing, some House Republicans questioned the Clinton
administration's commitment to privacy.
"I have heard all sorts of assurances that this won't fall in the
wrong hands, that there are safeguards," said Rep. Spencer Bachus
(R-Alabama). "Well, today there are safeguards on FBI files, only
certain people have access to those files."
"Yet a few years ago, we found out that 1,000 of those files were over
at the White House," Bachus said.
Rep. Bob Barr (R-Georgia) pointed to the continuing flap over the
White House email messages that seemed to disappear after being
subpoenaed.
"We've been having a series of hearings, the conclusion of which from
the Clinton administration standpoint is, we don't even know how to
keep track of our own emails," Barr said. "And now we have a very
sophisticated system for tracking other people's emails."
"The FBI's Carnivore program represents a dangerous and unprecedented
invasion of online privacy," said Rep. J.C. Watts (R-Okla.), chairman
of the House Republican Conference, in a statement. "Despite repeated
inquiries, the Clinton-Gore administration continues to offer only
vague responses and little enlightenment."
A top Justice Department official promised that the privacy audit
would prove reassuring.
"A report generated from the review will be publicly disseminated to
interested groups within industry, academia, and elsewhere, and should
alleviate any concerns regarding unjustified intrusions on privacy
from the use of this tool," said Kevin DiGregory, deputy associate
attorney general.
The FBI describes Carnivore as a "well-focused" system that has been
used in only a small number of cases: 16 this year, including six
criminal and 10 national security investigations. Each case, however,
could involve dozens of wiretaps. The FBI didn't offer details.
Although Carnivore has been described as an email surveillance system,
the FBI said it could also intercept files that were transfered. "We
have, in at least one case, been able to intercept using a different
protocol, file transfer protocol, but with relatively small files,"
Kerr said.
The FBI also said state and local police do not currently have access
to Carnivore.
Internet service providers do not have to install the Carnivore system
and have the option to perform their own secret surveillance of users,
the FBI said.
"We have found that at times the Internet service provider has been
unable or even unwilling to supply this information," DiGregory said.
"It is for that narrow set of circumstances that the FBI designed
Carnivore. Law enforcement cannot abdicate its responsibility to
protect public safety simply because technology has changed."
But an attorney representing one ISP said the FBI insisted on
installing Carnivore.
"In this case, the solution that the ISP put in place did get all of
the incoming email addresses, and it did supply a smaller number of
outgoing email addresses to the government," said Robert Corn-Revere,
a partner at Hogan and Hartson.
"The U.S. marshals were dissatisfied with that solution and informed
the ISP that they were coming to install Carnivore within two days,"
Corn-Revere said.
He did not identify which ISP he represents, but some legislators
suggested it was Earthlink.
Related Wired Links:
Giving Carnivore a Proper Diet
Jul. 22, 2000
It's Time for Carnivore Spin
Jul. 14, 2000
ACLU: Law Needs 'Carnivore' Fix
Jul. 12, 2000
'Carnivore' Eats Your Privacy
Jul. 11, 2000
Copyright 1994-2000 Wired Digital Inc. All rights reserved.
