Return-Path: <sentto-279987-3011-1003249706-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 16 Oct 2001 09:30:08 -0700 (PDT) Received: (qmail 6143 invoked by uid 510); 16 Oct 2001 16:28:08 -0000 Received: from n16.groups.yahoo.com (216.115.96.66) by 204.181.12.215 with SMTP; 16 Oct 2001 16:28:08 -0000 X-eGroups-Return: sentto-279987-3011-1003249706-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n16.groups.yahoo.com with NNFMP; 16 Oct 2001 16:28:25 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 16 Oct 2001 16:28:26 -0000 Received: (qmail 89353 invoked from network); 16 Oct 2001 16:28:26 -0000 Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 16 Oct 2001 16:28:26 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 16 Oct 2001 16:28:25 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id JAA20769 for iwar@onelist.com; Tue, 16 Oct 2001 09:28:25 -0700 Message-Id: <200110161628.JAA20769@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 16 Oct 2001 09:28:25 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:FBI's.controversial.cyber-snooping.system.plays.key.part.in.terrorism.probe] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit FBI's controversial cyber-snooping system plays key part in terrorism probe Verne Kopytoff, San Francisco Chronicle, 10/16/2001 <a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/chronicle/archive/2001/10/15/BU142868.DTL">http://www.sfgate.com/cgi-bin/article.cgi?f=/chronicle/archive/2001/10/15/BU142868.DTL> Reports that suspects in last month's terrorist attacks may have communicated online has renewed interest in a controversial technology used by the FBI to monitor e-mail. That technology, known popularly as Carnivore, is software that operates like an Internet wiretap, picking out e-mail messages from flagged addresses and capturing the contents. But civil liberty groups have called Carnivore a violation of privacy and warn that it can be used by rogue law enforcement to spy illegally on whomever they want. Last week, Congress gave initial approval to Carnivore as part of the anti- terrorism legislation introduced after the attacks on Sept. 11. Until now, the technology has been used under guidelines developed decades ago for tapping telephones. "Carnivore is a critical tool for law enforcement," said Paul Bresson, a spokesman for the FBI. "There are commercially available programs that do about the same thing, but they don't have the ability to gather only information in a court order like Carnivore." Carnivore, whose name was recently changed to a more sedate sounding DCS1000, is part of a suite of Windows NT software, loaded into a computer that looks like a black box and plugged into the networks of Internet service providers. Those providers route their e-mail traffic through the black box, which filters the messages that match what agents programmed it to look for. How thorough Carnivore is depends on what kind of a court order a judge authorizes. Law enforcement can get a limited amount of information simply by telling a judge it is necessary for an investigation, while authorities seeking more must leap through a higher legal threshold. The court orders spell out which Internet service providers the FBI can install Carnivore on and for how long. At maximum, Carnivore captures entire e-mails and the Web sites a suspect visits. At minimum, it captures only the e-mail address of messages sent to and from a suspect's account, the subject line and the length of the message. Privacy groups have complained that the amount of information gathered under this minimum setting, known legally as pen and trap, is excessive. They point out that when pen and trap is applied to telephones, agents only collect telephone numbers of calls to and from a suspect -- far less information. Another concern revolves around how Carnivore rifles through thousands of innocent e-mails to find the ones it is looking for. The FBI says agents never see those innocent e-mails because they are automatically filtered out of the system. Public outcry prompted the Department of Justice to finance a review of Carnivore by the Illinois Institute of Technology. The report, released in November 2000, found that Carnivore, while a useful law enforcement tool, has several shortcomings. It confirmed the fears of privacy groups that Carnivore may collect too much information in certain cases. Researchers also said the technology lacks a way to record how it is used, making it nearly impossible for a judge to know whether FBI agents exceeded their authority. "If not used properly, Carnivore can be abused and capture the information of people not named in court orders," said David Sobel, an attorney for the Electronic Privacy Foundation, a nonprofit advocacy group in Washington, D.C. The Department of Justice said it will review the study's recommendations and the privacy issues around Carnivore and report back to Congress. However, the agency has yet to do so, and given the support Carnivore has among legislators, privacy groups are worried the review will never happen. Since soon after the Sept. 11 terrorist attacks, the FBI has served subpoenas at several Internet service providers, including Earthlink and America Online, asking for records related to several suspects. Those companies say they have cooperated with the investigation, but without installing Carnivore. Their own computers did the tracking, they said, without infringing on the privacy of others. However, many small Internet service providers have a more-limited ability to retrieve information about particular users when relying on their own systems. Carnivore would be much more useful in those cases, though it is unknown whether the technology has been so deployed. Carnivore is not any help monitoring online instant messaging and online purchases. It also can be used only on a limited number of accounts at once because of a lack of power. E-mail encryption, available for free and easily installed, would make much of what the FBI finds in e-mail messages through Carnivore useless. Terrorists could also write messages in a pre-arranged code that would seem like they were talking, for example, about going to the store. At meeting planned at Safeway at 3 p.m. could really mean the time to launch their attack. Even before Sept. 11, Internet monitoring by law enforcement had public support. A poll in April by the Pew Internet & American Life Project, in Washington, D.C., found that 54 percent of Americans approve the idea of the FBI monitoring e-mail, while 34 percent disapprove. "People recognize that there are potentially a lot of horrible things that can happen online," said Lee Raine, director for the Pew project. "They almost have too urgent a fear because, in fact, relatively few bad things happen online." Carnivore's existence came to light in 1999 after U.S. marshals served Earthlink with a subpoena to install a monitoring device on its network for an investigation. Believing the technology gathered too much information for the scope of wiretap laws, Earthlink offered to create its own monitoring system to get the information. "The Feds were saying, 'Don't worry, we are only going to intercept the e-mails to and from one person,' " said Dave Baker, who oversees law and public policy for Earthlink. "But as an ISP, we have no way to verify that. You are potentially opening up all your customers to having their e-mails intercepted by law enforcement without proper authorization." But the government insisted on using Carnivore and eventually won a court battle over it. However, once installed, Carnivore slowed Earthlink's e-mail system, and after a couple of days, was replaced with Earthlink's own monitoring setup, according to Baker. Which other Internet service providers have been asked to install Carnivore is unclear. The only indication of how often the technology is used was through a Freedom of Information Act request by the Associated Press, which showed it was used 13 times between October 1999 and August 2000, while similar commercially available software, Etherpeek, was used an additional 11 times. Of those investigations, four focused on computer hacking, three on drug dealing, one on an intellectual property case and an unknown number on national security, according to the Associated Press. For example, in an e-mail to the head of the FBI's cybertechnology lab, an unknown agent wrote about a gambling and money laundering investigation: "We got bank accounts, where the money was hidden and other information. Some of the data sent . . . was instrumental in tying several conspirators to the crime. One of the conspirators is offering to pay . . . as part of a plea bargain." Dave McClure, president of the Internet Industry Association, a trade group in Washington, D.C., said original fears that Carnivore was being forced down the throats of Internet service providers in a witch hunt against terrorism is unfounded. So far, he said, the FBI has used the technology surgically, adding, though, that anything is possible in a situation like the current national crisis. Carnivore "will give law enforcement some expanded tools and most of the country probably wants that," McClure said. "Time will tell whether it's working well and people aren't being unjustly accused or whether they are abusing Carnivore." E-mail Verne Kopytoff at vkopytoff@sfchronicle.com. ©2001 San Francisco Chronicle Page G - 1 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST