[iwar] [fc:FBI's.controversial.cyber-snooping.system.plays.key.part.in.terrorism.probe]

From: Fred Cohen (fc@all.net)
Date: 2001-10-16 09:28:25
Next message: Fred Cohen: "[iwar] [fc:Office.XP.Error.Reporting.May.Send.Sensitive.Documents.to.Microsoft.]"
Previous message: Fred Cohen: "[iwar] [fc:Recording.industry.exploits.WTC.tragedy.to.hack.you]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110161628.JAA20769@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Tue, 16 Oct 2001 09:28:25 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:FBI's.controversial.cyber-snooping.system.plays.key.part.in.terrorism.probe]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

FBI's controversial cyber-snooping system plays key part in terrorism probe 
Verne Kopytoff, San Francisco Chronicle, 10/16/2001
<a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/chronicle/archive/2001/10/15/BU142868.DTL">http://www.sfgate.com/cgi-bin/article.cgi?f=/chronicle/archive/2001/10/15/BU142868.DTL>

Reports that suspects in last month's terrorist attacks may have
communicated online has renewed interest in a controversial technology
used by the FBI to monitor e-mail.

That technology, known popularly as Carnivore, is software that operates
like an Internet wiretap, picking out e-mail messages from flagged
addresses and capturing the contents.

But civil liberty groups have called Carnivore a violation of privacy
and warn that it can be used by rogue law enforcement to spy illegally
on whomever they want.

Last week, Congress gave initial approval to Carnivore as part of the
anti- terrorism legislation introduced after the attacks on Sept. 11.
Until now, the technology has been used under guidelines developed
decades ago for tapping telephones.

"Carnivore is a critical tool for law enforcement," said Paul Bresson, a
spokesman for the FBI. "There are commercially available programs that
do about the same thing, but they don't have the ability to gather only
information in a court order like Carnivore."

Carnivore, whose name was recently changed to a more sedate sounding
DCS1000, is part of a suite of Windows NT software, loaded into a
computer that looks like a black box and plugged into the networks of
Internet service providers. Those providers route their e-mail traffic
through the black box, which filters the messages that match what agents
programmed it to look for.

How thorough Carnivore is depends on what kind of a court order a judge
authorizes. Law enforcement can get a limited amount of information
simply by telling a judge it is necessary for an investigation, while
authorities seeking more must leap through a higher legal threshold.

The court orders spell out which Internet service providers the FBI can
install Carnivore on and for how long.

At maximum, Carnivore captures entire e-mails and the Web sites a
suspect visits. At minimum, it captures only the e-mail address of
messages sent to and from a suspect's account, the subject line and the
length of the message.

Privacy groups have complained that the amount of information gathered
under this minimum setting, known legally as pen and trap, is excessive.
They point out that when pen and trap is applied to telephones, agents
only collect telephone numbers of calls to and from a suspect -- far
less information.

Another concern revolves around how Carnivore rifles through thousands
of innocent e-mails to find the ones it is looking for. The FBI says
agents never see those innocent e-mails because they are automatically
filtered out of the system.

Public outcry prompted the Department of Justice to finance a review of
Carnivore by the Illinois Institute of Technology. The report, released
in November 2000, found that Carnivore, while a useful law enforcement
tool, has several shortcomings.

It confirmed the fears of privacy groups that Carnivore may collect too
much information in certain cases. Researchers also said the technology
lacks a way to record how it is used, making it nearly impossible for a
judge to know whether FBI agents exceeded their authority.

"If not used properly, Carnivore can be abused and capture the
information of people not named in court orders," said David Sobel, an
attorney for the Electronic Privacy Foundation, a nonprofit advocacy
group in Washington, D.C.

The Department of Justice said it will review the study's
recommendations and the privacy issues around Carnivore and report back
to Congress. However, the agency has yet to do so, and given the support
Carnivore has among legislators, privacy groups are worried the review
will never happen.

Since soon after the Sept. 11 terrorist attacks, the FBI has served
subpoenas at several Internet service providers, including Earthlink and
America Online, asking for records related to several suspects.

Those companies say they have cooperated with the investigation, but
without installing Carnivore. Their own computers did the tracking, they
said, without infringing on the privacy of others.

However, many small Internet service providers have a more-limited
ability to retrieve information about particular users when relying on
their own systems. Carnivore would be much more useful in those cases,
though it is unknown whether the technology has been so deployed.

Carnivore is not any help monitoring online instant messaging and online
purchases. It also can be used only on a limited number of accounts at
once because of a lack of power.

E-mail encryption, available for free and easily installed, would make
much of what the FBI finds in e-mail messages through Carnivore useless.

Terrorists could also write messages in a pre-arranged code that would
seem like they were talking, for example, about going to the store. At
meeting planned at Safeway at 3 p.m. could really mean the time to
launch their attack.

Even before Sept. 11, Internet monitoring by law enforcement had public
support. A poll in April by the Pew Internet &amp; American Life Project, in
Washington, D.C., found that 54 percent of Americans approve the idea of
the FBI monitoring e-mail, while 34 percent disapprove.

"People recognize that there are potentially a lot of horrible things
that can happen online," said Lee Raine, director for the Pew project.
"They almost have too urgent a fear because, in fact, relatively few bad
things happen online."

Carnivore's existence came to light in 1999 after U.S. marshals served
Earthlink with a subpoena to install a monitoring device on its network
for an investigation. Believing the technology gathered too much
information for the scope of wiretap laws, Earthlink offered to create
its own monitoring system to get the information.

"The Feds were saying, 'Don't worry, we are only going to intercept the
e-mails to and from one person,' " said Dave Baker, who oversees law and
public policy for Earthlink. "But as an ISP, we have no way to verify
that. You are potentially opening up all your customers to having their
e-mails intercepted by law enforcement without proper authorization."

But the government insisted on using Carnivore and eventually won a
court battle over it. However, once installed, Carnivore slowed
Earthlink's e-mail system, and after a couple of days, was replaced with
Earthlink's own monitoring setup, according to Baker.

Which other Internet service providers have been asked to install
Carnivore is unclear. The only indication of how often the technology is
used was through a Freedom of Information Act request by the Associated
Press, which showed it was used 13 times between October 1999 and August
2000, while similar commercially available software, Etherpeek, was used
an additional 11 times.

Of those investigations, four focused on computer hacking, three on drug
dealing, one on an intellectual property case and an unknown number on
national security, according to the Associated Press.

For example, in an e-mail to the head of the FBI's cybertechnology lab,
an unknown agent wrote about a gambling and money laundering
investigation: "We got bank accounts, where the money was hidden and
other information. Some of the data sent . . . was instrumental in tying
several conspirators to the crime. One of the conspirators is offering
to pay . . . as part of a plea bargain."

Dave McClure, president of the Internet Industry Association, a trade
group in Washington, D.C., said original fears that Carnivore was being
forced down the throats of Internet service providers in a witch hunt
against terrorism is unfounded. So far, he said, the FBI has used the
technology surgically, adding, though, that anything is possible in a
situation like the current national crisis.

Carnivore "will give law enforcement some expanded tools and most of the
country probably wants that," McClure said. "Time will tell whether it's
working well and people aren't being unjustly accused or whether they
are abusing Carnivore."

E-mail Verne Kopytoff at vkopytoff@sfchronicle.com.

Š2001 San Francisco Chronicle Page G - 1

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Office.XP.Error.Reporting.May.Send.Sensitive.Documents.to.Microsoft.]"
Previous message: Fred Cohen: "[iwar] [fc:Recording.industry.exploits.WTC.tragedy.to.hack.you]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST