Thread: Carnivore redux
View Single Post
  #1  
Old 02-17-2005, 01:54 PM
AISB_Watch AISB_Watch is offline
Member
 
Join Date: Feb 2005
Posts: 67
Default Carnivore redux


<div id="headline">
<h3><a target="_blank" href="http://news.com.com/Carnivore+redux/2010-1071_3-5555323.html">Carnivore redux</a></h3></div>
<div class="datestamp">January 31, 2005, 4:00 AM PT </div>
<div id="byline">By <a target="_blank" onfiltered="location.replace(this.href+'&redirecte d');return false" href="/ym/Compose?To=declan.mccullagh@cnet.com&Subj=FEEDBACK :Carnivore%20redux"><font color="#b23e3e">Declan McCullagh</font></a> <br><!-- January 31, 2005, 4:00 AM PT<br /> --></div>

<div><strong>Robert Corn-Revere clearly remembers the day he became the
first person to tell the world about the FBI surveillance system once
known as Carnivore. </strong>
<p></p>
<p>In late 1999, <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.dwt.com%2Flawdir%2F attorneys%2FCornRevereRobert.cfm&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">Corn-Revere</font></a>,
a partner at the Davis Wright Tremaine law firm, had been fighting on
EarthLink's behalf to keep a government surveillance device off the
company's network. A short while later, though, a federal magistrate
judge sided with the FBI against the Atlanta-based Internet provider. </p>
<p>Worried about the privacy impact, Corn-Revere revealed the existence of Carnivore in <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fjudiciary.house.gov%2Fl egacy%2Fcorn0406.htm&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">testimony</font></a>
before a House of Representatives subcommittee on April 6, 2000. "They
were using a technology called Etherpeek, which was off the shelf,"
Corn-Revere told me last Friday. "When we challenged it, they said,
'We're not using that. That would be wrong. We have our own software
developed. It's called Carnivore.'" (Etherpeek is a Windows
surveillance utility from <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.wildpackets.com%2F& siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">WildPackets</font></a> that can decode protocols used with e-mail, Web browsing and instant messaging.) </p><!-- pullquote --><newselement>
</newselement><div style="padding: 10px; font-weight: bold; font-size: 1.2em; float: right; width: 190px; color: rgb(153, 0, 0);">The total number of "electronic" wiretaps has stayed between 4 percent and 8 percent of all reported wiretaps each year. </div><!-- end pullquote -->

<p>Now history is repeating itself. A flurry of press reports this month noted that the FBI has <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.epic.org%2Fprivacy% 2Fcarnivore%2F2003_report.pdf&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">ceased using Carnivore</font></a>, which had been <a target="_blank" title="FBI takes the teeth out of Carnivore's name -- Friday, Feb 9, 2001" href="http://news.com.com/FBI+takes+the+teeth+out+of+Carnivores+name/2100-1023_3-252368.html?tag=nl"><font color="#b23e3e">renamed DCS1000</font></a>.
But not all of them mentioned that the government is hardly calling a
halt to Internet wiretaps--instead, it's simply buying its surveillance
tools from private companies again. </p>
<p>A review of the government's self-reported wiretap statistics from
2000 to 2003, the most recent data available, shows that the total
number of "electronic" wiretaps has stayed between 4 percent and 8
percent of all reported wiretaps each year. (In 2003, for instance,
there were <a target="_blank" title="Voice preferred medium for wiretapping -- Monday, May 3, 2004" href="http://news.com.com/Voice+preferred+medium+for+wiretapping/2110-7348_3-5204674.html?tag=nl"><font color="#b23e3e">1,442 reported non-terrorism wiretaps</font></a> in total that intercepted 4.3 million communications or conversations.) </p>
<p>That figure, though, is an underestimate. First, it doesn't cover
terrorism-related wiretaps, which spiked after Sept. 11, 2001, and last
year surpassed the general category for the first time. Second, it
doesn't count illegal wiretaps, such as the <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fpd.co.la.ca.us%2FCACJ.h tm&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">hundreds</font></a> unlawfully performed by the Los Angeles Police Department starting in 1985. </p>
<p>Third, those numbers don't include "pen register" and "trap and trace" devices, which tend to be about <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.epic.org%2Fprivacy% 2Fwiretap%2Fstats%2Fpenreg.html&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">five to six times</font></a>

as popular as traditional wiretaps. Those awkward names, which hail
from the days of analog phone taps, refer to capturing only the
addresses of Web sites visited and the IDs of e-mail and
instant-messaging correspondents rather than the complete content of
the communication. </p>
<p>Translated: The concept of Carnivore isn't going away. If anything,
police surveillance of the Internet is increasing over time. </p>
<p><b>The good ole days?</b><br>Whatever its flaws, Carnivore offered one undeniable benefit: It had been the subject of intense scrutiny. </p>
<p>Former House Majority Leader <a target="_blank" title="Perspective: Privacy advocates lose an ally -- Monday, Oct 28, 2002" href="http://news.com.com/Perspective+Privacy+advocates+lose+an+ally/2010-1069_3-963537.html?tag=nl"><font color="#b23e3e">Dick Armey</font></a>, for instance, <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.cdt.org%2Fsecurity% 2Fcarnivore%2F001019armey.shtml&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">carefully monitored</font></a>
how the Justice Department was using it. "I respectfully ask that you
consider the serious constitutional questions Carnivore has raised and
respond with how you intend to address them," Armey <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.steptoe.com%2Fpubli cations%2FFirst_Carnivore_Letter_to_AG_Ashcroft.ht m&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">wrote</font></a> to Attorney General John Ashcroft in June 2001. "This is an issue of great
importance to the online public." </p>

<p>At one point, political pressure had grown so great that Attorney
General Janet Reno reluctantly ordered an outside review of how
Carnivore had been used. The review <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.usdoj.gov%2Fjmd%2Fp ublications%2Fcarniv_final.pdf&siteId=3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">concluded</font></a>
that Carnivore didn't snatch more from networks than it should, but
that it had "no auditing" and "significant deficiencies in protection
for the integrity of the information it collects." </p><!-- pullquote --><newselement>
</newselement><div style="padding: 10px; font-weight: bold; font-size: 1.2em; float: left; width: 190px; color: rgb(153, 0, 0);">Whatever its flaws, Carnivore offered one undeniable benefit: It had been the subject of intense scrutiny. </div><!-- end pullquote -->
<p>A group of well-known technologists, including Steven Bellovin of
AT&T Labs and Peter Neumann of SRI International, reviewed that
report, prepared by IIT Research Institute. Their own <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.crypto.com%2Fpapers %2Fcarnivore_report_comments.html&siteId=3&oId=201 0-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">conclusions</font></a>:
"Serious technical questions remain about the ability of Carnivore to
satisfy its requirements for security, safety and soundness." </p>
<p>The public and the press also were more interested a few years ago. CNET News.com published dozens of <a target="_blank" title="FBI to divulge more Carnivore details -- Wednesday, Mar 27, 2002" href="http://news.com.com/FBI+to+divulge+more+Carnivore+details/2100-1023_3-870028.html?tag=nl"><font color="#b23e3e">articles</font></a>.
A Nexis search turned up 1,334 matches for FBI and Carnivore or DCS1000
between July 2000 and July 2001. But the same search for between July
2003 and July 2004 reported only 45 articles. </p>
<p>Unfortunately, the public knows virtually nothing about how the FBI
is conducting Internet eavesdropping today. We don't know the name of
its interception technology. We don't know if it vacuums up far more
conversations than it should when attached to a network. We don't know
if it creates a security risk by permitting secure portions of an
Internet provider's network to be accessed from afar. We don't know if
it has benefited from any of the outside technical review that
Carnivore did. </p>

<p>"The need for oversight these days is much greater than when the FBI
picked particularly bad names for its surveillance projects," said Marc
Rotenberg, director of the <a target="_blank" href="http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.epic.org%2F&siteId= 3&oId=2010-1071-5555323&ontId=12&lop=nl_ex"><font color="#b23e3e">Electronic Privacy Information Center</font></a>. "There's a lot of money slushing around the federal government's dark budgets." </p>
<p>He's right. Congress should demand more public accountability from
the Bush administration. Otherwise, we might end up fondly reminiscing
about the good ole days of Carnivore. </p>
<p><a target="_blank" href="http://news.com.com/Carnivore+redux/2010-1071_3-5555323.html">http://news.com.com/Carnivore+redux/2010-1071_3-5555323.html</a></p></div></div><br><br><div>
<br></div></div>

__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote